Microsoft Turns Focus to Patch Management

By Peter Coffee  |  Posted 2003-05-08 Print this article Print

Microsoft commits to reduce the number of separate installation tools and protocols used by its products.

"Patch management is, by far, the biggest problem" in keeping systems secure, declared Microsoft Strategic Technology Director Brett Arsenault at the IT security conference hosted this week in Boise by Washington Group International. "Its not just our issue," he continued, claiming that security patch activity on competing operating systems is twice as great, "but we all have to solve it the same way." A critical component of the problem, he continued, is the need to prevent one patch from undoing another: "Patches have to roll," he said, "to be cumulative so that you dont ever have the problem of a service pack undoing something youve previously applied."
He expressed hope for industry cooperation and update technology sharing: "Ideally," he said, there should be a common service used by all vendors, "a place where you can go for updates to various applications and various operating systems. It shouldnt be owned by Microsoft."
In the meantime, he reviewed Microsofts inventory of configuration management tools, and committed the company to reducing the number of separate installation tools and protocols used by its products: "We have a plethora of installers," he said, adding that the Slammer problem was fundamentally a problem of installers, "but we will have fewer in twelve months, and in a number of years well have it down to a level that is really useful." Whats that proverb about the journey of a thousand miles? Latest Security News:
Search for more stories by Dennis Fisher.
Find white papers on security.
Peter Coffee is Director of Platform Research at, where he serves as a liaison with the developer community to define the opportunity and clarify developers' technical requirements on the company's evolving Apex Platform. Peter previously spent 18 years with eWEEK (formerly PC Week), the national news magazine of enterprise technology practice, where he reviewed software development tools and methods and wrote regular columns on emerging technologies and professional community issues.Before he began writing full-time in 1989, Peter spent eleven years in technical and management positions at Exxon and The Aerospace Corporation, including management of the latter company's first desktop computing planning team and applied research in applications of artificial intelligence techniques. He holds an engineering degree from MIT and an MBA from Pepperdine University, he has held teaching appointments in computer science, business analytics and information systems management at Pepperdine, UCLA, and Chapman College.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel