Don't trust the patches



To survive the next Slammer-like virus attack, updating applications and operating systems with every patch that Microsoft releases is the worst thing any one can do, say security experts and industry analysts, according to a ZDNet UK article.

Pierre Noel, security strategist at security company TruSecure International, says that if customers followed Microsoft's patching instructions earlier this year, they were left vulnerable to the Slammer virus.

"Microsoft released a number of patches for its SQL server over a period of 12 months. The first few had protection against the vulnerability, but the last patch - which was one month before Slammer was released - was intended to fix another problem, but it reopened SQL server vulnerability," says Noel.

If they had only installed the service packs - that had been through a rigorous internal testing procedure - and ignored the various individual patches and hot fixes, they would have been safe.

Microsoft has admitted there is "an issue" with its patching system and is going to resolve the problems by combining all its patching mechanisms together.