By: Andy the Angry IT Guy
Editor’s note: This is the sixth installment in our ongoing series featuring “Andy,” an anonymous IT administrator at a small- to mid-sized organization located somewhere in the American Midwest. When we last left Andy, he was espousing the benefits of automated patch upgrades while trying to contain his excitement about the release of Diablo III.
Today, Andy continues on the topic of patch management and debunks a commonly held myth that only Microsoft applications should be regularly patched.
Like many of you, I’ve been watching Game of Thrones, HBO’s hit new series that’s capitalizing on a series of fantasy novels that had previously been written off as “uncool” by the majority of readers (and yes, I’ve been religiously following A Song of Fire and Ice since it first came out in 1996. What else was I supposed to do between episodes of the X-Files?).
One of my favorite plot lines in Game of Thrones is that of the Night’s Watch – an ancient military order that guards the Seven Kingdoms from the great unknown that lurks in the wild beyond the wall that surrounds their domain. I’ve increasingly come to believe that the Night’s Watch is a thinly-veiled allegory for IT professionals. Think about the parallels:
- Both groups protect a wider, largely oblivious population from unknown evils that lurk just beyond the wall (or, in the case of IT, a firewall);
- Both groups perform arduous tasks that go beyond the grasp of most people’s basic comprehension. And they do so at the expense of meeting/socializing with members of the opposite sex;
- While both groups perform selfless tasks in the name of protecting their peers, their exploits will largely go unrecognized and uncompensated.
The last point is particularly prescient when describing the primary responsibilities of an IT administrator, especially at a smaller organization that lacks the deep resources of a Fortune 500-type company. Your job is to make sure that things work and promptly fix them when they don’t. Most of the time, no news is good news and you’ll only hear from people when something is wrong.
After nearly a decade in IT, I can safely say that the single biggest thing you can do to control your own destiny in this area is ensuring that you stay on top of all patch updates. Yes, I mean ALL patch updates – not just the Microsoft ones. Malware has evolved beyond its early, Microsoft-hating days and will now target nearly any vulnerability on almost any application.
To that end, the only way to stay ahead of the curve – and remain gainfully employed as an IT administrator – is ensuring you’re up to date on all major updates. To expand on that point, here are a few handy tips I’ve picked up on over the years:
No Browser is Safe From Malware
Not only that, but the much-maligned Internet Explorer isn’t even the most vulnerable. According to the National Vulnerability Database, Safari (81), Chrome (61), and Firefox (44) all had more vulnerabilities than IE (34) in Q1 and Q2 2010[MC1] . Web browers are the most commonly targeted applications, so it’s critical to stay as up-to-date as possible with patches.
Third-Party Applications – Not the OS – Are the Biggest Security Risks Today
While common knowledge holds that the operating system (and Microsoft) are the biggest vulnerabilities in your IT infrastructure, it’s simply not the case. In recent years, third-party apps have emerged as the single greatest threat – that includes those from Adobe, Apple, Java, Mozilla, and Oracle, among others.
Automation Increases Accountability
While some people claim it’s the lazy admin that automates as many tasks as possible, I say it’s the smart, efficient one that does so. I invite anybody that thinks IT admins are lazy to spend a day in my shoes – you try dealing with a never-ending stream of angry help tickets while simultaneously keeping IT operations up and running. If you can automate any portions of the patch management process, I strongly recommend doing so; it’s the single best way to ensure that all machines in your network are up-to-date and not vulnerable to malicious software.
I’ve said it before and I’ll say it again: IT is a thankless job, and there’s always going to be someone looking to blame you for even the slightest misstep. Like the brave men of the Night’s Watch, we have to stay constantly alert and a step ahead of our enemies to ensure the continued welfare of our organization.
If you’re interested in diving into this topic a bit deeper, take a look at The Importance of Patching Non-Microsoft Applications, a technical white paper from VMware.