Microsoft mulls patch distribution with AV updates

[InfoSec News <isn () c4i org>]

http://www.theregister.co.uk/content/56/21928.html

By John Leyden
Posted: 28/09/2001 at 12:13 GMT

Microsoft is considering using anti-virus vendors to deliver security
patches for its product alongside their own updates for virus
definition files.

Randy Abrams, release antivirus specialist at Microsoft, whose main
job is to ensure that software shipped of Redmond is virus-free, told
us the idea, still in its formative stages, came up during his
discussions with vendors at the Virus Bulletin conference in Prague
this week.

Initial reaction to the idea was mixed, with Sophos, among others,
suggesting that the best time to apply a Microsoft patch is when it
first becomes available - not when a virus which exploits a particular
vulnerability is released.

Another point is that corporates need to plan the deployment of any
patches to make sure they apply them in the knowledge of the effect
they have on other systems.

That said, integration between virus updates and security updates for
consumers has its merits. when people are encouraged to update their
protection against the Nimda worm, for example, they would also be
reminded that it exploits an Outlook vulnerability, for which
Microsoft has issued a patch.

Of course for this to work Microsoft patches would always need to work
as advertised.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.