Category Archives: patch

>Disabling functionality prior to security fix

Normally, a security issue is known days if not weeks before a fix is available. In the meantime, systems are left vulnerable.

A solution for this could be to allow the security provider (typically the provider of the original software) to disable or reconfigure certain functionality in the target software.

Of course, this would require the software (such as an OS or application) to be configurable in such a manner, but a lot of applications these days already have thousands of configuration settings. Try about:config in Firefox, for instance.

Some system administrators might even choose to have such work-arounds applied automatically.

An example:

A security issue is found in Apple Quicktime, in combination with Firefox. Before doing anything else, Apple or Mozilla release a work-around patchset for Firefox that just disables the Quicktime plugin in Firefox.

Leave a comment

Posted by on 16 July 2007 in patch, security