Latest (all topics)
Top stories
Hardware
All-in-One printer
Apple Mac
Audio
Backup
Book
Broadband
Camcorder
CD drive
Desktop PC
Digital camera
DVD drive
Gaming
Graphics card
Hard disk
Input device
Laptop
LCD
Mobile phone
Modem
Monitor
Motherboard
Multimedia
Networking
PDA
Printer
Processor
Projector
Scanner
Server
Tuning
UPS
Video
Web camera
Whiteboard
Miscellaneous
Software
Apple Mac
Audio
Backup
Business
Developer
Educational
Game
Graphics
Internet
Linux
Networking
Operating System
PDA
Security
Server
Utilities
Miscellaneous
 
Applying Third-Party Patches Are Likely To Violate Licence Agreements, Warns Internet Security Systems

Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX), the worldwide leader in pre-emptive, enterprise security, today issued a warning to businesses that using third-party patches could violate the licence agreements for software installed on their mission-critical systems.

Zero-day vulnerability disclosures, such as the recent Internet Explorer ’CreateTextRange‘ vulnerability, are a huge concern for enterprises because they remain unpatched for a considerable time, thereby giving attackers a window of opportunity to exploit vulnerable systems. This fear has given rise to the release of so­called ’unofficial security patches‘.

“Enterprises can feel pressured into believing that on the balance of risks, applying an unofficial patch is safer than remaining exposed to attack”, said James Rendell, Senior Technology Specialist at Internet Security Systems.

However, applying unofficial patches will likely violate the licence agreements for the software it is applied to, which in turn will render that software unsupported by the vendor.

“The reason why a vendor like Microsoft takes some time to release a hotfix is because they have to ensure quality and system integrity across multiple combinations of Windows service packs, international editions and supported hardware platforms. The unofficial patches being developed by these third-party organisations are opportunistic PR efforts rather than serious security fixes,” said Gunter Ollmann, director of ISS’ X-Force.

Internet Security Systems’ Virtual Patch technology avoids the risks of unofficial patches by shielding unpatched systems from vulnerabilities without the need to violate licence agreements or void future vendor support by making unapproved modifications to core system software. The Virtual Patch also provides protection until the official vendor patch can be applied, negating emergency patch nightmares.

Virtual Patch technology safely blocks attacks that attempt to exploit zero-day vulnerabilities at the network layer, but without the risks associated with the installation of unofficial patches.

About Internet Security Systems, Inc.
Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the world’s leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, ISS’ integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force® research and development team – the unequivocal world authority in vulnerability and threat research. ISS’ product line is also complemented by comprehensive Managed Security Services. For more information, visit the Internet Security Systems website at http://www.iss.net/uk or call ჸ(0)1753 845 100.

###

Internet Security Systems and Virtual Patch are trademarks and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.




BIOS, Apr 20, 06 | Print | Send | Comments (0) | Posted In Security
Related Articles

Defending In Depth
Cyber Security & Other Games
Second Life, Second Identity?
Don't Choke In The Name Of Security
A Baker's Dozen Of Security Bytes
Patching Up Security
Webroot Software Spy Sweeper 5.3
PC Tools Spyware Doctor 4.0
How Cybercrime Operations Work
ZoneLabs ZoneAlarm Internet Security Suite 7

More...
   
     
© 2007 Black Letter Publishing Ltd. - Disclaimer - Terms - About - Contact - Advertise - Newsletter

Hosted By Gradwell - Powered By Eclipse Internet - Sponsored By Ipswitch & Microboards DVD Duplicators