Thursday, October 14, 2010

Patch Tuesday - There is no SOE

So, once again Microsoft's Patch Tuesday is breaking all records and we're in a quandry.

We can either accept the risk of applying 28 untested (by us) patches to fix 49 vulnerabilities or we can accept the security risks of not applying the patches.

Both choices are difficult but in the end, I'm always going to accept the "upgrade risk" versus the "security risk".

Gone are the old days
So, why don't we just delay it a bit and test it all out? In the old days (and certainly in a much larger company) this would have been possible but right now, we only have a small IT department and a constantly shifting Standard Operating Environment (SOE).

As I've said before - there is no longer such a thing as a SOE in today's computing environment. We start out with an idea of the software to be loaded and the options and location in which it gets loaded, that's standard. Then, all the applications upgrade themselves at different intervals and suddenly, each machine is unique.

We could probably use a whole lot more policy controls and we could introduce greater client security but I've seen where that road leads. In fact, many of our customers are still on that road. They're still on Internet Explorer 6 and they're incompatible with a whole host of sites. Their users don't even have the ability to change the time on their own systems - so if it's wrong and it's an emergency, there's nothing they can do.

If they go overseas and something needs fixing - too bad. They don't have rights to change anything on their own computers.

Nope. That road is for larger organisations only.

More than Microsoft
It's not just Microsoft either. These days, Acrobat and Flash seem to do a couple of upgrades a week and Google Chrome is constantly (but silently) upgrading itself in the background (though somehow I'm ok with their upgrades because they're so unobtrusive). Then we have Quicktime and Real Player and the Anti-Virus systems.

It seems that there's just no escaping upgrade hell.

If we tested everything properly we'd need a huge IT department. Sometimes it's best to just read the bulletins, warn your users and keep your fingers crossed.

Today's Upgrade
So this all leads me to today's upgrades. I'm getting quite used to the fact that everytime Windows upgrades my PC, it sets the resolution back to something the monitor doesn't like (which results in fuzzy patches). It's ok. I have the correct resolution written on a post-it note at the bottom of my screen and it's a couple of minutes work once per month (and sometimes more frequently if there are urgent patches) to fix it.

Todays "surprises" were a little different though.

Today, Microsoft decided to replace my default email client (Lotus Notes 8.5.2) with outlook. It also completely rewrote the winword.exe file so that my Kaspersky Firewall didn't recognise it and had to prompt for further instructions. It doesn't bother me - I'm an IT professional. What DOES bother me is the fact that I'll now have to go around the organisation and hand-hold all of our clients through their logon process this morning.

Thanks Microsoft. I needed more work.