om patch management
TRANSCRIPT
-
8/6/2019 OM Patch Management
1/16
FITS OM Directory Services Administration Contents
PM 1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
PM 2 Implementation guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
PM 3 Operations guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
PM 4 Roles and responsibilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
PM 5 Patch Management assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Key
Cross reference: Cross reference
Patch
M anagement
Framework for ICT Technical Support Operations Management
-
8/6/2019 OM Patch Management
2/16
Becta 2006
You may reproduce this material free of charge in any format or medium without
specific permission, provided you are not reproducing it for profit, material or
financial gain. You must reproduce the material accurately and not use it in a
misleading context. If you are republishing the material or issuing it to others, you
must acknowledge its source,copyright status and date of publication.
Publication date March 2006
Originally published online in February 2006 as part of the Becta website
http://www.becta.org.uk/fits
While every care has been taken in the compilation of this information to ensure that
it is accurate at the time of publication, Becta cannot be held responsible for any loss,
damage or inconvenience caused as a result of any error or inaccuracy within these
pages. Although all references to external sources (including any sites linked to the
Becta site) are checked both at the time of compilation and on a regular basis, Becta
does not accept any responsibility for or otherwise endorse any product or
information contained in these pages, including any sources.
British Educational Communications
and Technology Agency,
Millburn Hill Road,
Science Park,
Coventry CV4 7JJ
Patch Management
-
8/6/2019 OM Patch Management
3/16
FITS OM Patch Management Becta 2006 1
Patch Management
PM 1 Overview
PM 1.1 What is Patch Management?The goal of Patch Management is to keep the components installed on the network
(hardware,software and services) up to date with the latest patches and updates.
The network components covered in Patch Management may include:
Computers
Servers
Software
Peripherals Cabling
Routers and switches
Services such as messaging, database, MIS and file storage.
PM 1.2 Why have Patch Management?Patch Management is an important part of keeping the components of the network
available to the end user.Without regular patching, the ICT infrastructure could fall
foul of problems which are fixed by updating regularly the software, firmware and
drivers. Poor patching can also allow viruses and spyware to infect the network. Patch
Management should be a centralised, managed service that guarantees protection,
rather than a user-installed, piecemeal approach that leaves the state of the networkunknown.
The internet offers schools the opportunity to enhance learning and teaching via
new ICT services such as email,video conferencing, instant messaging and a huge
library of information. However, the downside of internet access is that the schools
network is vulnerable to threats of disruption to these services, which may also
compromise the reliability, availability and security of the entire network and ICT
services. Many of the threats come from malware, which is a term used to describe
malicious software such as viruses, Trojans and now spyware.
Protecting the network with security measures provides one layer of protection,
while educating your users about the threats of spyware and malware provides
another layer. Users need to know what to do when they receive an email from anunknown source: whether just to delete it, report it to technical support or open it.
Users also need to know how to deal with browser plug-ins or instructions from
browsers to click here to install updates, as these could easily be spyware attempts to
infect that computer. It is possible to counter threats like these with a combination of
software and user education.
User education needs only to inform users about potential threats and how to deal
with them; it does not need to go into detail. As a minimum, users need to know how
to inform technical support if they suspect malware activity, or ask if they are unsure
about any email or browser activity that is unfamiliar to them.This education needs
to be frequent enough to keep it in the minds of the users perhaps once a month
-
8/6/2019 OM Patch Management
4/16
FITS OM Patch Management Becta 2006 2
in a newsletter or bulletin.To enforce safe practice by users,the school can put in
place an acceptable use policy which clarifies what users may and may not do.
PM 1.3 Who uses Patch Management?Technical support staff use Patch Management every day as part of their regular
maintenance schedule to ensure that the network components are up to date. End
users may also be allocated some Patch Management tasks such as keeping their
laptop updated with the latest antivirus software.
PM 1.4 How Patch Management worksPatch Management uses information from the CMDB (configuration management
database) and a network topology (map) managed by the FITS Configuration
Management process to provide a clear picture of the components that make up the
network and how these are configured.
Patch Management focuses on maintaining the availability and security of the
technology which supports the ICT services by updating the following in a
planned way:
Software designed to protect the network against threats such as viruses,
Trojans, worms and spyware
Unpatched software and drivers.
For Patch Management to be effective, the patch administrator (PM 4) needs to have
access to information about new patch releases, antivirus and spyware updates,
driver updates and so on. You can make a list or spreadsheet of manufacturers
websites that hold the patches and updates in the configuration management
database to give all technical support staff access to this important information.The
patch administrator can create the list and keep it up to date by regularly visiting
manufacturer and supplier websites, or by subscribing to mailing lists.
