Click here to receive your FREE subscription to Campus Technology
News
Survey: Many Microsoft Patches Are Going Uninstalled
6/24/2008
|
|
The results of an online test conducted by U.K. anti-virus firm Sophos found that more often than not, PC users don't install Microsoft's monthly patches.
The results, released Monday, were gathered from 40 days' worth of data from a sample group of 580 PCs in corporate environments, 80 percent of which failed one or more basic security tests.
Moreover, 63 percent were found lacking at least one Microsoft patch on the OS level, the Office and application levels, or the browser and media player component levels.
Bill Emerick, Sophos' vice president of product management, said in a prepared statement, "Machines that fail such a test represent 'low-hanging fruit' for cybercriminals and [are] a real danger to their corporate networks."
But according to Randy Abrams, director of technical education for IT consultancy ESET, these reports can sometimes be like "two blind men, touching different parts of an elephant. [They] may get the same results, but it doesn't cover the whole body."
"I think we have to remember that the sample sets and control groups in tests like these need to be taken into consideration," said Abrams, himself a former Microsoft security pro. "That said, we don't need a survey to tell us that people are lax about patching their systems. I think the evidence of that is that there are far fewer zero-day or new patches than there are those that are responding to a direct set of vulnerabilities."
There are several reasons for IT pros and even individual users to delay, or altogether skip, patching their systems -- one being the fact that not every patch may apply to them.
Many enterprises also hold off patching to evaluate the cost, or to avoid either re-patching or seeing their particularly tailored systems block the patches.
There's also some lingering resistance to Automatic Updates for Microsoft patches, Abrams explained. "In these cases, the systems sometimes reboot...while you're away to automatically install the patches," he said. "I think this was a case with a good intention and bad implementation on Microsoft's part."
Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. You can contact Jabulani at editor@entmag.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- Microsoft Outlines Next-Generation Databases
Microsoft is planning to enhance the BI capabilities in the next version of its flagship SQL Server database, the company revealed Monday. The company kicked off its second annual Business Intelligence Conference in Seattle by outlining plans for a new set of managed self-service analysis and reporting capabilities that will be integrated into the next version of SQL Server.
- Red Hat Expands HPC Solution Availability
Open source software vendor Red Hat went global with its high-performance computing (HPC) product Thursday. An announcement issued by the Raleigh, NC-based company claims that the Red Hat HPC Solution product is the "first" integrated Linux-based HPC platform.
- IBM Aims To Boost Mainframe Competency with Scholarship Program
As we reported recently, IBM is accelerating its efforts to bolster mainframe education in an effort to increase the number of professionals entering the workforce with mainframe skills. Now the company is putting additional money where its mouth is with a new scholarship program supported by itself and its partner ecosystem, along with higher education institutions.
- Microsoft's 'Dublin' App Server Tied to .NET 4.0
New Windows Server and .NET Framework 4.0 technologies aimed at developers who are building composite applications will be released at Microsoft's Professional Developers Conference, Oct. 26-30. The server technologies are the first to support Microsoft's upcoming "Oslo" modeling platform, according to Microsoft.
- WoW: Microsoft, Cisco Continue to Cozy Up
The ongoing relationship between Cisco Systems and Microsoft has become even closer, according to recent news that the Windows Server on WAAS (WoW)-- an appliance that merges Cisco's Wide Area Applications Services with Microsoft Windows Server 2008--is available to order.
- Yahoo Fixing Zimbra Bug, Integrating with Exchange
Web-search advertising giant Yahoo plans to resolve a password security vulnerability identified in late September in its Zimbra open source e-mail and collaboration software. On Wednesday, a Yahoo spokesperson stated by e-mail that the problem will be addressed in a few weeks' time.
