Cloud // Cloud Storage
News
3/5/2010
02:32 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Software Patching Too Much Trouble For Most

Automated software patching, common among enterprises, is making its way onto consumer PCs.

The U.S. government is so flummoxed by the insecurity of computers that it has launched a contest to find someone who can create an effective way to educate people about computer security.

It's clear there's a problem. Recent legal action in Spain and in Virginia against the Mariposa botnet and the Waledac botnet, two of the ten largest botnets that controlled tens of millions of hijacked computers, offers a reminder of just how many compromised computers are out there. These aren't just personal computers either; many of the infected machines have been found in major corporations and banks.

While education can reduce the number of malware infections by helping users to understand that the joke in e-mail messages with subject lines like "LOL! Check this out!" is on the recipient, in the form of malware, the defensive value of timely patching shouldn't be overlooked.

The problem with patching, unfortunately, is that it's too much trouble for the average user. A research paper by Stefan Frei, research analyst director at Secunia, and Thomas Kristensen, CSO at Secunia, released earlier this week at the RSA Conference, finds that the complexity and frequency of patching software vulnerabilities tends to exceed what users are able and willing to invest.

According to Frei and Kristensen, 50% of users have software from more than 22 different vendors that are affected by at least 75 security advisories issued by Secunia every year.

"Thus, a typical end-user has the daunting task to administer his host approximately 75 times a year (or every 4.8 days), thereby handling approximately 22 different update mechanisms to keep his/her system secure," the paper states.

The obvious solution to this problem is a single automated update mechanism.

Automated updating is not free from controversy. Typically it takes place without real-time notice and consent, relying instead on past notice and consent. It's generally not a problem when done by a trusted party, but there's still some potential for misuse.

Apple has already caught on to the benefits of automated updates, as can be seen in the way it updates software for iPhones and iPods through iTunes. Users don't have to make much of an effort to keep all the software on their iPhones and iPods up-to-date.

Google has realized this too. The always-up-to-date status of Google Apps has long been a selling point, as it is with any cloud-based software. The company also keeps its desktop software like Google Pack and Google Chrome up-to-date using an automatic update mechanism.

Secunia is the latest company to advocate this approach. That's unsurprising, given that Frei co-authored a paper demonstrating the effectiveness of Google's automatic browser updates prior to joining Secunia, when he worked at Swiss Federal Institute of Technology (ETH Zurich).

Kristensen says that in the coming months, Secunia will release software that will "forever will change the updating experience on Microsoft Window systems."

Secunia plans to launch a technology preview of Automatic Updating for private users, which will be incorporated into its Personal Software Inspector (PSI) 2.0.

Mac OS X and Linux users will have to continue to patch their software manually for the time being. But they don't really face the same attention from cybercriminals as Windows users.

Comment  | 
Print  | 
More Insights
Google in the Enterprise Survey
Google in the Enterprise Survey
There's no doubt Google has made headway into businesses: Just 28 percent discourage or ban use of its productivity ­products, and 69 percent cite Google Apps' good or excellent ­mobility. But progress could still stall: 59 percent of nonusers ­distrust the security of Google's cloud. Its data privacy is an open question, and 37 percent worry about integration.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 7, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program!
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.