Some websites are now beginning to add RSS (really simple syndication) feeds to
their sites, which allows the patch administrator to take the headlines from the siteand list them all together on one page.The patch administrator can see at a glance
the changes that are relevant and then construct a custom page with information
about driver updates from multiple suppliers.
It is recommended that the patch administrator allocates time for keeping up to date
with the latest information about updates for all of the components in the network.
A release of software that includes bug fixes or performance-enhancing changesPatch or fix
Software required by the operating system to make a piece of hardware functionDriver
A release of software that bundles together several patches and/or updates to
provide a clear benchmark or level of release (eg This software has Service Release 1
installed.)
Service release orservice pack
A release of software that adds new functionality to an earlier versionUpdate
Software that has a numeric or named attribute denoting its maturity or age
(eg Are you on version 1 or 2?)
Higher value increments indicate a more mature release, which is likely to have fewer
bugs and to run better than earlier builds.
Version or build
Patch Managementterms
-
8/6/2019 OM Patch Management
5/16
FITS OM Patch Management Becta 2006 3
PM 1.5 What does Patch Management cost?The cost of Patch Management has three aspects: expenditure, people and time.
PM 1.5.1 Expenditure
Patch Management may require subscriptions to vendors of antivirus and
antispyware software. As spyware is a relatively new threat to school networks,
we have included some additional information on this in Appendix A.Also some hardware manufacturers require you to pay for switch,BIOS and other
equipment updates.
Once you have bought a product, you normally receive the updates, service packs
and patches for free. However, if a new version comes out and you want to move
onto that, you usually have to buy the whole product or upgrade to it, for which you
have to pay.
Manufacturers usually provide hardware drivers at no cost as they are of no value
without the purchased hardware. However, if you do not have a valid licence code or
serial number for the hardware item, you may not be allowed to download the latest
driver free of charge.
PM 1.5.2 People
In a complex network with a high number of components, Patch Management may
require a full-time member of staff. However, most schools will allocate Patch
Management roles to a technician or the network manager.
The patch administrator is responsible for the keeping the network components up
to date, but may delegate tasks to others such as technicians, ICT staff or users.
PM 1.5.3 Time
It takes time to keep up to date with manufacturer changes and releases to software
and hardware. It also takes time to plan and perform updates and patches.
When considering the resources required to maintain the network, bear in mind that
the more versions of operating systems there are in your school, the more patches
and releases you will have to apply, which of course takes more time.This is why we
recommend that you limit the number of different types of hardware and operating
systems that you buy.
PM 2 Implementation guide
PM 2.1 Define your Patch Management policyYou may want to include the following in your Patch Management policy.
A list of computers, servers and peripherals on the network covered under the policy
(this information should be available in the configuration management database)1
Allocation of roles and responsibilities for Patch Management activities2Patch Management schedules3
-
8/6/2019 OM Patch Management
6/16
PM 2.2 Prepare to implementGood preparation can make the difference between a successful implementation of
Patch Management and an unsuccessful one.
FITS OM Patch Management Becta 2006 4
A list of which patches and updates will be carried out using the Change and
Release Management processes and which can be done without them
For example updating antivirus definitions is unlikely to require Change
Management and Release Management, as there is only a low chance of failure
and impact on the users,but upgrades to operating systems should, as these are
more prone to failure and the impact of failure on the users could be high.
If you decide to carry out a patch or update without Change Management andRelease Management, you should still log it, as a record of the information could
help with future incident or problem diagnosis.
4
Definition of which email attachments and internet downloads are safe to open and
how this will be communicated to users.5
The first step is to identify the participants and assign roles and responsibilities.
We recommend that for the initial implementation you involve as few people as
possible so that the tasks can become familiar with minimum impact on the
day-to-day workload of the school.
The people you select to fulfil the Patch Management roles will depend on how you
currently provide technical support and who is involved already.
Roles andresponsibilities
After you have assigned roles and responsibilities, it is important to ensure that those
participating in the implementation and subsequent operation of the function
understand what is required of them. Use the FITS OM website as training material.
Training
A start date is important for any implementation.Choose a date that you can
achieve, bearing in mind that you will need to have an up-to-date list of the
network components before you start. If you do not have this, you will have to allow
time to carry out a full audit or implement FITS Configuration Management.
Start date
Communication must take place within the implementation team to agree plans,
schedule dates and so on, but it is also important to communicate externally and
inform the user community of the new function.
