Save content
Have you found this content useful? Use the button above to save it to your profile.
AIA

Stewart Twynham's Security Diary: Patch Tuesday woes, and the Information Commissioner gets tough

by
13th Jul 2007
Save content
Have you found this content useful? Use the button above to save it to your profile.

This Tuesday (10 July) saw the release of more critical patches for Microsoft products - including Excel. Whilst Microsoft claims there to only be three critical patches out of a total of six, the SANS Internet Storm Center disagrees, rating all six as critical.

However much safer the world of IT now is, it’s also important to note that patch Tuesday just doesn’t run smoothly for some.

Surviving Patch Tuesday
As with installing most software on a PC, once the monthly updates are installed your PC will require a reboot, which the update software will sometimes attempt forcibly. That’s usually rather annoying if you’re used to leaving your PC with unsaved information while you nip to the coffee machine - the default delay for “Windows has updated your PC - shall I reboot now?” is just five minutes.

The trick here is to shut down your machine every night and on nights where an update has been successfully downloaded but not installed, ake sure you select “Install updates and then shutdown” when it’s presented to you. This should prevent unwanted automatic reboots the following day.

The other problem is slowness – PCs grinding to a halt once a month as the updates roll out. In actual fact, there are several problems here:

  1. In an office full of PCs, having each PC try to download updates individually can cause some bottlenecking of the incoming iternet connection. The fix here is to download Windows Server Update Services onto one of your servers. This allows your server to aggregate all the updates, and distribute them internally as required, as well as giving you some additional control on rollouts such as delaying updates on business critical desktops and servers.
  2. Several users report that their PC will hang whenever the update takes place. Some of this has been down to bugs within the update software, much of which has been addressed by Microsoft - although some users still report problems.
  3. It is also worth noting that the patching process (effectively, taking the software on your machine and making quite complex changes under the bonnet whilst that software might still be running) is quite demanding. Slower machines, especially those with slower hard drives, or hard drives which are fragmented or nearly full will spend significantly longer running the patch routines each month. If that’s you, it may be time to upgrade.

On the whole, Microsoft does a pretty good job of rolling out quite complex updates to a whole raft of software to hundreds of millions of PC around the world. We should really be surprised that there are so few problems.

* * *
Informatino Commissioner gets tough
The Information Commissioner, Richard Thomas got tough this week, suggesting that a horrifying number of firms have breached data protection rules in the past year.

Clearly a great example of joined-up government thinking. Statutory instruments passed over the last few years have demanded that individuals hand over swathes more personal information to everyday businesses. Whether you believe it’s to prevent terror or simply to stop tax evasion, even getting a job through an employment agency means you’ll have to supply a copy of your passport.

The Information Commissioner’s office (a government department) may be horrified about businesses breaching the rules, but the reality is different. In my experience, businesses have always breached data protection rules. The rules themselves are pretty unapproachable, which is probably why the Information Commissioner reckons only 50% of Employment Agencies are even registered! (PDF report)

For those that do register, they are only putting their name on a list - there’s no instruction manual, no training course, no risk of an audit or assessment, no annual return, and no compliance report. You can download some self-help guides from the ICO website, but that’s hardly much use to the stressed-out small business owner.

Which brings me back to my point. It’s not that businesses are getting any worse at data protection – they were never very good at it in the first place. The problem is that the government has simply loaded small businesses with more onerous identification checks, making the data that small businesses do hold - but don’t tend to hold onto very well by all accounts - even more important.

Tags:

Replies (0)

Please login or register to join the discussion.

There are currently no replies, be the first to post a reply.