Microsoft's latest intiative to replace weekly patching with monthly patching may be more benefical to users in the battle to protect themselves from malicious attacks, says Simon Moores.
Wave goodbye to patch Wednesday. Microsoft has conceded that even with the best intentions, asking businesses to patch their systems on a weekly basis is to much to expect.
The news comes a week after Steve Ballmer announced a new initiative from the company, which will see Microsoft developing "safety technologies". This will be delivered in Windows XP (Service Pack 2) SP2 and is designed to better protect its customers from the growing threat of malicious attack.
Reeling from the barrage of criticism following the damage caused by Blaster, Sobig-F, Welchia and Swen, Microsoft will soon introduce security enhancements designed to improve the resilience of its products whether they have been patched or not.
This, however, will not be an instantaneous solution to a growing problem, and the latest Service Packs will trickle out from Microsoft between now and summer of 2004.
Microsoft has also recognised that the way it manages its security bulletins requires changes, realising that the problems for the customer invariably begin once vulnerability has been identified by the company.
Businesses are now demanding a much better risk assessment from the company, one capable of presenting the very worst case scenario, in what might be described as a "drop everything" warning for critical security updates.
As a result, we are now going to see the company stressing the importance of patch application, rather than expecting applause for patch development, in the hope that this measure will improve uptake and narrow the period of exposure faced by business.
Is this news something to cheer about, replacing "patch Wednesday" with "First Tuesday"?
The answer should be yes. After all, if the information security process can’t get any worse, then there’s always hope that it might get better with a different strategy.
However, if we read between the lines, this is a commitment to better processes and not a solution to a broader problem which remains largely insoluble this side of 2005.
Trustworthy Computing, the sequel, is a start, but rather like the film Star Wars, it could run on for ever, and some might describe last week’s announcement by Ballmer as just another Jedi mind trick.
Personally, I believe "First Tuesday" represents a good start because experience shows that where once a week sounded like a good idea at the beginning, once a month with Microsoft is more than enough for most of us.
What do you think?
Will monthly patches be more beneficial to your company? Tell us in an e-mail >> ComputerWeekly.com reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.
Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.
Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security.
For further information on Zentelligence and its research, presentation and analyst services visit www.zentelligence.com
This was first published in October 2003