It is a good idea to send out a regular bulletin or email to keep your users informed
of changes that have taken place and those that are about to happen.This keeps
everyone up to date and helps to mitigate potential problems.
Communications
Before you can go ahead with the implementation, you will need all the materials
and tools required for the function see below for guidelines on maintaining a full
up-to-date inventory and using automating tools.
Materials
PM 2.2.1 Full up-to-date inventory
Your configuration management database will contain information about each
hardware and software component,known in FITS as a configuration item (CI),
installed on the network. For Patch Management it is recommended that you also
keep the following attribute information for each CI.
-
8/6/2019 OM Patch Management
7/16
PM 2.2.2 Automating tools
Installing the latest drivers, patches and updates on every computer in school can
obviously take a lot of time and may seem like an endless task. However, you can
speed up the process using software deployment tools.Tools such as disk imaging or
patch management software, along with antivirus administration console software,
can help make the task less burdensome.
Disk imaging is one method of bringing several computers up to date reasonably
quickly.Using Release Management you should be able to document and prepare an
image in a consistent way, and then use the Change Management process to deploy
the image.
PM 2.3 Assigning roles and responsibilitiesYou will need to assign the following roles before implementing the policies:
FITS OM Patch Management Becta 2006 5
BIOS, firmware, system board drivers, video driver, network driverComputer
Service packs, patches, feature packsOperating system
FirmwareSwitch
Data file/Virus definition updateAntivirus
Data file/Virus definition updateAntispyware
Driver, firmwarePrinter
Driver, firmwareScanner
Type Updates
Person responsible for implementing
and running the Patch Management
strategies, eg:
Network manager
Technician
Supplier.
Ownership of all updates including:
Operating system and application
patches for computers and servers
Antivirus and antispyware updates
Firmware updates for hardware
Printer driver updates.
Patchadministrator(see PM 4.1)
Person responsible for managing the
assessment and approval of major ICT
infrastructure changes or theintroduction of new hardware or
software, eg:
Network manager
Technician
Supplier.
If it is decided that the new patch or
update requires Change Management,
completing a request for change form(see ChM Appendix A) will be
necessary.Change manager
(see ChM 5.6)
Role Suggested representative Comments
Person responsible for managing the
process of planning,building, testing and
deploying new hardware or software,eg:
Network manager
Technician
Supplier.
If it is decided that the new patch or
update requires Release Management,
completing a build and install form
(see RM Appendices D and F) will
be necessary.
Release manager(see RM 5.1)
-
8/6/2019 OM Patch Management
8/16
PM 2.4 Implementing Patch ManagementThe Patch Management cycle
We discuss each step of the cycle below.
PM 2.4.1 Audit current state
Before you can maintain your network, you need to understand its current state.This
involves identifying the hardware, software, operating systems applications and their
patch levels. Other hardware and peripherals such as printers and switches have
firmware that you should also identify.
This may seem a big job to start with if you do not have this information to hand in a
configuration management database, or on lists or spreadsheets. However, the
information is vital for successful Patch Management implementation.There are tools
to help you automate and speed up this process, obtainable from your operating
system manufacturer or from third-party suppliers, which you may like to consider.
Once you know the current state of your network you can begin to plan to bring it
up to date by installing the latest drivers, patches, firmware and definitions. The aim
of bringing everything up to date is to create a baseline from which you can start
regular patch maintenance, as the process is far easier if everything is at the same
level to begin with.
When you carry out this audit you may find that there are several versions of a
product in use. It is easier to manage a smaller number of versions or ideally only one
version: the most recent. Managing several versions creates confusion and is more
time consuming to support. If you find yourself in this situation, consider upgrading
the older products to the latest version, which will probably involve a financial outlay
but is worth it in the long run.
FITS OM Patch Management Becta 2006 6
Audit current stateNew patch available
Test patch
Review deployment
PatchManagement
cycle
Acquire patch
Deploy patch
-
8/6/2019 OM Patch Management
9/16
PM 2.4.2 New patch available
News that a new patch is available may come from a variety of sources such as
manufacturerswebsites, suppliersbulletins or technical forums.The patch will
usually have some release information explaining what the patch fixes and who
should use it. Read the information carefully and ensure that the patch applies to
the components and overall network structure of your school. The patch may not be
applicable to every component on the network, in which case you need to identify
which components require the patch.
The patch may also have an importance rating. If a patch is described as critical, it is
important to install it as soon as your Change Management process allows because
the reliability and security of your network may be at risk. If the patch is not critical,
read the information released with it to understand when it should be implemented.
