Re: [ISN] Patching Becoming a Major Resource Drain for Companies

From: InfoSec News (isnat_private)
Date: Wed Aug 20 2003 - 02:21:42 PDT

  • Next message: Jason Coombs: "[Full-Disclosure] RE: [ISN] The sad tale of a security whistleblower"

    Forwarded from: Mark Bernard <mbernardat_private>
    
    Dear Associates,
    
    MS has not done a good job at managing this very important process.
    They are continuing to muddle around and not tackle this effectively.
    
    Since they have mostly borrowed all the technology that they currently
    have from someone else, why don't they go back to Big Blue were they
    started and get this right from the pros.
    
    I have work with Big Blues and Application Systems 400 servers for 14
    years now. BTW: they have never been infected by a viruse since their
    introduction to the public in 1989. BTW: there are now around 900,000
    400 servers in the world today. On the 400 there is a regular program
    that follows a monthly routine with built in software that can be used
    to distribute Preventative Software Fixes (PTFs) to either clustered
    400s or networked 400s. You get an overview of the fix it tells you in
    English what it will do and or change on your system before you load
    it. You can then load it in temporary state on a mirrored logical
    partition and run it to see what's going on before applying it
    permanently. You also have the option of removing it.
    
    Why can't Microsoft get this right with all the money that they now
    have of ours?
    
    Regards,
    Mark.
    
    ----- Original Message ----- 
    From: "InfoSec News" <isnat_private>
    To: <isnat_private>
    Sent: Tuesday, August 19, 2003 9:10 AM
    Subject: [ISN] Patching Becoming a Major Resource Drain for Companies
    
    
    > http://www.computerworld.com/securitytopics/security/story/0,10801,84083,00.html
    >
    > Story by Jaikumar Vijayan
    > COMPUTERWORLD
    > AUGUST 18, 2003
    >
    > Last week's W32.Blaster worm, which affected thousands of computers
    > worldwide running Windows operating systems, highlighted the
    > enormous challenge companies face in keeping their systems up to
    > date with patches for vulnerabilities, users said.
    >
    > Companies that, ahead of Blaster's rampage, had installed Microsoft
    > Corp.'s patch for a flaw identified last month said they felt no
    > effect from the worm. But the seemingly constant work involved in
    > guarding against such worms is becoming a burden that could prove
    > unsustainable over time, users said.
    >
    > "The thing about patching is that it is so darn reactive. And that
    > can kill you," said Dave Jahne, a senior security analyst at
    > Phoenix-based Banner Health System, which runs 22 hospitals.
    >
    > "You need to literally drop everything else to go take care of
    > [patching]. And the reality is, we only have a finite amount of
    > resources" to do that, Jahne said.
    >
    > Banner had to patch more than 500 servers and 8,000 workstations to
    > protect itself against the vulnerability that Blaster exploited. "I
    > can tell you, it's been one heck of an effort on a lot of people's
    > part to do that," Jahne added.
    >
    > For the longer term, Banner is studying the feasibility of
    > partitioning its networks in order to minimize the effect of
    > vulnerabilities, he said.
    
    [...]
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Aug 20 2003 - 10:37:35 PDT