Patched and secure?

June 12, 2002 Sophos Press Release

Most businesses today recognise that good, up-to-date anti-virus software is an essential part of the defence against malware threats. However, it is not the complete solution.

Sophos recommends that customers monitor announcements from operating system, application and web server software vendors for details of new vulnerabilities found in their code. Many viruses (Kakworm, Nimda and Klez-H are just three of numerous examples) have exploited loopholes in commonly used web browsers and email software to increase their chances of spreading effectively.

Astonishingly even when security vulnerabilities are discovered, patched and publicised before they are exploited many people will not bother to apply the fix.

Loopholes are found in products on a weekly basis, some significant, some trivial. IT managers should keep abreast of these loopholes and apply patches where appropriate before new viruses come along to exploit them. Every IT manager responsible for security should consider subscribing to vulnerability mailing lists such as that operated by Microsoft at http://www.microsoft.com/technet/security/bulletin/notify.asp. Other vendors offer similar services.