Re: Large ISP response to Code Red?

From: Rob McCauley (robmccau@RadOnc.Duke.EDU)
Date: 07/31/01


Date: Tue, 31 Jul 2001 10:23:11 -0400 (EDT)
From: Rob McCauley <robmccau@RadOnc.Duke.EDU>
To: incidents@securityfocus.com
Subject: Re: Large ISP response to Code Red?
Message-ID: <Pine.GS4.4.21.0107311008170.10094-100000@roentgen>


On Mon, 30 Jul 2001, Seth Arnold wrote:

> [1] they put an awful lot of effort into copyprotection .. how about
> 'forced upgrade protection', that disables internet connections when
> computers are unpatched for 14 days after release of a patch? Or how
> about machines that automatically apply patches? Or email administrators
> every time a patch is released?

You presume the cure (patch) is better than the disease, which isn't
always the case. I suspect many of us have been in a position where we
have software with a defect (not necessarily security related) and a patch
that fixes the defect, but breaks something else much more
important. Forced upgrades could require you to break your system to fix
a problem which doesn't really impact you. I'd also be wary of trusting
any vendor who couldn't get the original software right to create
software that could terminate my employer's internet connectivity if
they're not satisfied the system is patched correctly.

Perhaps that should be a general principle. Don't buy or support
any software which considers a denial of service a "feature". :)

Incidentally, I have done most of the self-patching system. I stop short
of letting it apply the patches for exactly the reasons above. Instead, I
have it email me what it thinks should be applied and yes, it is sometimes
wrong.

Rob

-- 
------------------------------------------------------------------------------
Rob McCauley
Radiation Oncology
Duke University Medical Center

---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com