Nasty Upgrades

2004-11-26

Ouch! Upgrades can be fatal!

Nasty, messy situation at the UK Dept of Work and Pensions this week, when an upgrade pilot decided to roll itself out to the majority of the 80,000 protected PC's. Here's the Register article - its up on the Beeb and various other sites.

Now, apart from this being a cautionary tale just a week after the latest Microsoft announcements for its "management vision" at IT Forum in Copenhagen, this is a welcome reminder of where we should be focusing our security efforts. As we showed in a recent Reg reader study, most of the security issues are inside jobs, through system failure or user incompetence. The DWP case is a bit of both, if I understand correctly. As well as having systems that ensure protection against supposedly Ukranian hackers (I say supposedly, as recent rumours are that said gangster ring is in fact operating out of the USA and covering its tracks by using said republic as a cover), it is far more important to protect people from theirselves and from the flakiness of their own computer systems.

It seems astonishing that a modern computer environment can be impacted to this extent by its own upgrade routines - in this case, sourced from Microsoft. Sometimes, its just too easy for vendors to blame the bogeyman - I'm not sure they'll get away with it this time.