Security Patches

Why Should I Patch My System?

It is important to keep your software up to date with the latest vulnerability patches released by software manufacturers.  As of the end of October, Microsoft alone had released 8 security patches for various software products, not to mention numerous critical updates for their Windows operating systems.  These software patches included one released in August that was designed to stop exploitations like the SQL Slammer from starting.

The unfortunate trend of companies, agencies, and even private citizens not to patch their systems is one reason that many worms cause as much havoc as they do.

Reasons for installing software patches include everything from repairing stability issues and interoperability to making the software less susceptible to viruses.  Some are intended to fix bugs in the program; a recent Microsoft Windows update fixed a bug that made it impossible to log onto a web site automatically.  Another reason to patch your systems is to keep them running reliably and to prevent large-scale security problems.

Why Are So Many Computers Left Unpatched?

Patching your system can be a difficult decision as it can sometimes cause problems.  Some administrators are too busy to test new software patches, while others do not have the time to test the patches as extensively as is sometimes required.  Others make the erroneous assumption that if there is not currently a crisis, then they must be secure.

According to FSS Computer Consulting These are some common reasons why system administrators do not apply patches.


 ? The systems are properly configured, firewalls in    place, and/or intrusion detection systems intalled.    This means the systems are configured    optimally.
 ? Patching is inherently dangerous. I cannot afford    the risk of downtime.
 ? Downtime risk is perceived to be too great to    mitigate.
 ? I have most of the security problems covered. So,    why worry?
 ? There are so many patches, no one has time to    research them, and the deployment is too    complicated.

 


This is a dangerous trend in the industry as the ever-increasing number of security issues needs to be matched by the veracity of the system administrators.