Patchy years ahead for software users

"That's at least two more years of patching on the desktop," Gartner analyst John Pescatore said at the Gartner Security Summit in London. "And there will still be problems."

Free IT resource Virtualization Insights from Top Experts - Learn how virtualization gets real! Sponsored by Dell Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

While vendors work to deliver more secure products, users are being advised to put a patch management process in place.

In a research note released in March, Gartner analysts advised companies to prioritize patch installations based on how critical the security vulnerability is, and to evaluate the patch installation requirements. Some patches may require other patches to be applied at the same time, Gartner said, and can be superseded by more-current patches or service packs.

Companies should classify server and desktop configurations as standard and nonstandard so they can be patched according to their specific needs and all patches should be tested before deployment, Gartner said. Furthermore, companies should only accept official patches and the patch management infrastructure should be as secured as the company's outward-facing Web and application servers.

If all that is enough to make the IT department's head spin, a host of vendors has stepped in to offer patch management tools which, among other things, log system configurations and automate some installation and update functions.

While these tools offer administrators some much needed help with the symptoms of software insecurity, the problem for now, remains.

"Since software was first developed, there have been patches," Ecora's Bakman noted. "And that won't change anytime soon."