Additonal reasons why patching is important

This excerpt from "The administrator shortcut guide to patch management" explains the cost of having poor security and the benefits of fitting patching into your overall security.

Administrator shortcut guide to patch management The following excerpt is from Chapter 1 of the free eBook "Administrator shortcut guide to patch management" written by Rod Trent and available at Click for the complete book excerpt series.

Additonal reasons why patching is important

The majority of vulnerabilities can be solved by patching computers, when the patches are available from the vendor. Still, even with warning after warning about potential exploits in the wild, viruses and worms continue to proliferate. Attackers continue to be successful in disrupting computing worldwide. It's arguable as to why these attacks still happen. Some blame the vendors for developing poorly written OSs and applications, while others blame the IT administrators for being complacent. Whichever side you happen to be on in the debate, there is no mistaking that security is a top issue among both sides, and that poor security not only disrupts computing but also places cost burdens on an organization.

According to the consulting firm Computer Economics, the cost of the Sasser virus to businesses worldwide is thought to be as much as $500 million. The MyDoom virus will have hit $4 billion by the end of 2004. (Although MyDoom is an old virus, it continues to spread.)

In response to the latest Sasser worm, the Gartner Group is advising its customers to budget for extra security spending on Windows desktops in the wake of all of the problems caused by the worm. Poor security results in an increase in the overall cost of owning and operating the computing environment. We will explore the costs of ineffectual or non-existent patch management throughout the rest of this guide.

Keep in mind that if the proper patches had been applied, Sasser would not have been able to do its damage.

For more information about the cost of security breaches, see the following resources:

"Survey: Costs of Computer Security Breaches Soar" at
"What Does a Computer Security Breach Really Cost?" at
SecurityDocs at

How patching fits into overall security

Granted, patching computers is only part of an overall computer security strategy, but it is arguably the most important. When you build security policies in your company, part of the policy will (or should) always include a patch management process. Although there are many ways to secure the environment and protect it from known exploits, the ultimate goal is to get the computers to the most current frame of security. This goal can only be accomplished by applying the latest security patches.

You can spend a lot of time deploying firewalls -- or modifying the firewall so that open ports are closed to attack, but whenever a computer leaves the confines of the company's walls, it becomes open to attack unless it is patched against the exploit or the vulnerability is eliminated (for example, through a vendor-supplied workaround).

Security is much easier to manage when none of the company's computers leave the office desks, but employees working from home or on the road make securing the environment more complex. The reality is that more companies must support remote and mobile employees -- and learn to secure an environment that includes such employees.

Chapter 2 will walk through the entire patch management process and include information about how to apply patching policies to remote and mobile users.

Click for the next excerpt in this series: Patching resources.

Click for the book excerpt series or visit to obtain the complete book.

Read more on Hackers and cybercrime prevention