Automatic Updates: Set It And Forget It … I Don't Think So

By Ian Trump, Security Lead, MAXfocus

It’s true that Microsoft and other vendors have built automatic updating capability into their systems. Microsoft Office and some of the more common third-party applications, such as Adobe Flash, Adobe Reader, and others, have this functionality too. As a result, many organizations have used a combination of Group Policy Objects, the free Windows Update Services, and adjusting the corporate image of some products to do automatic updates. Sadly, these organizations are under the mistaken impression that they are managing their IT. However, those IT pros who have tried to adopt this kind of “set it and forget it” approach are setting themselves up for a number of nasty shocks, and could even end up getting fired

There are a lot of terrible things about auto-updating in the real world. For example, it’s highly possible, and indeed probable, that a Java update could render critical business websites or applications unavailable to a large number of users. This generates a tremendous amount of stress and pressure on IT teams to restore services. This is just one powerful reason why patches should be tested before mass deployment. If you’re not pretesting your patches, then you are putting your business and your career at risk. If you’re set to “auto,” every day a vendor pushes out a new patch could be your last.

Please log in or register below to read the full article.