Operating System Patches
Operating systems from Windows 98 onwards are very complex systems. The systems are composed of millions of lines of programming language (code). Even though the software is tested before it's sold to the public, there are always new flaws that are later uncovered. These flaws are most commonly referred to as "bugs." Bugs can result in security vulnerabilities that leave the system open to viruses, or they can cause the operating system to function incorrectly.
Microsoft as well as many other vendors offer fixes to bugs in the form of a "patch." After enough patches are compiled, they release a "service pack" which is more or less just a compilation of various patches and other fixes.
It is therefore very important to stay informed of new vulnerabilities and the patches or service packs that are available to fix them. Microsoft now offers a special updating service for most operating systems including Windows 98, Windows 2000, and Windows XP. Windows Update is a utility that connects to Microsoft's website and checks to see if your computer has all the latest and necessary patches. The computer can be configured to automatically check for important updates so you don't have to worry about being proactive yourself. Macintosh operating systems also have similar utilities.
Steps to Take
In order to keep your computers up to date with patches, you should:
- Create and maintain a list of all operating systems and applications used in your library—patron and staff PCs alike.
- If your applications or operating systems don't have automatic updating features, discover sources of information about vulnerabilities and their patches.
- Decide how you will monitor those sources. Many of them have mailing lists that you can subscribe to as well as websites.
- If you receive an email notification of a problem or of a patch being available, be sure to evaluate it for applicability. For instance, the vulnerability may only exist if a certain application is installed. If you don't use that application, you don't need to apply the patch.
- Decide when to install the patch.
- Some patches are so vital that you should install immediately, even if it means interrupting service.
- Other patches can wait until the computer is not busy.
- Next, list which computers need updating, and plan the deployment of the patch.
- If you have large numbers of computers to update, consider using automated distribution tools.
- Keep an archive of all patches and updates in a central, backed-up location.
Sources of Information
Consider using the following websites that have operating system and application vulnerability and patch information. Also consider subscribing to any mailing lists these sites might provide.
- Security: http://www.microsoft.com/security
- Product Security Notification Mailing List: http://www.microsoft.com/technet/security/bulletin/notify.asp
- Patches: http://www.microsoft.com/downloads/en/default.aspx, or http://windowsupdate.microsoft.com
Next: Windows Registry