This week I kicked off our Planet Antivirus challenge with a blog entry highlighting the top 5 failures of antivirus. My fifth point highlighted the fact that relying on antivirus resulted in a reliance on fire drill patching as a result:
Relying on antivirus ties companies to fire drill software patching — The side effect of relying on antivirus to protect endpoints is that companies are now tied to reactive software application patching as well. Because we can’t trust our antivirus software to protect the endpoint, we also must remain constantly aware and vigilant about identifying and fixing vulnerabilities in our applications on the endpoint. The resulting combination of rushed patches and signatures is a significant drain on the human resources of an organization.
It’s rare that such a post has supporting evidence appear just days after it is published, but this week, that is exactly what happened. It was reported this week that a Windows XP security update resulted in the notorious Blue Screen of Death (BSOD), locking up many users’ Windows XP PCs. In the article, “Windows patch cripples XP with blue screen, users claim,” hundreds of Windows users expressed their frustrations on the company’s support forum throughout the week.
The problem appears to have originated with one of the 13 updates the company issued on Tuesday to patch a 17-year-old kernel bug in all 32-bit versions of Windows. After users updated and tried to restart their PCs, they ran into the infamous Blue Screen.
Unfortunately, this is yet another example of the growing problems organizations experience when relying on patches to secure their network and the dangers of rolling out patches quickly. This isn’t an isolated case as the article points out:
This was not the first time that a Microsoft update has incapacitated Windows PCs. Two years ago, a set of updates for Vista sent an unknown number of machines into an endless series of reboots. Similar problems stymied users who tried to upgrade to Windows XP Service Pack 3 (SP3) in May 2008, and others attempting to upgrade from Vista to Windows 7 last October.
There was once a time when patching was an effective way of dealing with security flaws and vulnerabilities within their operation system. However, in today’s world the sheer volume of new patches combined with the time is takes to disclose a vulnerability, create and distribute the updated code, systems are practically sitting ducks to new malware and viruses ready to exploit a network at every opportunity. In addition, when the patch finally comes out, smart organizations take the time to ensure that the fix itself won’t cause problems with their systems. That’s where a solution such as application whitelisting can help. Whitelisting gives organizations time to test patches and roll them out on a regular schedule avoiding fire drill patching and more time exposed to attacks.
[...] I mentioned in last week’s entry, “Latest Microsoft patch illustrates the dilemma and dangers of fire drill patching,” relying on antivirus defenses to protect endpoints ties organizations to fire drill software [...]