Home
News
E-mail Newsletters
Blogs
Tech Dispenser
Shark Bait
Knowledge Centers
Opinion
Webcasts
Video
Podcasts
White Papers
Computerworld Reports
Zones
Case Study Library
RSS Feeds
Events
Print Subscriptions

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Finance
Security
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 

Computerworld 2007Subscribe to Computerworld
40 years of the most authoritative source of news and information for IT leaders.

Retail PCs can reach customers without latest patches

Tom Krazit   Today’s Top Stories    or  Other Security Stories  
 

Sign up to receive Security Resource Alerts

June 16, 2004 (IDG News Service) -- The excitement home buyers feel when taking a new PC out of its box can be short-lived if the machine is vulnerable to the swarm of viruses and worms on the Internet.

One senior administrator at a major research university recently endured a prolonged setup procedure with his new laptop. The administrator, who asked not to be identified due to the visibility of his position, purchased a laptop in May after encountering delays in obtaining the notebook, which was first introduced last March along with Intel Corp.'s Centrino technology.

After connecting the notebook to the Internet over a dial-up connection, the machine started crashing repeatedly in a sequence that looked eerily familiar to the administrator's experiences with the Blaster worm last August. Sure enough, a Google search quickly confirmed his diagnosis, setting the stage for a two-hour marathon download of Windows Update patches and the Blaster Worm Removal Tool from Symantec Corp.

Current PC users are constantly reminded about the need to download patches and operating system updates as soon as they are made available. But those users may not realize that a "new" PC might have been sitting in a warehouse for several months, and might lack the most recent patches required to keep it safe from viruses and worms.

To meet delivery deadlines, PCs bound for the retail market must have their operating systems frozen about three to four weeks prior to the date on which they are made available, said Jim Kahler, manager of consumer support for Hewlett-Packard Co.'s consumer PCs. With Microsoft Corp. releasing new security updates almost every month, there's no simple way to ensure that when a PC finally makes it to the user, that PC contains the latest updates required to secure the system, he said.

HP advises all buyers to activate the built-in firewall that comes with Windows XP prior to connecting the machine to the Internet, Kahler said. The next major update to the Windows operating system, Windows XP Service Pack 2, will help improve security by turning on the firewall as the default option on future releases of the operating system.

Toshiba Corp. ships every PC with documentation that urges customers to immediately visit the Windows Update Web site and download and install any software patches that the site identifies as missing on that PC, said Carl Pinto, director of product development.

Most of IBM's PC customers are businesses that have an IT staff member who makes sure each PC contains the necessary updates before passing it along to the user, said Clain Anderson, director of marketing for IBM's wireless and security solutions.

IBM can also set up a system that monitors the patch status of an enterprise's network of PCs, automatically downloading updates as they are provided by Microsoft, Anderson said.

Representatives from Dell Inc. didn't respond to requests for comment. However, Dell doesn't sell its PCs through retail stores, which means it carries only four days of inventory at any one time, according to its financial results presented last month.

The Windows Update feature is only one line of defense against fast-moving worms and viruses. Just about every PC company ships a free trial version of an antivirus product such as Symantec's Norton Antivirus that will help detect viruses and worms.

Besides those two defenses, there's not much the PC industry can do to protect users against worms and viruses other than pleading with them to install Windows Update patches and regularly update their virus definitions, said Stephen Baker, director of industry analysis with NPD Techworld in Reston, Va.

Unlike other electronic devices that consumers are used to owning, such as televisions, PCs require regular maintenance and a willingness to cede control of the update process to a vendor, Baker said.

"You have a lot more responsibility as a PC owner to maintain and take care of your device than you do as a television owner," Baker said.

Virus-infected PCs aren't just problematic for their users. They are often used as spam relays or to launch other virus and worm attacks, making it essential that all PC users patch their systems, Baker said.

The university administrator eventually discovered a guide called "Windows XP: Surviving the first 24 hours" on the interesting-people.org mailing list maintained by Dave Farber of Carnegie Mellon University that would have provided tips such as turning on the firewall and manually checking for updates.

The episode turned out to be nothing more than an evening of aggravation, but it could have been avoided with clearer instructions on how to safely break in a new PC, the administrator said.

Special Report

The Future of BI
Stories in this report:

Reprinted with permission from

For more news from IDG visit IDG.net
Story copyright 2006 International Data Group. All rights reserved.


Print this Story Send Us Feedback E-mail this Story Digg! Digg this Story Slashdot this Story

Blogs

"If you're controlling document transmission processes, don't overlook your multifunction printers, advises one vendor...." Read more...
"Is it just me or is Twitter suddenly experiencing a much, much heavier spam deluge than usual? And how evil..." Read more...
Read more Security posts or See all Blogs

DNS hole prompts synchronized patching effort by IT vendors
Microsoft plugs nine holes in Windows, DNS, SQL
Symantec warns of new Word attack
More top stories...
Microsoft sets XP SP3 automatic download for Thursday
Don't give Google a free pass on data collection, privacy advocates say after YouTube ruling
XP SP3 to reach most users 'shortly,' says Microsoft

This old laptop: Revitalizing an aging notebook on the cheap
All it takes is a couple hours and about $125 to breathe new life into an old laptop. Here's how.
Bill Gates moves on
Is Microsoft's Golden Age over? What are Gates' most memorable quotes? Find out in Computerworld's complete coverage of the end of the Bill Gates era at Microsoft.
Five things you should never tell your boss
There are some things your CIO definitely doesn't want to hear. Also don't miss the flipside, Five things you should always tell your boss.
Hands-On: Firefox 3 fixes what's broke and keeps what's right
With its latest version, Mozilla's browser continues to raise the bar for what Web browsers should be.

FROM THE BLOGOSPHERE

Windows Vista A to Z
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
IT Careers 2010
Four years from now, the IT field will be a vastly different place. Will you be ready?
All Zones
Application Performance Zone
Business Continuity Zone
Data Center Management Zone
Enterprise-Class Security Zone
The File Data Management Zone
Grid Computing on Windows Zone
Security Management Zone
ITIL Best Practices Zone
The SAS Zone
Storage Virtualization Zone
Business Intelligence and Analytics Zone


Ads by TechWords

See your link here
Why SaaS is Vital to Email and Web Security
Why SaaS is Vital to Email and Web Security
Download this webcast, free, compilments of Webroot Software
Go to the webcast 
Computerworld Executive Bulletin: Building a Robust Antivirus Defense
Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
(Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more.
Download this executive briefing download
Eliminate SPAM, Gain Productivity
Get this white paper now!
(Source: MessageLabs) Learn all about the dangers and the costs of spam in all its forms - from stock-touting to spreadsheet. Also, understand the drawbacks of traditional hardware- and software-based defenses - and the unique benefits of MessageLabs multi-layered, managed Anti-Spam solution; as illustrated by a real-world case study where MessageLabs stopped spam cold.
Download this white paper go
White Papers
Read up on the latest ideas and technologies from companies that sell hardware, software and services.
Virtualization Analysis for VMware
A Guide to Understanding Messaging Archiving
Archiving Compliance with Sunbelt Exchange Archiver
View more whitepapers 

About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDG Connect IDG World Expo Infoworld
The Industry Standard ITworld JavaWorld LinuxWorld MacUser Macworld Network World PC World Playlist
Copyright © 2008 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.