Labs Tips and Tricks for Reducing Patch Pain

 
 
By Timothy Dyck  |  Posted 2002-12-23 Print this article Print
 
 
 
 
 
 
 

There is depressingly little that can be done to mitigate the negative impact of security patches, but there are steps IT managers can take to avoid problems in the first place.

There is depressingly little that can be done to mitigate the negative impact of security patches, but there are steps IT managers can take to avoid problems in the first place.

The cardinal rule is to test patches before rolling them out.

The best way to avoid patching problems, however, is to not need a patch in the first place. eWeek Labs advises against default operating system installs—with their proclivity for installing everything but the kitchen sink—for this reason. Instead, install as little of every product as possible, particularly on server systems.

Trickier is determining when not to apply a newly released patch. This decision requires careful risk assessment, as well as the ability to extrapolate how a security bug could be exploited.

For example, if a hole requires a particular network protocol, and that protocol is blocked by a firewall, updating could be postponed until the next service pack or scheduled downtime.

Vendors—especially Microsoft Corp.—are making it increasingly difficult to apply discrete patches; rather, they are bundling old patches with new fixes for an all-in-one install. When you do have the option, though, choose to apply only needed patches individually. This provides a much greater degree of control.

Finally, open-source packages provide a huge advantage when it comes to patching because security fixes can be applied to older applications by IT staff indefinitely.

West Coast Technical Director Timothy Dyck can be reached at timothy_dyck@ziffdavis.com.

 
 
 
 
Timothy Dyck is a Senior Analyst with eWEEK Labs. He has been testing and reviewing application server, database and middleware products and technologies for eWEEK since 1996. Prior to joining eWEEK, he worked at the LAN and WAN network operations center for a large telecommunications firm, in operating systems and development tools technical marketing for a large software company and in the IT department at a government agency. He has an honors bachelors degree of mathematics in computer science from the University of Waterloo in Waterloo, Ontario, Canada, and a masters of arts degree in journalism from the University of Western Ontario in London, Ontario, Canada.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel