拨P-A-I-N打补丁

补丁是大多数[url= http://thinkingproblemmanagement.blogspot.com/2008/01/administration - checklist-forsecurity.html]安全检查列表中的一个条目，而且可能会非常麻烦。去年微软发布了一个补丁，说如果你的电脑里有Realtek设备，你必须加载一个特殊的单独的补丁，否则在打完补丁后设备就会停止运行。备注上说这只适用于Realtek设备。相当多的pc拥有用于在pc上提供声音的Realtek设备。现在在现代商业中，声音已经成为商业的关键。举个例子，有些人在他们的个人电脑上查看和收听商业电视以获取交易信息，语音邮件作为邮件附件从电子邮件客户端被收听，甚至录音的语音对话在个人电脑上被回放。我们不可能因为补丁而禁用所有这些声音设备。我们曾考虑过在所有的电脑上发布这个特殊的补丁，但是带有这个特殊补丁的说明警告说，如果你没有需要纠正的特定问题，那么部署这个补丁不是一个好主意。合法的笔记使它听起来，如果这个特殊的补丁部署在任何以外的Realtek设备，然后有一个可能的PC将爆炸!好的，所以我们检查了库存系统，在样品组测试后，针对所有使用Realtek设备的pc进行了特殊补丁。 The test group approved the main patch and the patch was deployed overnight. The next morning, I was told that the telephone lines were down, by the service desk as I walked in. Seeing a large number of people using their phones, I asked for greater clarification as it was not possible if people were still using their phones. A quick check determined that direct inward dial was working and so was outward calling. The switchboard consoles were not receiving any calls and the main switchboard hunt group was not being answered. So I hoofed off to eyeball the switchboard consoles. The consoles are PC based with proprietary boards that connect to the PBX. There are six consoles and the people manning the consoles confirmed that they were inoperable. One of them told me that when she switched on her PC that morning there was an error message. She rebooted her PC and I immediately recognized the error message from the special patch notes. Were the switchboard console PCs using Realtek devices and had we missed them? No, a check of device manager showed that the proprietary console board was a Siemens device. Whatever, I decided to deploy the special patch as I had my suspicions and after a reboot the switchboard console was operational. The switchboard operators had to start dealing with highly irate customers, who asked why they weren't answering their phones. As a result of the incident, we have included one of the switchboard consoles in the patching test group but my underlying concern is that patching has resulted in a large number of major incidents, disproportionate to the vulnerabilities that the process mitigates. My opinion is that a monthly patching regime should be extended to a quarterly regime and that the security agents on the PCs (like antivirus and antispyware) should be mitigations to prevent a known vulnerability exploitation. The longer testing cycle would provide better testing and less major incidents. What are your opinions around the problems of patching?