With the patch issues that arose last week, and folks asking if Microsoft
tests patches before releasing them, it reminds us that Redmond still has a
long way to go in the trust department.
But Redmond wasn’t the only one with vulnerability and software issues this time
around. Apple has joined in the browser vulnerability battle with its Safari browser this
week. Sophos didn’t help much with its software giving off false positives.
It’s been more of a battle to clean up after our security tools than it was to
deal with patching issues this month.
The date on the calendar as Microsoft’s patches came out this week said St. Valentine’s
Day, the day for love and romance. But if you’re a patchaholic like me, a guy
who offered to patch my computers for me would be even more romantic than roses
Especially in a week like this, when he’d have to use some extra manual labor
to get my machines fully patched.
You are at risk. No, seriously. Every time you turn on any kind of
technology, you turn on risk.
The question for today is this: Exactly how do you know what risk you are taking when
you use that technology? Some argue that “old code” is secure code, under the
assumption that the older the code, the more “eyes” have
reviewed it. But is that true? Let’s revisit the Windows Metafile issue with
this in mind, shall we?
The ball dropped in New York, ushering in the New Year. But we network admins
were scrambling because of a zero-day
exploit for which no patch was available, other than hoping our antivirus
vendors would catch it.
Little did we know at that time that the ‘bug’ was perhaps a wakeup call for us
better procedures to handle a zero-day event in the future (as InfoWorld’s Roger
When you read that there’s a new security bulletin for IE, you probably tune me out
like you do with flight attendants: "Keep your browser
in its upright and patched position."
There’s a twist this week, though, as Microsoft closes a hole that’s already being
exploited but which hasn’t had a patch available for weeks.
What’s your plan for catastrophic PC failure?
It’s one thing to plan for dead hardware. If your budget can take the hit, some of you
might even welcome an excuse to have to replace some aging machine. The real problem
is all of your data. Do you have everything categorized, backed up, and
I should have known it was going to be an unusual week when two wooden mouse
traps disappeared in my garage. I thought I had one kind of pest problem at
first — cute, furry little mice in my garage. It turns out, I probably had
a different critter: a rat.
There’s been a trend lately with Microsoft’s "critical" patches. You may
have noticed that a significant portion of the time, patches the company rates
as Critical aren’t critical on Windows XP SP2 and Windows Server 2003 SP1. This is certainly no accident.
With these releases, in my opinion, Microsoft has achieved some actual payoff for
its security efforts.
The yellow shield is in the System Tray reminding me this is Patch Tuesday.
And before I began to write this article, I installed all 9. (Yes, there are 8 patches and
one malicous software removal tool.)
Normally, my second column of the month is my “clean up your patch details”
column. (The first column of the month deals with the problems that beset us from
Microsoft’s Patch Tuesday.)