Firewalls, Patches and Updates. Oh My!

Microsoft products, chief target of every deranged real and would-be hacker, have many vulnerable holes. This year large companies and government agencies became collateral damage when hormonal driven hackers set about to flex muscles. Over one and a half a million computers fell prey to viruses and worms. Lost productivity was measured in the billions.

But big problems usually mean big opportunities. These issues are understood by customers and they need help executing solutions—software patches and products that scan for vulnerable areas. For those who can put together the brain-power and tools, today could be a great day to start selling vulnerability assessments and regular follow ups.

Look at the warnings that came before the “Blaster” virus. Microsoft knew about the problem and on July 16th published a fix for the vulnerability. The software company reported that about 40 million users downloaded the patch during the first two weeks of August. Unfortunately, millions more failed to do so. They and their problems made history along with accused perpetrator Jeffrey Lee Parson (aka TeeKid).

According to court papers Parson, a high school student, took an original virus, changed it slightly, and unleashed it. The virus taunted Microsoft’s chairman: “Billy Gates why do you make this possible? Stop making money and fix your software!!.”

By August 19th Parson’s home was raided and seven computers seized. By law enforcement standards the arrest showed fast timing, but by “Internet-time” it left millions of computer users unprotected. Remembering back to 2001, it took only five hours for the Anna Kournikova virus to spread around the world.

Now back to that business opportunity I was talking about.

Customers may be ready for a babysitter – a security baby sitter. Sure there are lots of virus checkers, and warnings of virus threats get a fair share of air time. But business people need to be actively involved in their professions, not acting as computer police on guard for hack-attacks.

Sure, there are automatic ways to protect a company’s network but there are still too many unguarded doors. Consider that Microsoft already has a Software Update Server (SUS) which distributes every patch to IT systems. It’s a great idea, but not widely implemented or well used. And while the free upgrade to SUS 2.0 is planned for next spring, I doubt it will resolve the problem.

The same goes for Enterprise protection software. Symantec’s excellent Enterprise Security Manager System performs more than 2,000 specific security checks to make sure mission-critical information systems comply with an organization’s security policies. The problem is: Who sets up those policies in the first place? And who keeps them current? Do the policies, checks and controls get monitored. I know of many cases where security tools were installed but never monitored and maintained to make sure the tools were kept working.

Hence, the business opportunity. Hire a security brain, then rent out the brain-power. This could be a great way to get new business off the ground.

Cheryl Currid is the president of Currid & Company, a high-tech research company based in Houston, TX. She has published several books and hundreds of articles on computer technology and the Internet. Her Cheryl Currid’s Technology Report airs every Saturday at 5:00 PM and Sunday at 7:30 AM in Houston on KTRK-TV, Houston’s ABC Station.