If yours is a large network with many hardware components and software
applications,you may receive new updates and patches every day.To release each
one as it becomes available is time consuming and potentially disruptive to users of
the ICT services. In this case you can collect a number of updates and patches into
one release as long as you test the release before deployment.
It is worth noting that in industry very few organisations with critical services will
ever be the first to implement new patches. They prefer to live with known risks
rather than implement new patches with unknown risks.
PM 2.4.3 Acquire patch
The next step is to acquire the patch by downloading it from the internet, getting it
sent by post or having it emailed to you. Some of the new service packs are hundreds
of megabytes in size, in which case requesting those on CD will save you bandwidth
and download time.
PM 2.4.4 Test patch
Test the patch on a computer or other device reserved for testing (or a limited
number of live computers).The testing itself depends on what the patch claims tofix. You may be able to ascertain that the bug has been fixed,although most patches
nowadays are for obscure security holes. Once you are satisfied that the computer or
other device still works properly and that the patch has not created other faults,
continue to the next step.
PM 2.4.5 Deploy patch
This step may involve imaging a computer and deploying the new image, or it may
involve visiting every computer affected by the patch. Again, this depends on the
tools you have available and the patch management strategy you employ.
A point to note is that in industry, companies implement change freezes they never
do changes over the pre-Christmas period, for example. In the case of schools, it isprobably a good idea to have a change freeze during the first day of term and on
exam days. Plan any major changes for a time when the users affected are not in
school, so that there is enough time to roll back if anything should go wrong.
PM 2.4.6 Review deployment
Once you have deployed the patch, check that none of the computers with the new
patch is adversely affected. Also, you need to check that the patch is installed
successfully. You cannot assume that the patch has been installed on every computer,
as other factors such as lack of disk space, computer shutdown or network problems
may have affected the deployment.
FITS OM Patch Management Becta 2006 7
-
8/6/2019 OM Patch Management
10/16
Once you have ascertained that the patch has been deployed successfully, update
the configuration management database (CMDB) and/or the request for change
document associated with this change.Report any incident or problem to the service
desk for resolution using Incident Management or Problem Management.
PM 2.5 PilotTo pilot your proposed Patch Management function, it is good practice to trial the
changes first on a small group of computers. This enables you to experiment with the
way that works best for you and your users. In a perfect world, you would have a test
lab where you could experiment with different scenarios that reflected your live
network. However, most schools do not have this facility,so it is best to test the
implementation on a limited number of computers before going live with this
function on the entire network.
PM 2.6 Review the implementationReview your implementation by asking the following questions.
FITS OM Patch Management Becta 2006 8
Consider upgrading older versions to the most recent version.Do we have different versions of thesame software/hardware?
Include this time when estimating the installation time in future.How long did it take to obtain thelatest versions for each item?
If necessary, consider changing the build procedure or creating
additional build procedures to cater for this.
How easy was it to update eachgroup of items?
Consider how you informed users and the timescales involved.
Also consider any training implications of the changes made.
Did the changes made adverselyaffect any users? If so, is there
anything you could do to mitigate
this in the future?
Inform staff of their involvement in this process and what is
expected of them.
Do people understand their rolesand responsibilities?
If not, go back and perform this section again.Was each step of theimplementation covered?
Question Points to think about
-
8/6/2019 OM Patch Management
11/16
PM 3 Operations guide
PM 3.1 What needs to be done?
PM 3.2 When does it need to be done?For most technical support teams, patch releases are becoming a normal part of life.
The frequency of releases is also becoming more regular and less erratic, whichmakes scheduling their installation easier. In general, software providers supply
patches once a month, whereas firmware updates tend to be yearly or six-monthly.
Below is a list of network components that require patch management.
Computers
Apple computers
Servers
Switches,hubs and routers
This list is not comprehensive, so you may well have other items to which you will
need to apply patch management. Use the information in your CMDB to create a list
of your network components that require patch management.
PM 3.2.1 Computers
As soon as you take a new computer out of its box, it is already out of date!
The computer industry moves very fast and within a few weeks of installation, unless
you keep it up to date with critical patches, your computer may be in danger of being
hacked or damaged,even with the protection of a firewall and antivirus software.
To prevent this from causing problems, follow a patch maintenance schedule.
Example schedule for computers
FITS OM Patch Management Becta 2006 9
Check hardware items for firmware updates.
Check software items for patches, updates, service packs and drivers.
