Safe Computing 301 – Windows Service Packs
Some of you may recollect reading earlier blogs entitled "Safe Computing 101", and "Safe Computing 201", in which I discussed some ways in which viruses and malware can infect weakly protected systems.
Not having procedures in place for downloading and/or installing Windows Security Service Packs in a timely manner, could easily be leaving you with a ticking time-bomb just waiting to go off. This week Microsoft announced that they will be releasing a total of 21 critical operating system and application software corrections next week.
Based on my direct experience, here is some of the reasoning often used for NOT doing this:
-
We can’t afford to have any downtime – All computer systems require some down-time, regardless of the industry. If you are a retailer, and Offline Ticket Entry is installed and configured properly, your server can be restarted or shutdown as needed, without loss of sales revenue.
-
We’ve never been infected before – Without the protection that these service packs provide, you have an accident waiting to happen. It’s only a matter of time until something happens, and when it does, it could become an enormously expensive lesson. We recently ran into a customer who was missing over 200 Windows Security Service Packs. The had turned off the update and update notification features.
-
My staff doesn’t surf the web or visit problem sites – Because of the sophistication of recent Viruses and Malware, in many instances, all that you have to do is visit any web site that is compromised in order to become infected.
-
The main server is all that I’m concerned about, we don’t have to worry about the PC’s or Registers – Viruses and Malware can also get onto your system from various physical sources such as CD’s, DVD’s, USB Thumb Drives, IPods, etc.
-
If anything bad happens, I’ll just restore from a back-up – Assuming that you have a complete media back-up, is it verified? I have run into numerous examples over the years were no one has been monitoring backups. Not all of the files may be getting backed-up, and/or the media may be failing. Restoring from your backup will also require downtime. The protected data is only as good as the last good backup.
If you would like to insure that your system is properly protected, is getting updated properly, and that your backups are verifying, or if you need Offline Ticket Entry configured, please contact the CCS Retail Systems Support Department to schedule a security review of your systems.