Our View: ZERT to the Rescue

 
 
By Stan Gibson  |  Posted 2006-10-16 Print this article Print
 
 
 
 
 
 
 

Opinion: The emergence of the Zeroday Emergency Response Team is good news for users.

A new exploit is leaving your desktops vulnerable, but Microsofts patch is not due for another week. What to do? Faced with such a dilemma, many IT professionals are turning to ZERT.

ZERT is an acronym for Zeroday Emergency Response Team, a group of security expert volunteers who create patches for security holes, mainly in Microsoft products, and make them available to the public. If you download a ZERT patch, you do so on an as-is basis. There is risk. But ZERTs track record is excellent so far. According to what we can tell, its at least as good as any vendors.

We think ZERTs emergence as a player in the security arena is good news. Where users were formerly at the mercy of a vendor for patches, now they have choice.

ZERT is making its presence felt at a time when the security communitys eyes are trained on Microsoft as the software giant readies its Vista version of Windows with security features Patchguard and Windows Security Center. In addition, the 64-bit version of Vista restricts kernel access, barring security vendors such as McAfee and Symantec from the kind of contact with the operating system they have had historically.

While Microsofts moves change the playing field in the security market even as the company ships more security products of its own, we dont think Microsofts moves end the need for third parties—be they McAfee, Symantec or volunteer organizations such as ZERT—to strive to meet customer needs. And while antitrust watchdogs ought not to take their eyes off Microsoft, we dont think that Microsofts moves yet cross the threshold of anti-competitive behavior.

Just how Microsoft will respond to ZERT remains to be seen. While ZERTs success could embarrass Microsoft, we think that ZERT is very likely to be of real benefit, intentionally or not, to Redmond. Microsoft has benefited immensely over the years from its vast community of developers. Sure, ZERT is different, but what vendor wouldnt want volunteers to fix its products for free? And the presence of ZERT can only make customers feel more secure about buying Microsoft products—if Microsofts patches dont suffice, then its likely that ZERTs will. And ZERTs performance is likely to spur Microsoft to make its own patches better and to make them available faster.

Can you feel confident downloading and applying a ZERT patch?

Its your system, but ZERT has a good track record and the open-source movement seems to be doing pretty well at this point. Is ZERT infallible? No. Just because it hasnt erred yet doesnt mean it will remain error-free in the future. There is risk. So far, though, it looks like the risk may well be worth taking.

Tell us what you think at eweek@ziffdavis.com.

eWeeks Editorial Board consists of Jason Brooks, Larry Dignan, Stan Gibson, Scot Petersen and Lisa Vaas.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.
 
 
 
 
Stan Gibson is Executive Editor of eWEEK. In addition to taking part in Ziff Davis eSeminars and taking charge of special editorial projects, his columns and editorials appear regularly in both the print and online editions of eWEEK. He is chairman of eWEEK's Editorial Board, which received the 1999 Jesse H. Neal Award of the American Business Press. In ten years at eWEEK, Gibson has served eWEEK (formerly PC Week) as Executive Editor/eBiz Strategies, Deputy News Editor, Networking Editor, Assignment Editor and Department Editor. His Webcast program, 'Take Down,' appeared on Zcast.tv. He has appeared on many radio and television programs including TechTV, CNBC, PBS, WBZ-Boston, WEVD New York and New England Cable News. Gibson has appeared as keynoter at many conferences, including CAMP Expo, Society for Information Management, and the Technology Managers Forum. A 19-year veteran covering information technology, he was previously News Editor at Communications Week and was Software Editor and Systems Editor at Computerworld.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel