(Page 2 of 2)
"Take older versions of Adobe's software, which don't have an update component," Kandek says. "Users on these will just stay at whatever version they're using, and never update." Alan Paller, director of research for the Bethesda, MD-based SANS Institute, a computer security training group, says Microsoft considered pitching its Windows Update service to third-party software vendors as an update conduit many years ago, but ultimately abandoned the idea because of legal liability concerns.
Secunia's Kristensen says his company's tool will avoid any liability issues by downloading patches in exactly the same way for each application as a regular user would. Still, he says, not all software vendors are likely to make it easy.
"The liability issues arise if we were to start modifying the patches or putting them in our own repository of updates," Kristensen says. "One thing we can guarantee is that it won't work for 100 percent of software. We'd love it to do that, but that would require 100 percent cooperation from a lot of vendors who don't have a good history of this."
According to Paller, Secunia's chief challenge is appealing to users who don't know enough about security to know they need to deploy third-party updates. "That's why I think that a service like this--if it is going to have a decent impact--needs to be offered through the [Internet service providers]," he says. "My goal would be to say if you're going to be an ISP, you need to provide a service like this."
Secunia's patch tool likely will need some serious testing before it can be deployed on such a broad scale. Secunia has already adapted the corporate version of PSI to deploy third-party updates, but doing the same for consumer computers would be a far greater challenge, particularly in making the software work on all of the various foreign language implementations of these third-party products.
"The goal is to make this scalable and legal, and to do that we will need to--at least at first--prioritize the products we patch based on those that are most widely installed, because there is no way we will be able to do 13,000 applications at once," Kristensen says.
Secunia is aiming to have a preview version available in April for expert PC users, and a beta version for more public consumption a few months after that.
KarDo learns how to perform common IT support tests by observing what the experts do.
Security technologies make compromising computers hard, but not hard enough.
Ksplice uses new technology to build security updates for Linux that can be installed without restarting.
The notion that all computer users are essentially idiots and so circumstances require automation of malware patch installations or malware-blocking program updates to fight the onslaught of nefarious botnets or other malicious actions is just wrong, plain and simple -- whether legal under current EULAs is for some court to decide.
I won't allow ANY part of the OS or applications on any of my computers to perform automated update/patch installations, though I do enable most which have the ability to check for updates to do so (not Java or Acrobat, though because of their cumbersome and intrusive approaches -- Sun/Oracle and Adobe, are you listening?) so long as I am notified and given the option to choose whether and when to download and install said patch/update.
This is partly a holdover from having been limited to VERY slow dial-up Internet service until the past year or so due to lack of wired or wireless broadband access at my rural location, but also partly due to personal preferences -- I want the final say in what gets installed on my machine(s) and when that occurs. There's a classic 'slippery slope' from having anti-malware patches automatically installed without users' knowledge (in order to achieve greater and more rapid systemic protection from thieves and others with nefarious intent, a "good" objective) to having whatever else a vendor might wish to push onto users' computers that could unintentionally compromise functional utility or general capability on individual machines. (Let's not even contemplate what horrific "trial" options a vendor's marketing department might want to push out after the precedent is established....)
Fully automated patching without user interaction or awareness is just a bad idea -- the fact that the current MS Patch Tuesday updates resets Windows Updates to the default ("automatically download and install") without notification was an unpleasant and really irritating surprise that ought to generate serious and widespread condemnation, but probably won't.
I strongly prefer the approach which Secunia has taken with their online or resident scanners (which I use and strongly endorse), namely 1) alert me to the issue ASAP and give me the information on an available patch, but 2) allow me the choice on whether and when to resolve the issue(s).
I find your reply very refreshing because today many people want things done but don't want to deal with it. (That includes my family & friends too, LOL!) I am expected to repair, update, advise, and beautify a system that is 20 years old and looks like crap. Then they bad rap me when it won't run the way they want it too and tell me I don't know what I am doing. I have degree's in this art and pain. People have become complacent, they want it fast,now and for nothing!
I try to get my family to learn with simple little gestures of random thought. It is an absolute necessity that if we are going to have a computer that we take a few semesters at least at a community college to familiarize ourselves with the machine that will be helping us accomplish some of our tasks. We have come a long way since the Dead old System. Secunia, Open Office.Org, AVG are tools to do just that...help us accomplish these things. The Web Browsers have become quite a problem lately, and the more reason to have These smart and accomplished people assisting us with their brilliant Ideas. I couldn't do it all on my own, but it is going to take some work on my part to make educated decisions what to install and not install, it would be a totally chaotic www without it. I am so thankful and honored for the one's especially that do the open source coding, i.e Mozilla, Source forge and Secunia just to name a few. You all deserve so much for what you do. So in closing I would like to say to those that don't know your computers that well to fix the least little problem, get off your lazy arse and take a couple of courses. Nothing in life is free, hell even try the library if you don't want to pay, they have what's called books their.
Thank You for listening to me ramble.
Interesting capabilities. In the Tech Support mode where the PCs belong to a corporation I'd want to be able to isolate a few machines to "never" be updated. That way they could continue to run legacy software the company needs but which cannot be updated for legal or other reasons--such as publisher folding up business. Other PCs I'd want to automatically update with no user intervention or knowledge. I wonder if specific applications can be exempted from updates while others are automatically updated, on the same PC?
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
zephilix
1 Comment
there is already a similar software,360 safe. Seach updates for installed software is one of its function. What do you think of this software. p.s.,it is a chinese software.
Reply