Computerworld - The patch management process I talked about instituting two weeks ago ["WMF Vulnerability Sparks Patch Program," Jan. 23] got off to a good start, though things have slowed down.
Immediately after we pushed the patch for the Windows Metafile vulnerability to all desktops, our Systems Management Server reported 60% completion. But a workstation isn't considered patched until it's rebooted, and a lot of users are slow to do that. We've forced reboots in the past, but when users lost unsaved source code or other critical work, we got complaints that IT was affecting revenue generation.
Now, after two weeks, we're still at only 80% compliance; my goal is 97%. It creeps up one or two percentage points per day now, which is pitiful.
I've decided that we'll e-mail users who haven't rebooted their desktops and follow up with e-mails to their managers. At some point, I will order a forced reboot and take the heat for any repercussions. There's no reason why a user can't save his work and reboot.
More Frustration
Besides getting patch management off the ground, I'm still frustrated by the digital rights management project. DRM involves encrypting a document and wrapping it in technology that controls access per an established policy.
Access to a particular document can be limited to a certain group of users, and what various users can do with the document can also be restricted so that some, for example, can only read it, not edit it.
I wanted to apply DRM protection to both Microsoft Office documents and Adobe PDFs, but it turns out that our technology choices are limited for a somewhat complicated reason, so we will be starting a pilot of Adobe LiveCycle Policy Server.
Our first DRM goal is to protect our technical service manuals. A large portion of our revenue comes from servicing the equipment we sell to chip manufacturers, and revenue has taken a hit when other parties have managed to acquire our service manuals and then offered our customers discounted servicing of our equipment.
How do other parties gain access to our service manuals? Well, the equipment that we build and service typically resides within chip fabrication plants, and it's not unusual for our service-manual PDFs to be sitting open on a workstation in a fab. These workstations are accessible to many people, sometimes including employees of our competitors.
To make matters worse, the management of some fabs won't let our employees bring in their company-issued laptops, so they have to load the PDF manuals on
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
