RSS

>Disabling functionality prior to security fix

16 Jul

>
Normally, a security issue is known days if not weeks before a fix is available. In the meantime, systems are left vulnerable.

A solution for this could be to allow the security provider (typically the provider of the original software) to disable or reconfigure certain functionality in the target software.

Of course, this would require the software (such as an OS or application) to be configurable in such a manner, but a lot of applications these days already have thousands of configuration settings. Try about:config in Firefox, for instance.

Some system administrators might even choose to have such work-arounds applied automatically.

An example:

A security issue is found in Apple Quicktime, in combination with Firefox. Before doing anything else, Apple or Mozilla release a work-around patchset for Firefox that just disables the Quicktime plugin in Firefox.

Advertisements
 
Leave a comment

Posted by on 16 July 2007 in patch, security

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: