"There will be no more updates for Firefox 3.0.x," Mozilla, the last update will be Firefox 3.0.19, due March 30 http://bit.ly/aiouLB
17 minutes ago by abhishekkatiyar on topsy
We have relaunched: What's new at ZDNet Asia?
ZDNet / News / Security / Story
Dealing with a bad patch in Asia
Summary
update Microsoft's flawed patch serves as a timely reminder that it is important to test a patch before deployment, even as the software vendor admits it has more to learn about how it deals with patches.
Events
The 2nd InfoSecurity Summit HK 2010
17 Mar 2010
Hong Kong Convention and Exhibition Centre, Hong Kong
IT Architect Regional Conference Singapore 2010
20 - 21 Apr 2010
Singapore Management University, Singapore
The Internet Show 2010
21-22 Apr 2010
Suntec Singapore
update Microsoft's flawed patch last week serves as a timely reminder that it is just as important to test a patch before deployment, as it is to apply one quickly. The software vendor also acknowledges that improving the reliability of patches is still "a continuous learning process" for the company.
Security experts in Asia have expressed little surprise over the software vendor's patch blunder, which caused users to get locked out of their PC, and prevented Microsoft's own Windows Firewall from launching.
"The problem arising from (the flawed patch) showed that there are more that we should, and can do, in (the way Microsoft handles patches)."
--Kang Meng Chow
Asia-Pacific chief security advisor, Microsoft
Asia-Pacific chief security advisor, Microsoft
Said Neal Gemassmer, PatchLink's vice president for Asia: "With the overall complexity involved in trying to provide security patches on an ongoing basis, there are bound to be mistakes and faults to be found."
Ken Low, a senior manager for security at networking equipment maker 3Com, recalled that Microsoft had postponed its regular monthly patch update last month due to quality problems. "So I wasn't surprised that there were problems (with this month's update)," he said.
Low reckoned a significant number of Windows business users in the Asia-Pacific region would have been affected, and added that the urgency with which Microsoft pushed the bulletin would have also escalated the problem.
"What's really serious about this is that, when Microsoft released the bulletin last Tuesday, they told everyone to install the patches as soon as possible or risk having the vulnerability being exploited by worm writers," he said.
"So a lot of (their) customers took the advice, rushed to install the patches…and would have ended up with this problem."
And instead of pushing the blame to users for fiddling with the system's default settings, Microsoft should have offered more information on how the patch could affect machines that are configured differently, Low said.
More importantly, he stressed, patches should work regardless of how organizations tweak their machines. "They could have provided more information on what configuration to avoid (before getting users to download the patch)," he said. "Even then, Microsoft shouldn't be dictating how customers configure their systems but to provide a patch that works for all systems. It shouldn't be an issue."
Continuous learning for Microsoft
Kang Meng Chow, Microsoft's Asia-Pacific chief security advisor, acknowledged that the problems arising from the MS05-051 patch, showed that "there are more that we should, and can do" in the way the company handles security patches.
He added that improving the reliability of patches and a user's experience with them is "a continuous learning process".
Kang stressed this incident is not a step back for Microsoft, but rather, a useful lesson on how it can make "further progress in this area".
He noted that, based on feedback from customers, the number of people impacted by the flawed patch is "very low" and the problem can be resolved by following the directions provided on Microsoft's Web site.
"It remains critical for customers to continue to apply this patch to keep their systems updated, while taking precautionary steps to prevent occurrence of the 'side effects' by ensuring appropriate security permission setting for the COM+ Catalog director and files," Kang said.
PatchLink's Gemassmer is also optimistic that the problem is contained in this region, simply because Asian enterprises have yet to understand the importance of deploying patches quickly.
"At this point, what you'll find is that 85 to 90 percent of companies have yet to apply
Related stories
Transform your business interactions with real-time voice, video and telepresence solutions.
Tech Vendor: Cisco
Tech Vendor: Cisco
ZDNet Asia Live
[TECH] URL Shorteners slow Web redirection. - http://bit.ly/bySnWK @zdnetasia
1 hour 3 minutes ago by danielcktan on twitter
URL shorteners are great but they can slow web redirection & you pray it would never go down http://bit.ly/bySnWK via @zdnetasia
1 hour 31 minutes ago by angahsin on twitter
Temasek Holdings eyeing tech stocks, indicating optimistic outlook on IT sector. http://bit.ly/aM7VwU
2 hours 7246 seconds ago by zdnetasia on twitterWeb redirection through universal resource locator (URL) shorteners is adding extra seconds to page load time http://bit.ly/czbZxe
2 hours 7249 seconds ago by abhishekkatiyar on topsyChinese agencies cry foul over Google. http://bit.ly/by6rwV
2 hours 7 minutes ago by zdnetasia on twitterThe Pirates of The Philippine Islands get slammed. http://bit.ly/a1NJlf
2 hours 28 minutes ago by larsjeppesen on topsyChina's enterprise software market is predicted to achieve a compound annual growth rate of 14.6% from 2008 to 2013 http://bit.ly/9rXQlL
2 hours 29 minutes ago by abhishekkatiyar on topsyall of sg's isps have been practising compulsory invisible proxy for all home subscribers at their backend since many years back alre...
