Security experts agree that an overwhelming majority of all security breaches could have been prevented if software patches and updates were applied when they were first available. In fact, figures from the SANS Institute and FBI show that the majority of commonly exploited vulnerabilities are due to the failure to apply patches that were available from vendors for several weeks or even a month.
All software created today is tested vigorously for its stability and function, but rarely is software adequately tested for security holes before it is released on the market for purchase. Most companies wait until hackers find the security holes and vulnerabilities in the newly released software, and then they issue patches to fix the security holes that have been brought to their attention. Microsoft® alone released several thousand patches in the year 2002 to fix security holes and other problems with their software after it was released!
Many larger companies and organizations pay a systems administrator to watch out for new patches for their computer systems. This becomes a very time consuming and difficult task when there are dozens or even hundreds of computers on a simple office network. Each computer has a different configuration and different software, which means that each computer needs different patches on a regular basis. Very few organizations are capable of staying on top of this critical patching game and consequently, most or all computers are riddled with known software security holes.
Hackers count on the fact that nobody is patching their computer software so they can launch their attacks and gain access to systems around the world. For every known software security hole in Microsoft® programs and other software, there are likely dozens or even hundreds of hacker tools and scripts created to exploit that specific software vulnerability. These "exploits" are shared freely among hackers around the world, making PCs that don't patch security holes an easy target for attack.
Now, Microsoft has finally realized the need for a patch management system for their software and included some of this functionality in their latest release of Windows XP. Using the auto-updater feature of Windows XP is a step in the right direction. However, it is important to realize a few key things. Microsoft proactively scans your computer without telling you, looking for possible holes that need to be patched. But while they are scanning your computer, they are also looking at several other things on your computer without your knowledge, like whether you have pirated or licensed copies of Microsoft programs. Most people are rather uncomfortable with this invasion of privacy - and Microsoft continues to develop further remote analysis and controls of your PC to be released soon.
Other larger problems loom using the Microsoft-offered patching features. A very large percentage of new patches released by Microsoft create more problems for your PC - including crashing it or making it almost unusable. Consequently, they release patches to their patches. This confusion is more than most people can handle. These are some of the reasons why almost nobody, especially the average computer user, patches their computers on a timely basis.
The reality is that without the right tools, nobody can keep up with patching computer programs and closing security holes easily in a timely manner. There are too many patches released every month to keep up with, and it takes a pretty experienced computer user to understand which patch is needed and how to properly apply it. The INVISUS™ Patch Management system provides a simple way to patch your computer's software - no matter how you have configured your system. We've taken the complexity and confusion out of patch management!
Return to Technology main page
|