ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Jobs
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


Enterprise applications Toolkit

Problem patches can cause mayhem

John McCormick

Published: 02 Nov 2005 12:05 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

...the network and reinstall IOS to apply the fixes.

The Cisco IOS update problem neatly illustrates one of the ongoing problems with security. As a vendor, Cisco puts a lot of work into making a really solid operating system not overlaid with dozens of Band-Aid patches. However, that makes updates a complex and expensive process, so users tend to ignore even critical vulnerabilities.

Is it better to release patches quarterly as Oracle does — leaving systems vulnerable for longer periods of time — or monthly as Microsoft does? Is it preferable to issue small patches that often don't even require a reboot? Or is it better to sport a more secure platform even if it's much harder to patch when inevitable flaws do appear?

Different security patch protocols adopted by vendors are simply that — different, but not necessarily superior. In fact, each has its own set of problems.

Speaking of protocol, a reader recently requested a simple definition of "phishing", which isn't as strange as you might think. While many technical computer terms have strict definitions, a lot of the terms we use in computer security have only vague definitions because they're relatively new.

With many new terms, often all we have to go by is the old "I know it when I see it" explanation. But you can't pass laws on that basis — OK, so actually you can, and legislators do it all the time — but you can't enforce such laws.

A case in point is the term 'spyware'. The Anti-Spyware Coalition (a group of prominent security industry vendors) has been struggling to define the term for a considerable time. According to one report, the ASC has defined spyware as "a term for tracking software deployed without adequate notice, consent, or control for the user. In its broader sense, spyware is used as a synonym for what the ASC calls 'Spyware and Other Potentially Unwanted Technologies.'" For definitions of related terms, see the ASC's Anti-Spyware Coalition Definitions and Supporting Documents.

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with Konica

Did you find this article useful?
114 out of 238 people found this useful


In association with Intel

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Enterprise applications



Company/Topic Alerts

Create a new alert from the list below:







Related Jobs

Tactical Buyer (6-9 months contract)

ORACLE DBA (DATABASE ADMINISTRATOR) 40k circa +benefits

Credit Derivatives Trading Vendor seeks Senior Java Developer

Featured Talkback

In association with Intel
The internet is going to have do a lot of maturing before it is ready for this kind of traffic. Security is always going to be a problem, connectivity is poor, and most business's are unwilling for their employees to have open access.

By: ator1940

Read full story:
Microsoft prepares to take Office online