Microsoft generates an awful lot of patches. It's hard to keep up with them all and, consequently, a very high proportion of Windows systems are not fully up to date. Systems that are not updated are vulnerable to all sorts of attack and now Microsoft is encouraging us to do something about the situation.
Microsoft has taken a mountain of criticism over the years; much of it directed at its apparent security vulnerabilities. Last year, the company made a major decision and suspended a lot of its activity in favour of bug bashing and security tightening. The result has been a steady flow of patches and Windows updates. The problem it now faces is getting IT departments to implement them.
Last week's launch of SMS 2003 came with a call to action designed to make companies aware that they need to get protect themselves better by ensuring that their Windows systems are carrying the latest patches. It helps, of course, that the latest version of SMS comes with the technology required to handle this effort in the most efficient manner. In fact, Microsoft's favoured demonstration of SMS 2003 is to show users just how easy it is to scan systems, identify missing patches and then manage the download and installation.
Microsoft is, of course, correct. Whilst the need for patches is a problem entirely of its own making, companies really do need to have a mechanism in place for maintaining the patch level on Windows systems. For large numbers of PCs, this is not a task to be carried out manually and it is not something that users can do reliably for themselves.
To make it happen, a software product that has strong inventory control and software distribution is necessary. Usually, this means using one of the established LAN management facilities. The obvious places to look would include Novell, LANdesk and, naturally, Microsoft. Microsoft has the advantage of being able to link easily into its own update web sites to create an end-to-end mechanism. By clearly demonstrating its solution, Microsoft is probably ahead of the others in dealing with this problem.
However, being able to demonstrate a solution is not necessarily going to be enough; hence the call to action. Microsoft knows it has to win the hearts and minds of IT managers who, thus far, have seemed relatively unconcerned by patch levels. Perhaps this is because the lifetime of a PC is seen to be too short to merit the effort or, more likely, that few have actually experienced problems as a result of not maintaining operating system updates.
Microsoft is making the process more automated, more efficient and there are some elements (Software Update Service 1.0) that are free of charge. If you believe there is sufficient risk to make you run anti-virus software on your desktops then you also need to address the patch issue.
