Information Security News mailing list archives
Re: Patching Becoming a Major Resource Drain for Companies
From: InfoSec News <isn () c4i org>
Date: Wed, 20 Aug 2003 04:21:42 -0500 (CDT)
Forwarded from: Mark Bernard <mbernard () nbnet nb ca> Dear Associates, MS has not done a good job at managing this very important process. They are continuing to muddle around and not tackle this effectively. Since they have mostly borrowed all the technology that they currently have from someone else, why don't they go back to Big Blue were they started and get this right from the pros. I have work with Big Blues and Application Systems 400 servers for 14 years now. BTW: they have never been infected by a viruse since their introduction to the public in 1989. BTW: there are now around 900,000 400 servers in the world today. On the 400 there is a regular program that follows a monthly routine with built in software that can be used to distribute Preventative Software Fixes (PTFs) to either clustered 400s or networked 400s. You get an overview of the fix it tells you in English what it will do and or change on your system before you load it. You can then load it in temporary state on a mirrored logical partition and run it to see what's going on before applying it permanently. You also have the option of removing it. Why can't Microsoft get this right with all the money that they now have of ours? Regards, Mark. ----- Original Message ----- From: "InfoSec News" <isn () c4i org> To: <isn () attrition org> Sent: Tuesday, August 19, 2003 9:10 AM Subject: [ISN] Patching Becoming a Major Resource Drain for Companies
http://www.computerworld.com/securitytopics/security/story/0,10801,84083,00.html Story by Jaikumar Vijayan COMPUTERWORLD AUGUST 18, 2003 Last week's W32.Blaster worm, which affected thousands of computers worldwide running Windows operating systems, highlighted the enormous challenge companies face in keeping their systems up to date with patches for vulnerabilities, users said. Companies that, ahead of Blaster's rampage, had installed Microsoft Corp.'s patch for a flaw identified last month said they felt no effect from the worm. But the seemingly constant work involved in guarding against such worms is becoming a burden that could prove unsustainable over time, users said. "The thing about patching is that it is so darn reactive. And that can kill you," said Dave Jahne, a senior security analyst at Phoenix-based Banner Health System, which runs 22 hospitals. "You need to literally drop everything else to go take care of [patching]. And the reality is, we only have a finite amount of resources" to do that, Jahne said. Banner had to patch more than 500 servers and 8,000 workstations to protect itself against the vulnerability that Blaster exploited. "I can tell you, it's been one heck of an effort on a lot of people's part to do that," Jahne added. For the longer term, Banner is studying the feasibility of partitioning its networks in order to minimize the effect of vulnerabilities, he said.
[...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Patching Becoming a Major Resource Drain for Companies InfoSec News (Aug 19)
- <Possible follow-ups>
- Re: Patching Becoming a Major Resource Drain for Companies InfoSec News (Aug 20)