RE: Is VMS losing the Financial Sector, also?

-----Original Message-----
From: P. Sture [mailto:paul.sture.nospam@xxxxxxxxxx]
Sent: July 6, 2007 4:38 AM
To: Info-VAX@xxxxxxxxxxxx
Subject: Re: Is VMS losing the Financial Sector, also?

In article <Qwmji.3514$Np2.127@trnddc07>, John Santos
<john@xxxxxxx>
wrote:

The answer, of course, is that a system exposed to a virus or an
unpatched
exploit can get hacked anyway, no matter how competent the
administrator.
Keeping up on patches and A/V is part of the job of the
administrator.

But there is a race condition. What if the bad guy attacks
before the
O/S vendor knows about the exploit, or the A/V vendor designs,
implements
and distributes a test for it? Then you're up the creek. What
are the
chances of this happening? Obviously, the more viruses and
serious O/S
bugs, the greater the odds.


One problem there is that certain M$ patches have broken things,
sometimes quite seriously. This can lead to a certain reticence to
apply
patches in a timely fashion.

--
Paul Sture

Which is why experienced IT shops always test their important
applications with any new patches - especially security ones as it often
translates to access or auditing or authentication type errors.

This is also why using a platform that has 5-20 security patches
released *each and every* month is such a major impact on normal
QA/Testing and Operations staff. When you have hundreds of systems
(small-medium DC), think of the effort that this entails.

A few examples:
http://www.theregister.co.uk/2006/08/26/linux_update_shocker/
http://tinyurl.com/z9p4d

And in case anyone thinks this is a recent happening, here is article
from 2002:
http://www.eweek.com/article2/0,1759,1513928,00.asp
"More Patches Aren't the Answer"
Key extract (and remember this is from 2002):

" Sorry, but that doesn't cut it. First of all, as the broken patch for
IE illustrates, patches don't always fix things and can often cause new
problems. Using an automated patching tool means you are constantly at
risk of introducing new problems without any chance to do testing before
the patches are applied.

Of course, the other option is to watch alerts and use patch-scanning
tools and update systems yourself. Oh, you have another job that you
need to do? I'm sure you can squeeze it in between the hours you'll
spend finding the right patches, testing them, then deploying them."

Regards


Kerry Main
Senior Consultant
HP Services Canada
Voice: 613-592-4660
Fax: 613-591-4477
kerryDOTmainAThpDOTcom
(remove the DOT's and AT)

OpenVMS - the secure, multi-site OS that just works.



.

Relevant Pages

  • Re: Windows Update Error 0x8007F004 (Insufficient Privilege)
    ... it as the local administrator, the domain administrator, my own domain ... downloading one of the patches), and it doesn't come up with any permissions ... > When I tried to install Microsoft's latest patches (MS04-029 through ... > MS04-038) via Windows Update the process failed. ...
    (microsoft.public.win2000.windows_update)
  • Windows Update Error 0x8007F004 (Insufficient Privilege)
    ... as the real administrator. ... >When I tried to install Microsoft's latest patches (MS04- ... >MS04-038) via Windows Update the process failed. ...
    (microsoft.public.win2000.windows_update)
  • Re: Batch files
    ... > should run the patches on all the machines like we do as RUN AS ... Administrator. ... >>> group.Suppose if i can add them in administrator group group through ... >>> Entry level Network Engineer ...
    (microsoft.public.windowsxp.general)
  • Re: Microsoft Update
    ... Der Update ... da ich nie in der Vergangenheit ein UnInstall von MS Patches und Fixes ... Macht euer Windows sicherer: http://windowsupdate.microsoft.com - jetzt! ...
    (microsoft.public.de.german.windowsxp.setup)