- security News Forums
- > Companies have wrong priorities for secu...
- > Not as much a priority issue as a control issue
Not as much a priority issue as a control issue 16 September 2009 18:29
This isn't really a prioity issue as a control issue... companies
(most... am sure some admin will pipe in that they do... more power
to them) have no control over what the end user has on their desktop
and as such there should be no realistic expectation that they would
be able to keep every application at the correct patch level... it
just cannot be done.
This is where discussions that were raised here (OS needs to do the
work) or tools (Secunia) need to step up and be what the business
needs. The OS is the most logical place for this... but for
Microsoft that introduces a conflict in interest. The solution is
already in there if Microsoft would just enforce it.
Make it so that all installed applications have to register with the
OS. Most of them do already and populate the registry with
everything down to the hat size for the lead developer. Add keys for
update timing (check daily, check weekly, etc), update location and
other controls... then the OS can spend the time ensuring that
everything that sits on top of it and is used by the user is up to
date. Yes... this requires the vendors to make changes to how they
do things... but in the end it benefits them more... if people know
that they can be kept safe without having to be Security Engineers...
they are more likely to use the tools...
- Threaded View
- Flat View
