Quote:
Thermodyne said:
Quote:
Richard said:
Actually this worm hit a lot of large corporate sites, but they will never let you know due to the PR hit. Working where I do I know my workplace was hit, and since we deal with a lot of other large corporations, I know that they were hit. Luckily we stopped in the user lan before it got into real production.
|
I guess the question would be: Why were you hit?
WSUS is free, and it manages patches quite well.
|
Ask the security guys, I work on the application side not in the general IT side.
But to be honest it's more complex in a big IT shop because there are a ton of applications that have to be carefully tested before patches can be applied. The IT folks have Altiris to push down patches, so that isn't a problem, but you can't patch a machine that is running a lot of complex applications that can vary from in house to 3rd party without certification. This can take awhile, and when they have immediately patched in the past it's actually done more harm then just pushing the patches down immediately.
I am sure there are ways to speed the process up, but not that much.
The real solution is to stop putting mission critical applications on wintel, which is something we are slowly moving towards
.