Friday, June 15, 2007

Patching vs. protection

I recently received a secondhand account of a system administrator's argument against patching Office. Though not a direct quote, the sentiment was essentially this: "Shouldn't our antivirus protect us from having to patch?"

I have a little security angel on my shoulder who cringes when he hears things like this; but I've also got a devil, who asks "well...isn't it true?"

The answer, of course, is an emphatic NO. Antivirus software is able to protect against specific known threats and suspicious behavior, but the important thing it DOESN'T do is close your security holes. Antivirus addresses attacks -- patching addresses vulnerabilities. In a perfect world, we do both; certainly attempting to substitute one for the other is a terrible mistake.

No comments: