Microsoft's latest intiative to replace weekly
patching with monthly patching may be more benefical to users in
the battle to protect themselves from malicious attacks, says Simon
Moores.
Wave goodbye to patch Wednesday. Microsoft has conceded
that even with the best intentions, asking businesses to patch
their systems on a weekly basis is to much to expect.
The news comes a week after Steve Ballmer announced a new
initiative from the company, which will see Microsoft
developing "safety technologies". This will be delivered in Windows
XP (Service Pack 2) SP2 and is designed to better protect its
customers from the growing threat of malicious attack.
Reeling from the barrage of criticism following the damage
caused by Blaster, Sobig-F, Welchia and Swen, Microsoft will soon
introduce security enhancements designed to improve the resilience
of its products whether they have been patched or not.
This, however, will not be an instantaneous solution to a
growing problem, and the latest Service Packs will trickle out from
Microsoft between now and summer of 2004.
Microsoft has also recognised that the way it manages its
security bulletins requires changes, realising that the problems
for the customer invariably begin once vulnerability has been
identified by the company.
Businesses are now demanding a much better risk assessment from
the company, one capable of presenting the very worst case
scenario, in what might be described as a "drop everything" warning
for critical security updates.
As a result, we are now going to see the company stressing the
importance of patch application, rather than expecting applause for
patch development, in the hope that this measure will improve
uptake and narrow the period of exposure faced by business.
Is this news something to cheer about, replacing "patch
Wednesday" with "First Tuesday"?
The answer should be yes. After all, if the information security
process can’t get any worse, then there’s always hope that it might
get better with a different strategy.
However, if we read between the lines, this is a commitment to
better processes and not a solution to a broader problem which
remains largely insoluble this side of 2005.
Trustworthy Computing, the sequel, is a start, but rather like
the film Star Wars, it could run on for ever, and some might
describe last week’s announcement by Ballmer as just another Jedi
mind trick.
Personally, I believe "First Tuesday" represents a good start
because experience shows that where once a week sounded like a good
idea at the beginning, once a month with Microsoft is more than
enough for most of us.
What do you think?
Will monthly patches be more beneficial to your company?
Tell us in an e-mail >>
ComputerWeekly.com reserves the right to edit and publish
answers on the website. Please state if your answer is not for
publication.
Setting the world to rights with the collected thoughts and
opinions of leading industry analyst Dr Simon Moores of
Zentelligence.
Acting globally, Zentelligence (Research) advises
governments, suppliers, business and the media on the evolution,
application and delivery of leading-edge technologies and
specialises in the areas of eGovernment and information
security.
For further information on Zentelligence and its research,
presentation and analyst services visitwww.zentelligence.com