Patching is the problem, says Microsoft

[InfoSec News <isn () c4i org>]

http://www.vnunet.com/News/1140555

By Iain Thomson 
Infosecurity Europe
London [01-05-2003]

Providing reliable, easy-to-install patches expensive and troublesome,
says security chief

Patching applications is the most costly security job that companies
face, according to Microsoft's head of security.

Craig Fiebig, general manager of Microsoft's security business unit,
said the firm would continue its policy of releasing software updates
on Wednesdays, but admitted that providing reliable, easy-to-install
patches was an issue.

Fiebig (pictured) also acknowledged the policy of patching was
rendered less effective because of administrators' dislike of network
downtime.

"It's the hardest one to solve," Fiebig told vnunet.com at
InfoSecurity Europe. "In dollar terms, patching is the most expensive
security measure and keeping your antivirus descriptions up to date is
the least.

"If customers could do both it would eliminate the bulk of security
problems."

The programme used for Microsoft's own staff training has provided a
base for partner seminars and will form part of the UK's first
undergraduate computer security module, to be offered at the
University of Leeds from 2004.

The software giant has also set up a new Security Partnership
Programme, with participating members receiving up to £10,000 in
marketing funds.

To qualify, firms must support two consultants and an engineer trained
in ISA server, and work with Microsoft to agree a suitable business
plan.

So far Unisys, Fujitsu Services, Lynx Technology, SCC, DNS, Vistorm
and Silversands have all signed up.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.