Applying Third-Party Patches Are Likely To Violate Licence Agreements, Warns Internet Security Systems |
|
Internet Security Systems, Inc. (ISS) (NASDAQ: ISSX), the worldwide leader in pre-emptive, enterprise security, today issued a warning to businesses that using third-party patches could violate the licence agreements for software installed on their mission-critical systems.
Zero-day vulnerability disclosures, such as the recent Internet Explorer CreateTextRange vulnerability, are a huge concern for enterprises because they remain unpatched for a considerable time, thereby giving attackers a window of opportunity to exploit vulnerable systems. This fear has given rise to the release of socalled unofficial security patches.
Enterprises can feel pressured into believing that on the balance of risks, applying an unofficial patch is safer than remaining exposed to attack, said James Rendell, Senior Technology Specialist at Internet Security Systems.
However, applying unofficial patches will likely violate the licence agreements for the software it is applied to, which in turn will render that software unsupported by the vendor.
The reason why a vendor like Microsoft takes some time to release a hotfix is because they have to ensure quality and system integrity across multiple combinations of Windows service packs, international editions and supported hardware platforms. The unofficial patches being developed by these third-party organisations are opportunistic PR efforts rather than serious security fixes, said Gunter Ollmann, director of ISS X-Force.
Internet Security Systems Virtual Patch technology avoids the risks of unofficial patches by shielding unpatched systems from vulnerabilities without the need to violate licence agreements or void future vendor support by making unapproved modifications to core system software. The Virtual Patch also provides protection until the official vendor patch can be applied, negating emergency patch nightmares.
Virtual Patch technology safely blocks attacks that attempt to exploit zero-day vulnerabilities at the network layer, but without the risks associated with the installation of unofficial patches.
About Internet Security Systems, Inc.
Internet Security Systems, Inc. (ISS) is the trusted security advisor to thousands of the worlds leading businesses and governments, providing pre-emptive protection for networks, desktops and servers. An established leader in security since 1994, ISS integrated security platform automatically protects against both known and unknown threats, keeping networks up and running and shielding customers from online attacks before they impact business assets. ISS products and services are based on the proactive security intelligence of its X-Force® research and development team the unequivocal world authority in vulnerability and threat research. ISS product line is also complemented by comprehensive Managed Security Services. For more information, visit the Internet Security Systems website at http://www.iss.net/uk or call ჸ(0)1753 845 100.
###
Internet Security Systems and Virtual Patch are trademarks and X-Force and Proventia are registered trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners.
BIOS, Apr 20, 06 | Print | Send | Comments (0) | Posted In Security
Related Articles
Defending In Depth
Cyber Security & Other Games
Second Life, Second Identity?
Don't Choke In The Name Of Security
A Baker's Dozen Of Security Bytes
Patching Up Security
Webroot Software Spy Sweeper 5.3
PC Tools Spyware Doctor 4.0
How Cybercrime Operations Work
ZoneLabs ZoneAlarm Internet Security Suite 7
More...
|