[ISN] Patching is the problem, says Microsoft

From: InfoSec News (isnat_private)
Date: Thu May 01 2003 - 22:19:55 PDT

  • Next message: InfoSec News: "[ISN] New Netstumbler mailing list"

    http://www.vnunet.com/News/1140555
    
    By Iain Thomson 
    Infosecurity Europe
    London [01-05-2003]
    
    Providing reliable, easy-to-install patches expensive and troublesome,
    says security chief
    
    Patching applications is the most costly security job that companies
    face, according to Microsoft's head of security.
    
    Craig Fiebig, general manager of Microsoft's security business unit,
    said the firm would continue its policy of releasing software updates
    on Wednesdays, but admitted that providing reliable, easy-to-install
    patches was an issue.
    
    Fiebig (pictured) also acknowledged the policy of patching was
    rendered less effective because of administrators' dislike of network
    downtime.
    
    "It's the hardest one to solve," Fiebig told vnunet.com at
    InfoSecurity Europe. "In dollar terms, patching is the most expensive
    security measure and keeping your antivirus descriptions up to date is
    the least.
    
    "If customers could do both it would eliminate the bulk of security
    problems."
    
    The programme used for Microsoft's own staff training has provided a
    base for partner seminars and will form part of the UK's first
    undergraduate computer security module, to be offered at the
    University of Leeds from 2004.
    
    The software giant has also set up a new Security Partnership
    Programme, with participating members receiving up to 10,000 in
    marketing funds.
    
    To qualify, firms must support two consultants and an engineer trained
    in ISA server, and work with Microsoft to agree a suitable business
    plan.
    
    So far Unisys, Fujitsu Services, Lynx Technology, SCC, DNS, Vistorm
    and Silversands have all signed up.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri May 02 2003 - 01:23:50 PDT