Did Sasser leave you shamefaced?

Anyone working in technology knows that they are permanently on call to friends and family for technical support.

So even while on holiday last week I disinfected a couple of PCs that had fallen victim to Sasser variants for good friends who were just a few weeks late in deploying patches.

This speed in reverse-engineering patches is an issue that affects us all. And judging from the infection rate of the Sasser worm, many corporate IT managers should be looking a little shamefaced.

If Sasser was built by reverse-engineering a Microsoft patch in record time it only confirms what many security professionals have been saying for years: patch management is becoming ever more crucial.

Back in simpler times reverse-engineering patches was a long process and IT managers could expect to have months before an exploit was found. But now it seems that hackers are banding together to crack patches faster.

This is perfectly understandable from their perspective. Why do all the tedious work of finding an unknown vulnerability when the manufacturer has told you what to look for?

By reverse-engineering patches the hackers are relying on the overworked IT manager or under-informed consumer not patching their systems as soon as possible.

From an IT manager's perspective it's a case of damned if you do and damned if you don't.

Patching is a notoriously labour intensive task, and there is always the risk that a patch might do something unexpected to your carefully tweaked systems.

But if anything good can come of Sasser it will be to provide a potent example for the board next time they complain about network downtime.

Patching must be done immediately; the hackers won't wait and neither should you.