Check antivirus programs for updates to virus definition files.
Check antispyware programs for updates to definition files.
Search the internet regularly to find out about new threats,patches or releases.
Schools do not always receive this information automatically.
Check for new software patches.
Check for the latest antivirus definitions.
Check that spyware definitions are up to date.
Check for news about new threats, new patches and new releases.
Weekly
Check that drivers (for example video and network) are up to date.
Check antivirus engine updates.Monthly
Check for new printer drivers.
Check BIOS firmware.Six monthly
-
8/6/2019 OM Patch Management
12/16
PM 3.2.2 Apple computers
Apple Mac workstations differ from other computers in that they can only run the
Apple Mac operating system, whereas most other computers are able to run several
operating systems.This guide applies to Mac OS X or later, since Apple no longer
supports Mac OS 9 and earlier versions. Because of this difference,Apple machines
have a more clearly defined schedule that you should follow.
Example schedule for Apple computers
PM 3.2.3 Servers
Servers require more attention than personal computers, as servers are more critical.
Do not make major changes to servers without going through the Change
Management process. Ideally, this even applies to antivirus updates,but it is
particularly vital for firmware or software patches. Using Change Management will
prevent you from making changes without planning and considering all the
implications of that change.
Example schedule for servers
PM 3.2.4 Switches, hubs and routers
Like computers, switches, hubs and routers have software that you may need to
update.This tends be in the form of firmware updates. Although manufacturers test
firmware thoroughly before releasing it, some bugs or performance loss is still
possible in the final release.
It is important not to forget firmware updates,since to do so may affect the reliability
and security of your school network. Before making changes to switches, hubs or
routers, make a backup of the configuration! Some firmware updates can wipe the
memory and result in lost configuration.
You should check for new updates for switch, hub and router firmware annually.
FITS OM Patch Management Becta 2006 10
Check for software updates.
Check antivirus definitions.Weekly
Check for third-party software updates.
Check antivirus engine updates.Monthly
Check for new printer drivers.Six monthly
Check for new operating system version.Annually
Check for new software patches.
Check for the latest antivirus definitions.
Check for new spyware definitions.
Weekly
Check for new drivers (for example video and network).
Check antivirus engine updates.Monthly
Check for new printer drivers.
Check BIOS firmware.Six monthly
-
8/6/2019 OM Patch Management
13/16
PM 3.3 Who does it?Technical support staff or third-party suppliers perform most of the activities in Patch
Management. However, users can do some of the more routine updates.
PM 3.4 How is it measured?There are several ways of measuring Patch Management:
The amount of activity (number of patches and updates installed)the process produces
The number of hours per week spent on the activity
The number of requests for change the process generates
Percentage success rate of applied patches
Percentage of patches/updates that fail testing
Number of patches applied compared to patches issued.
It is worth noting the impact of not implementing Patch Management. If you do not
use Patch Management, computers may become infected with viruses that spread
over the network and seriously affect the reliability and security of all the school's
ICT services.
PM 4 Roles and responsibilities
We have defined the principal roles and their associated responsibilities for PatchManagement according to best practice. Schools may need to combine some roles,depending on size, organisational structure and any underlying service level agreementsexisting between technical support and the school.
Role descriptions in the context of the Patch Management function are not job
descriptions. Depending on the size and structure of your technical support team,
one person may assume more than one role. However, good practice for function
management dictates that although different people may be involved in performingactivities, there should be only one owner per function.This means that one
individual is always accountable for overall function performance and can intervene
to make things happen when a function breaks down.
PM 4.1 Patch administratorThe patch administrator is the function owner with full responsibility for ensuring
that Patch Management is performed correctly. In a school, it is likely that the patch
administrator role will be shared with other FITS OM function and FITS process roles.
As Patch Management works closely with FITS OM Security Administration and FITS
Change Management and Release Management,you can combine some of the roles.
The patch administrator must keep informed about the release of new updates,
drivers, patches and firmware.This may take up considerable time unless the task can
be automated (for instance, by email notifications from vendors and manufacturers).
Key tasks
Ensure that all operating systems and software have up-to-date service packs
and patches.
Keep drivers up to date.
Keep firmware on hardware up to date.
Keep antivirus and antispyware definitions up to date.
Produce Release Management build procedures for major updates to enable
other technicians to carry out the updates.
Check that installations of patches and updates are successful.
FITS OM Patch Management Becta 2006 11
-
8/6/2019 OM Patch Management
14/16
PM 5 Patch Management assessment
Below is a table that asks basic questions about Patch Management. If you can answer yesto them all, you are doing fine. If you are answering some of the questions with a no orsometimes, then the table recommends some actions for you to take.
