Microsoft Monitor Weblog A Jupiter Research Business Weblog
 
Jupiter's Microsoft Monitor Research Service helps vendors prepare for market opportunities created by new Microsoft initiatives. In addition, Microsoft Monitor helps business and enterprise users discover which strategies are most successful in dealing with Microsoft and how to best exploit the customer relationship. The Microsoft Monitor Weblog is a companion to Jupiter's Microsoft Monitor Research Service and provides additional news, analysis and insight relevant to the areas most important for Microsoft's growth in both the business and consumer marketplaces. The content on this Weblog is often based on late-breaking events whose sources are deemed to be reliable. The insight and recommendations represent Jupiter's initial analysis. As a result, our positions are subject to refinements or major changes as Jupiter analysts gather more information and perform further analysis. Feedback is welcome at mm@jupitermedia.com.

Contact Us
More information about Jupiter's Microsoft Monitor Research service is available by contacting Kieran Kelly at researchsales@jupitermedia.com or by telephone at 1-800-481-1212

Blogroll
David Card
Michael Gartenberg
Alan Meckler
David Schatsky

September 2005
Sun Mon Tue Wed Thu Fri Sat
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30  
Archives
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003

Recent Entries
My PDC Post Morteum
Microsoft Office, the Server Edition, Part Two
Windows Workflow Foundation and Expression
PDC: The Big Day
Windows Vista Sleeper Announcements

August 13, 2003
Blaster from the Past

The rapid spread of the Blaster worm shows that Microsoft customers need to do a better job with patch management. Microsoft warned of the exploitable security vulnerability on July 16. The U.S. Dept of Homeland Security issued a separate warning on July 24. Still, the Blaster worm has managed to wreck havoc, crippling many home and business PCs and slowing down Internet traffic. In Maryland, where I work, the Dept. of Motor Vehicles closed up early yesterday because of a crippling Blaster infection.

The simple application of a patch a month ago could have prevented spread of the worm. But patch management is perhaps Microsoft's biggest security bane. Many businesses legitimately approach patches cautiously, out of concern a security fix might cause unseen compatibility problems with vital software applications. Many consumers simply don't patch at all.

Some advice:

* All home users running Windows XP with broadband connections should enable the Windows Automatic Update feature. Windows Update automatically fetches patches and then prompts the user for installation.

* All businesses should require workers that dial into the corporate network to enable the Windows Automatic Update feature for any computer--even a personal, home PC--that connects remotely. Those same workers should be required to have a firewall installed on the same PCs, which is a good idea, anyway, for those employees using cable broadband at home.

* IT managers and their subordinates should subscribe to Microsoft's Security Update e-mail service, here. Major antivirus vendors offer similiar notification services. Microsoft and some of its antivirus partners have created the Virus Information Alliance, which seeks to offer faster notification about virus outbreaks. More information is available here.

* To its credit, Microsoft is trying to create better mechanisms for improving patch management. In the meantime, IT managers must take more responsibility to stay informed about security vulnerabilities and then to take quick preventative action. Rule of thumb: If the Dept. of Homeland Security issues a warning on a Windows security vulnerabilty, it's time to update all PCs right away.

* Microsoft does provide some useful resources on patch management, which all IT administrators and their subordinates should read: Guide to patch management. Guide to improving patch management.

Posted by Joe Wilcox at August 13, 2003 01:17 PM
Copyright 2004 Jupitermedia Corporation. All Rights Reserved.
Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.