Antivirus Software: To Update or Not to Update?
Let me start out by saying those who live in glass houses shouldn’t throw stones, and all security vendors live in glass houses. We are all one bad update away from crippling our customers. Every major antivirus vendor has at one time put out one of these bad updates which did more harm than good. It is our worst nightmare. As a great 21st century philosopher once said, “Stuff Happens.” The question is how do we make sure it doesn’t happen to us or our customers?
We all know that security software is only as good as its last update. But how do we know if that last update is good? How do you make sure it won’t erroneously detect a file or application as a threat or just cause massive software conflicts? Not updating the security software is unrealistic. So what do you do?
The most basic approach: Before deploying the patch sitewide or companywide, you need to test the update. You can either test the patch in a lab or on a small sub group of machines. Once the patch has been deployed to these test systems, reboot and run a scan just to be safe. This will minimize the impact if there is an issue. For major updates or product in-lines you can also check message boards or forums for updates to see if other people are having any issues with the update. Taking these steps may cause you to spend a little more time but could save you from some very messy and reputation damaging situations.
It is a delicate balance between time to protect and time to test. One way some vendors are addressing this issue is by taking the protection to the “cloud” and reducing the dependency on the pattern file updates.
What do you do to test security, other, updates before deploying out to your customers? Do you do any testing?
TJ Alldridge is product marketing manager at Trend Micro. Guest blogs such as this one are part of The VAR Guy’s annual sponsorship.