FITS OM Patch Management Becta 2006 12
Define the scope of the Patch Management function. Document
all activities and allocate them to the technical support staff.
1. Have you defined the scopeand objectives of the Patch
Management function?
If a full up-to-date CMDB or inventory of hardware and software
does not exist, implement Configuration Management or
perform a full audit.
2. Have you produced a fullhardware and software inventory?
From the inventory, list the hardware manufacturers and software
suppliers, plus each item they produce that you own. Make a
note of how to obtain the latest update from each company
(eg download or order CD).
3. Have you a list of hardware andsoftware manufacturers and the
items they produce that you own?
Make sure that the Release Management DSL is up to date with
the latest drivers, firmware and updates. This will make updates
easy to find in the future.
4. Have you stored the latest copy ofhardware and software updates in
the definitive software library (DSL)?
Using Change Management and Release Management, prepare
a schedule of when to install updates and create an associated
build procedure for each release of changes.
5. Do you have a release plan forinstalling these updates?
Inform staff about Patch Management, what is expected of them
and how they are affected by any activities in this function.
6. Do you inform all staff about thePatch Management function and
how it affects them?
Prepare to implement a small-scale pilot before implementing
this function throughout the school.
7. Have you planned a pilot beforeimplementing the function across
the school?
Once you have installed some updates, check to see if they were
indeed installed correctly.
8. Do you check whether updateswere installed correctly?
Establish a single point of ownership and accountability for the
Patch Management function.You can charge this person with
implementing the other recommendations in this report through
a programme of continuous improvement. Others involved in the
Patch Management function will then know whom to contact if
they identify any deficiencies in the function.
9. Does the Patch Managementfunction have an owner
responsible for its day-to-daymanagement and ongoing
development?
Give staff access to training material and provide experienced
staff to help them learn the process. Run an improvement
programme to increase function awareness.
10. Are those performing thePatch Management function
aware of how to do so?
Mount an awareness campaign to make everyone aware of the
tasks performed by the Patch Management function.
11. Are the end users of the PatchManagement function aware of it
and conforming to it?
Question Recommended action
Without documentation, the function is open to interpretation
and will lack a consistent approach. Document the activities and
make this documentation available to all staff performing them.
The documentation can be used in training and as a reference point.
12. Have you documented theactivities in the Patch Management
function?
-
8/6/2019 OM Patch Management
15/16
PM Appendices
PM Appendix A Spyware
What is spyware?
A new type of threat has recently emerged in the form of spyware. Spyware is unlike
a virus in that it does not replicate itself to other computers, but it can cause
problems with a computers performance and send personal data back to anunknown source without the uses consent. Suppliers may bundle spyware with
legitimate commercial software with the intention of collecting information for the
supplier to use in further marketing or product improvements. However, any data
collected and sent without the users consent or knowledge is considered spying.
What does spyware do?
Spyware can hijack your browser by changing the start page and default search
page with its own copy.This can mean that your browser can be further infected with
other trojans and viruses or simply annoy you with changes you did not ask for. It is
well known that spyware slows computers down by taking up processor time and
hard disk space doing whatever it is designed to do. Spyware usually collects and
sends back information about the user.This information can include personal details(name, address and so on) plus information about websites visited or,worse, private
information such as passwords or credit card information.
What can I do to protect against spyware?
These days most antivirus companies either sell antispyware software as a separate
product or build it into their main antivirus product. There are also many good
quality free antispyware programs available. However, these tend to be designed for
manual scanning and removal, and may not provide real-time protection.
FITS OM Patch Management Becta 2006 13
You can download the templates from the FITS OM website http://becta.org.uk/fits_om/downloads.cfm
-
8/6/2019 OM Patch Management
16/16
Appendix B Useful links
FITS OM Patch Management Becta 2006 14
Network administration advice and anecdoteshttp://www.thenetworkadministrator.com
Independent patch management mailing listhttp://www.patchmanagement.org
Antivirus productshttp://www.mcafee.com
Antivirus productshttp://www.symantec.com
Antivirus productshttp://www.trend.com
Antivirus productshttp://www.microsoft.com
Antivirus productshttp://www.sophos.com
Antivirus productshttp://www.grisoft.com
Antivirus productshttp://www.avast.com
Antivirus productshttp://www.ca.com
You can download the templates from the FITS OM website http://becta.org.uk/fits_om/downloads.cfm