For IT pros, rounding up and installing software patches can be a full-time job. Microsoft alone sometimes issues five patches in a week, which means hackers have found five opportunities per week to do dirty work.
Manually looking for software bugs and correcting them is tedious work. IT pros must monitor online newsgroups and news sites and then find and implement the patches. Companies worldwide spend about $2 billion manually stamping out software bugs, according to Aberdeen Group of Boston.
If they haven't already, IT pros might consider adding to their toolboxes a patch management application that automatically delivers the latest patches and lets administrators decide when and whether to implement them. Vendors that develop such products include Opsware (formerly LoudCloud), Sunnyvale, Calif.; Ponte Communications, Mountain View, Calif.; St. Bernard Software, San Diego; Shavlik Technologies, St. Paul, Minn.; and PatchLink, Scottsdale, Ariz.
"The few companies that do assist IS [departments] in wading through the flood of patches provide a life-saving service for the few fortunate customers," Eric Hemmendinger, research director for security and privacy for Aberdeen Group, said in a June report.
The number of patches released by vendors is increasing for three main reasons, according to Aberdeen Group: vendors are releasing new versions of software faster than ever before and devoting less time to testing their products; more complex software
IT pros recently have received a wake-up call, said Sean Moshir, CEO of PatchLink, which this month released PatchLink 4.0. They now know that anti-virus software can't stop tech worms.
"Code Red and Nimda caught so many IT administrators with their pants down, that they have to do something," said Chris Andrew, PatchLink's vice president of product management.
The patch management software market is similar to the anti-virus software market eight years ago, Moshir said. Back then early adopters purchased anti-virus software, but now every IT department deploys the software. With hacker creations like Nimba widespread and so damaging, patch management software is on its way to securing a spot in IT pros' toolboxes alongside anti-virus software.
Since the Code Red outbreaks, an increasing number of government agencies have inquired about PatchLink software, he said.
"Until vendors invent bug-free software, we'll be in business," Moshir said. "If IT departments don't have a tool, there's no way to detect this stuff."
FOR MORE INFORMATION