Your mother always taught you that procrastination was the root of all evil. Better to tackle those sometimes annoying, pesky challenges head on as they come, rather than waiting for them to mount. Like a bag of popcorn that has been left a little too long in the microwave, tasks left unattended often times explode right before our eyes, and the spoils left behind are far worse than we could have imagined.
It is no different in the world of IT security updates. While the Microsoft product teams work hard to deliver highly secure products they are not perfect and security updates are a fact of life. OK, we know they can be a right pain in the a$$. No one likes orchestrating system restarts across numerous workstations or servers, and of course there’s always the fear that mission critical or heavily used applications are going to be adversely affected. All understandable reasons to put off deploying security updates indeed, but all too often we don’t stop to look at the big picture and see what kind of a sticky situation we are setting ourselves up for:
-Ignoring security updates leaves your systems vulnerable to attack and when that happens, there is surely a lot more headache in store when it comes to repairing the damage-
In fact, if you embrace the change process you will find that you will end up with a much healthier environment all round as you will get good at change. Getting a monthly, recurring, maintenance process in place for desktops and servers will serve you well in the long run and make all change, not just security updates, much easier to do.
One of the biggest challenges you face when tackling security updates is finding a way to test whether the update will work on your desktops and servers without issue. The standard approach is to simply deploy the update to a group of test machines and get someone to test the applications installed on it. This can be time consuming and a bit hit and miss.
What if there was a tool to make test security updates seem a bit less daunting, and made it easier to deploy the updates your systems need? If there were less pain involved with the process, would you put a stop to your update procrastination? Enter ACT (Application Compatibility Testing) Tookit and the Update Compatibility Evaluator.
Try this out:
- Set up a test rig with:
- A couple of PCs
- Standard desktop builds
- Install all customers’ custom applications
- Install ACT
- Build ACT Database of applications
- Now run UCE – Update Compatibility Evaluator
- Analyse the results in ACT
(What is UCE? - http://technet.microsoft.com/en-us/library/cc766043(WS.10).aspx)
While it will take a bit of up front investment to master the tool, the benefits of this approach are as follows:
1. It reduces any uncertainty about the deployment of Windows updates. UCE provides compatibility information, enabling you to successfully test your high-risk applications and to fix any issues before deploying the update within your organization.
2. It increases the adoption rate of Windows updates. Because you do not have to be concerned about potential compatibility issues, you can deploy the updates more quickly, providing greater security to your organization.
3. It reduces your workload and cost. After you determine which applications are at risk, you can organize and focus your testing, making sure the applications are stable upon deployment of the update.
Take advantage of this tool, and help yourself get back on track by proactively managing your update processes. Stop procrastination right in its tracks, and don’t let those critical updates simmer any longer. After all, no one likes eating a bag full of burnt popcorn.
Information on the Update Compatibility Evaluator: http://technet.microsoft.com/en-us/library/cc749197.aspx
Release Notes for ACT 5.5: http://download.microsoft.com/download/d/3/3/d33a8f5d-a7e1-4bbe-b04d-7a688785a229/ACT55_ReadMe.zip