Skip Navigation LinksHome : Computer/Network Admin : Security : Patch Management

Patches

Many people think if they have an anti-virus (AV) program installed, then their computer is safe from hackers. This isn't true for two reasons, which are easier to understand once you know a little about how AV software works. If you start to get scared reading this, then good it's done its job... but rest assured there are steps you can use to protect yourself. It's more work that we used to have to do, but as we said, cyberspace is becoming a riskier place every day.

AV software works by comparing every file on your computer against a "signatures" list of known viruses and other malicious software. This means:
  • The list of known viruses must be up to date. AV vendors typically update this list weekly, or more often if a particularly nasty virus starts making the rounds. But to do you any good, you must download the updates frequently. Many people don't understand the software's requests to do this, find it time consuming, or simply let their subscription lapse (which means the AV vendor cuts them off).
  • Only known viruses are defended against. Some "holes" in the underlying operating system or common used programs are so severe that it is impossible to characterize all the ways these holes could be exploited.

    To understand the difference, consider this analogy. AV software is like a well-staffed force of security guards, constantly roaming your halls and checking "ID badges" against a list of known criminals. Even if this list of know criminals is up to date (see point above), there's still a problem if you leave a window or door wide open... even "reasonable honest" people, with no criminal record, might be tempted to pick up valuables left out in the open. And while they might formally be considered criminals at that point, since they might never steal again, the "public" list of known criminals isn't going to be updated with their names. To make matters worse, given free access to your system, the first thing these new criminals might do is change the list of known criminals (i.e., the list that your AV software works off of) to make sure they aren't on it! So AV software will never be able to keep track of all possible exploits if you have holes in your software. The only known way to defeat these "criminals of opportunity" is to patch the original hole in the software itself; i.e., close all your windows and doors.

These "holes" in software (the open windows, above) occur all the time and are an unfortunate result of the current ways of developing software. While new methods are being developed that promise to "design out" many of these kinds of problems, our current software has a lot of holes. For example, if you bought a computer in the summer of 2002, with the latest and greatest software on it, by the end of that year there were

dozens of known holes that would let a hacker:
  • Send you an email that gives him/her control of your computer. Even if you didn't open or read the email, just receiving it would be enough to trigger the exploit.
  • Entice you to visit a web site with slick, moving animations. Unfortunately, the Flash player included in your system has a hole that lets the web author also take over your computer.
  • Use an ordinary Word or Excel document to, again, take complete control of your PC.
  • Completely disable your anti-virus software. This is the latest attack method... using several different "minor" weaknesses together to completely control your system.

Note, once a hacker has control of one PC in your business, s/he can use it to attack other PCs, even those that have patched themselves against the original problem. PCs within a company normally "trust each other" more than external, Internet-based ones so this type of attack is easy to carry out. And even if your other systems are completely safe, an attacker can use a compromised system to, say, send so much network traffic that no one else can get any real work done. It only takes one unpatched system to completely lock your business out of all its computer resources!

The Solutions

The risks outlined above are scary. Fortunately there are well known solutions. In fact, for many of our professional clients it is key that they follow these "industry standard practices" in order to (at least partially) insulate themselves from litigation. Even if their computers are not compromised, many professionals are worried about a regulatory or litigation problem if they don't at least do two things:

Because of the problems keeping AV software up to date, use a centralized "server-based" anti-virus solution, sometimes called a "corporate edition." This software, which typically cost about the same on average as the retail, consumer, version uses a central server to download the virus definitions and then force them out to the individual PCs. This way one central administrator can keep things up to date for many users, and the users don't have to "know what to do" because it is transparent to them.

Develop a comprehensive patch management system that ensures patches for the operating system (Windows), server applications, popular client applications (e.g., Office, Internet Explorer) and all web "plug-ins" are applied in a consistent, timely manner. Applying all the patches for a given machine can take hours each month so Vanishing Clouds has developed automated patch management tools, based on the security toolkits provided by Microsoft, to address this issue.