I just read this interview by ComputerWorld with Bret Arsenault, Microsoft Corp.’s chief security advisor. Though I have had some complaints about Microsoft’s release timings in the past, I think I agree for the most part with their current system. Sometimes a month is a long time to wait, but as long as the threat is low, I can wait.
I won’t use third-party patches. I just think they are too risky, and I don’t want to have to clean up something later, so if the threat potential is not too big, I will wait. I want the patch to be quality, and Microsoft has done a great job for a while now with the quality of thier patches.
I don’t agree with his idea that people will be protected if they just keep their AV signatures updated. Those protections won’t guard against a zero-day attack, which (as far as I am concerned) is upon us.
Of course, a quicker patch won’t protect us against that either. So I do agree that a defense-in-depth strategy is the best way. If you have a good IPS and AV, they should both come out with signatures fairly quickly. If you segment well, then you can stop the spread of this type of attack. If you, if you, if you… kind of endless, but it is still the best way to protect your organization.
Vet
