If you can’t keep Windows machines safe from Conficker/Neeris, please disconnect now.
Twelve Word Tuesday: Conficker and Neeris Expose Lack of Due Diligence
May 26th, 2009 · 2 Comments
Tags: Uncategorized
-
Who's Blogging (most recent blogs first)
- Wes Rishel
- Thomas Otter
- Andrew Frank
- Andrea DiMaio
- Nick Jones
- Kristin Moyer
- Michael Maoz
- John Pescatore
- Mark McDonald
- Adam Hils
- Jim Holincheck
- Jim Sinur
- David M Smith
- Carol Rozwell
- Debbie Wilson
- Andrew White
- Allen Weiner
- Earl Perkins
- Daryl Plummer
- Ray Valdes
- Jim Lundy
- Greg Young
- Donna Fitzgerald
- Tole Hart
- Anthony Bradley
- David McCoy
- Jeffrey Mann
- Brian Prentice
- Robert DeSisto
- Lydia Leong
- Michael Blechar
- Tom Austin
- Roberta Witty
- Mike McGuire
- Mark Driver
- Thomas Bittman
- Mark Raskino
- Brian Gammage
- Neil MacDonald
- French Caldwell
- Scott Nelson
- Cameron Haight
- Phillip Redman
- Richard Fouts
- Anne Lapkin
- Frank Kenney
- Dan Sholler
- Val Sribar
- Eric Knipp
- Frank Ridder
- Jeff Roster
- Benoit Lheureux
- Michael Hanford
- David Cappuccio
- David Norton
- Kathy Harris
- Gene Alvarez
- Nick Gall
- Bruce Robertson
- Van Baker
- Toby Bell
- Martin Reynolds
- Business Continuity
- Whit Andrews
- Eric Goodness
- Donald Feinberg
- Debra Logan
- Dwight Klappich
- Brian Burke
- David Cearley
- Gene Phifer
- Steve Prentice
- Andreas Bitterer
- Tom Murphy
- Nikos Drakos
-
Recent Posts
- Friday Filler: If The Sun Rose in the East, You Had a Cyber-Attack Today
- Is Apple an “Enterprise-class Vendor” From a Security Perspective? Nah
- Wednesday Whimsy: Invest in Prevention, or Legislate Away Threats?
- Twelve Word Tuesday: Only 50 Days Until All Those Christmas Presents Show Up On Your Network
- Friday Follies: A Busy Week for Hacking of Consumer-Grade Social Networks
Categories
Tags
Archives
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.
© 2009 Gartner, Inc and/or its affiliates. All rights reserved.
2 responses so far ↓
1 Rob Lewis // May 26, 2009 at 7:55 pm
Is this blaming the victim?
Perhaps malware exposes real consumer expectations; purchasers may not realize that there is much work and expense to provide due diligence on their windows systems. Others may refuse and some folks are just unable to do so.
Would the outcome be different if there was a warning label on the box that said that approximately n% of the rest of your life will be occupied protecting this system, after one installs it and as long as it in use?
2 John Pescatore // May 27, 2009 at 7:30 am
Even in the consumer market, I think we are long beyond the point where anyone using a Windows PC doesn’t know *before* they buy it that they need to turn AutoUpdate on and have patches pulled down automatically.
In the enterprise area, we are long beyond being long beyond on patching as just part of the cost of ownership of a Windows PC or server – about 8 years beyond that. Even for OSs that haven’t been attacked as much or had as many vulnerabilities – really not news that you have to patch or you have problems.
Just as when you buy a car you know you have to change the oil every 3,000 miles – when you buy a computer you know you have to patch it once a month. Change your home air filters; rotate your tires; brush your teeth – all of these are just accepted normal costs of doing business, same with patching.
On PCs it isn’t even hard. On servers, it takes more work – shielding approaches may be sufficient for many, just as I can decide to change my oil every 10,000 miles and take my chances.
Leave a Comment