[ISN] Microsoft mulls patch distribution with AV updates

From: InfoSec News (isnat_private)
Date: Mon Oct 01 2001 - 03:20:38 PDT

  • Next message: InfoSec News: "[ISN] Nimda resurgence falls flat"

    By John Leyden
    Posted: 28/09/2001 at 12:13 GMT
    Microsoft is considering using anti-virus vendors to deliver security
    patches for its product alongside their own updates for virus
    definition files.
    Randy Abrams, release antivirus specialist at Microsoft, whose main
    job is to ensure that software shipped of Redmond is virus-free, told
    us the idea, still in its formative stages, came up during his
    discussions with vendors at the Virus Bulletin conference in Prague
    this week.
    Initial reaction to the idea was mixed, with Sophos, among others,
    suggesting that the best time to apply a Microsoft patch is when it
    first becomes available - not when a virus which exploits a particular
    vulnerability is released.
    Another point is that corporates need to plan the deployment of any
    patches to make sure they apply them in the knowledge of the effect
    they have on other systems.
    That said, integration between virus updates and security updates for
    consumers has its merits. when people are encouraged to update their
    protection against the Nimda worm, for example, they would also be
    reminded that it exploits an Outlook vulnerability, for which
    Microsoft has issued a patch.
    Of course for this to work Microsoft patches would always need to work
    as advertised.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Mon Oct 01 2001 - 13:32:24 PDT