5 hours 24 minutes ago by melvinchia on Web filters mean bad news for businessit is not to good for china.
Proactol
Salesforce.com is giving 5,000 developers access to its social networking and collaboration platform http://bit.ly/9dbNw5
8 hours 17 minutes ago by abhishekkatiyar on topsy
RT @zdnetasia: HP touts new products and management and productivity tools to address business computing pain points. http://bit.ly/dudgA6
8 hours 40 minutes ago by LiruChan on twitterFor those with a computer science background, or interested in the high performance computing scene: http://bit.ly/9vFC3i
9 hours 5 minutes ago by zdnetasia on twitterHP touts new products and management and productivity tools to address business computing pain points. http://bit.ly/dudgA6
9 hours 12 minutes ago by zdnetasia on twitter
** S'pore govt launches traffic Web app. http://www.zdnetasia.com/s-pore-...
10 hours 51 minutes ago by juiceliving on twitter
the new look site is very nice @zdnetasia @zdnetaustralia
14 hours 28 minutes ago by susan_m on twitter
Big up to my peeps at www.ZDNet.com.au (and www.ZDNetasia.com and www.ZDNet.com.uk). Loving the redesign!
14 hours 45 minutes ago by randolphramsay on twitter
McAfee steps up cloud assurance - Zd Net Asia.com
http://www.zdnetasia.com/mcafee-...
Interesting take on social analystics. http://www.zdnetasia.com/blogs/w...
1 day 10 minutes ago by zatso on twitterVery good explanation of JMX
1 day 14 minutes ago by Babith B on Managing applications with JMXThe reaction to a report issued Tuesday by Flurry Analytics managed to completely overlook some interesting news--the Android-based Motorola Droid outsold the original iPhone over the same period of time following their respective launches--to focus instead on the sales numbers for the Nexus One.
1 day 18 minutes ago by lonemavericks on diggsAnother ZTE story....
1 day 20 minutes ago by Moderate Your Greed on Philippines opens bid for final 3G licenseWe at www.fifosys.com have also seen a growth in IT outsourcing and anticipate it as a growing field.
1 day 53 minutes ago by sarah Jane on Companies' outsourcing spend to increaseI agree with you. The iSiVaL is super portable and TVs can't expand their image size. I recorded a video that might bring some ideas to...
1 day 24 minutes ago by Jesse B Andersen on Buying a projector? Try an LED TV insteadhermm... he deserved it.. he shud not talk abt sensitive things like tat, well, he shud think twice before saying all those things, event...
1 day 1 minute ago by ... on Facebook user charged in MalaysiaPassword manager tools are potential security threat. Criminals who hack into the computer can use the password manager to log onto any s...
2 days 2 minutes ago by ohanae on What defaults should random password generators use?I've found the cross platform utility unetbootin to be rather handy for this kind of thing as well.
2 days 36 minutes ago by Jim on Use Live USB Creator to install Fedora 12 from a USB stickThanks for the article. I think the debug command has an "\" after "C:" it should say w32tm /debug /enable /file:C:\l...
2 days 36 minutes ago by Roger Biefer on Manage time accuracy with W32Tmavailable in singapore now
http://www.portablemall.com.sg/goods-71-Microsoft+Zune+HD+32GB+-+Platinum.html
How about just using http://www.random.org/strings/? It is very configurable, satisfies all of the flexibility requirements you have ment...
2 days 18 minutes ago by Varun V Nair on What defaults should random password generators use?Wi-Fi as the "Rodney Dangerfield of wireless", is a catchy metaphor, but it's already been used. In fact, it was the title of a...
2 days 18 minutes ago by Martin Suter on Selina Lo: Wired up for Wi-Fi in AsiaDear Sir/Madam, I am Narasimha Rao.L. From bangalore India , i searching job in abroad , in electronics field, i have 6+ years exp....
3 days 20 minutes ago by Anonymous on Hot tech jobs in SingaporeGood article, computational aspect of acquired knowledge from the social platform is really questionable, given that there are a lot of p...
3 days 26 minutes ago by JN on What will social analytics say about your company?Keep up with ZDNet Asia
Linkedin 
RSS Feeds 
Newsletters 
Twitter Inside ZDNet Asia
Sponsored
The Desktop Virtualization Revolution is here!
Find our more with Citrix Simplicity is Power
2010 IT Salary & Skills Report
Find out the salary range of IT professionals. Join activeTechPros for free access to the report.
The Internet Show 2010, 21-22 Apr 2010, Singapore
FREE admission for visitors who pre-register online. Register Today!
