What is Patch Management?

Patches are small pieces of cloth patched on clothes and bedding to cover holes. Now it also refers to small programs that solve problems that are exposed by large software systems (such as Microsoft operating systems) during use (usually discovered by hackers or virus designers). Just like a patch of clothes that is bad, people cannot write programs that are perfect, so the software will inevitably have bugs, and the patches are specifically to fix these bugs. Because the original released software has defects, after compiling a small The program makes it perfect. This small program is commonly called a patch. The patches are made by the original author of the software and can be downloaded from the website.

Chinese name: patch

Foreign name: patch

Original definition of patch

Patch refers to the missing part of clothes and bedding due to damage and other reasons. In order to cover these holes and extend the use of clothing, small patches are added.

Patch base definition

Vulnerabilities in various software have become one of the main reasons for large-scale network and information security incidents and major information leakage incidents. For the harm caused by computer vulnerabilities, installing corresponding patches is the most effective and economical precautionary measure. For a large number of host nodes and increasingly complex applications on the Internet, it is difficult to ensure that patches are installed in a timely manner, and the implementation of patches is basically a process from the demander to the publisher to download and install the patch, rather than the initiative of the publisher. Demand side provides patches and targeted deployment, so patch implementation is more dependent on non-professional demand side. For large networks with a large number of hosts and various application types, patch updates cannot be tracked in a timely manner, and effective deployment cannot be implemented, which will greatly threaten network and information security and cause irreparable losses. ^[1]

Software patches are small programs that fix vulnerabilities and are released for some large software systems that are exposed during use. Just as the clothes need to be patched when the clothes are rotten, the software is also needed. The software is written by humans, and the programs written by humans cannot be perfect. Generally, in the process of software development, there are always many factors that are not taken into consideration at the beginning, but as time goes by, the vulnerabilities in the software will be discovered slowly. At this time, in order to improve the security of the system, software developers will compile and release a small program (so-called patch), which is used to fix these vulnerabilities. ^[1]

Patch function introduction

Research shows that vulnerabilities in operating systems and application software often become the entrance to security attacks. The most direct and effective way to solve the vulnerability problem is to apply patches, but patching is a relatively passive way. For enterprises, collecting, testing, backing up, and distributing related patching processes is still a rather tedious process, and even The patch itself could become a new vulnerability. To resolve the chaos of patch management, we first need to build an automated patch knowledge base that covers the entire network. The second is to deploy a distribution system to improve patch distribution efficiency. Not only is the patch management program, the entire vulnerability management system also needs to be integrated with other security systems such as the intrusion prevention system and antivirus system of the enterprise to build a complete line of risk management defense. At present, patch updates for internal clients in general corporate office networks are implemented in a decentralized and multi-channel manner. One way is that after the vendor releases the patch, the administrator places the patch on a file sharing machine on the intranet, and the user completes the installation of the patch by direct IP access: Another way is that the administrator places the patch on the system platform In the application database, it is forwarded to proxy servers at all levels through an automatic replication mechanism, and users directly access the database for patch installation. ^[2]

patch

Common classification of patches

Patches are generally used to deal with vulnerabilities in the computer, in order to better optimize the performance of the computer. According to the magnitude of its impact:

First, patches for "high-risk vulnerabilities". These vulnerabilities may be exploited by Trojans and viruses and should be fixed immediately.

Second, the software security update patch is used to fix serious security vulnerabilities in some popular software, and it is recommended to fix it immediately.

Third, optional high-risk vulnerability patches. These patches may cause the computer and software to fail to use normally after installation. Careful selection should be made.

Fourth, other and functional update patches are mainly used to update the functions of the system or software, and can be selectively installed as needed.

Five, invalid patches can be divided into:

Expired patches. These patches may be replaced by other patches because they are not installed in time.
Patches have been ignored. These patches were checked before installation and found to be unsuitable for the current system environment. Patch software was ignored intelligently.
The patch has been shielded, and has been intelligently shielded because it does not support the operating system or the current system environment.

Patch effect

When the software was first made, there were usually loopholes or imperfections. After the software was released, developers further improved the software, and then released patch files to install the software for users, improve the performance of the software, and for large software systems (such as System) Issues that are exposed during use (generally discovered by hackers or virus designers) and are released to solve problems.

Patch expansion concept

Sometimes we add plug-ins (plug-in generally refers to the space in which another program is linked to another program triggered by certain events while the computer is running) and some functions that can enhance the software (such as the more famous coral coral QQ) ), Install some plug-in enhancements (common trigger events are keyboard trigger, mouse trigger, message trigger, display some required information, etc.), the purpose of the hook is usually to change the running mode of the hooked program, but not These plug-ins that affect the actual functionality of the software are also called patches.