1 00:00:12,210 --> 00:00:16,399 In this lesson, we're going to talk about 2 00:00:16,399 --> 00:00:20,760 "Why don't I just trust what the vendors tell me?" 3 00:00:20,760 --> 00:00:22,500 This includes Apple. 4 00:00:22,500 --> 00:00:24,120 This includes Microsoft. 5 00:00:24,120 --> 00:00:30,210 This includes Linux or any of your other favorite operating system provider 6 00:00:30,210 --> 00:00:35,840 or technology provider for that matter. 7 00:00:35,840 --> 00:00:44,009 So today, we're going to talk a little bit about why vendors don't know everything. 8 00:00:44,009 --> 00:00:49,979 We're going to discuss the reasons why System Management is important in these cases. 9 00:00:49,979 --> 00:00:57,530 And we're going to also discuss who these major vendors are. 10 00:00:57,530 --> 00:00:58,799 Updates. 11 00:00:58,799 --> 00:01:04,609 I guarantee you, if you look at the device that you're watching this video on right now, 12 00:01:04,609 --> 00:01:08,570 you are going to have one update pending; 13 00:01:08,570 --> 00:01:15,349 or if you go select "Update This Device", whatever it might be, 14 00:01:15,349 --> 00:01:17,600 you are going to have an update. 15 00:01:17,600 --> 00:01:22,111 Do you just blindly click on "Update All"? 16 00:01:22,111 --> 00:01:24,540 -- for example. 17 00:01:24,540 --> 00:01:26,980 Generally, we do. 18 00:01:26,980 --> 00:01:29,329 We don't think about it too much. 19 00:01:29,329 --> 00:01:30,590 It's our personal devices. 20 00:01:30,590 --> 00:01:37,064 We don't really care what they do, all we want is the latest features come out. 21 00:01:37,064 --> 00:01:37,435 Okay. 22 00:01:37,435 --> 00:01:40,700 Like on my phone right now, I probably have updates. 23 00:01:40,700 --> 00:01:43,424 Okay. 24 00:01:43,424 --> 00:01:52,734 Vendors push updates for three reasons: number one, feature enhancements; number two, 25 00:01:52,734 --> 00:01:56,969 bugs, so something's broken that they didn't know was going to happen 26 00:01:56,969 --> 00:01:59,865 with the previous version that they need to fix; 27 00:01:59,865 --> 00:02:03,359 and number three, vulnerabilities --this is a big one 28 00:02:03,359 --> 00:02:11,449 because vendors want to make sure that their projects, sorry, products rather are secure. 29 00:02:11,449 --> 00:02:21,009 It is up to us to make sure that we're looking at what we're doing with updates, 30 00:02:21,009 --> 00:02:23,750 vendor patches, etc. 31 00:02:23,750 --> 00:02:32,965 So, let's say that we have a system in production and an update just came out. 32 00:02:32,965 --> 00:02:36,639 Do we apply that update right away or do we wait? 33 00:02:36,639 --> 00:02:41,740 Well, it's really up to us to look at what that update is going to affect. 34 00:02:41,740 --> 00:02:46,180 All the companies out there have been guilty at one time or another 35 00:02:46,180 --> 00:02:52,349 of putting out a patch that frankly has made things worse. 36 00:02:52,349 --> 00:02:57,939 What about let's talk battery life on Apple devices. 37 00:02:57,939 --> 00:02:58,270 Okay. 38 00:02:58,270 --> 00:03:03,900 There's been improvements to those, but sometimes, it doesn't work that way. 39 00:03:03,900 --> 00:03:09,629 Sometimes, it makes the features act abnormal as well. 40 00:03:09,629 --> 00:03:15,460 So we have to look and possibly wait to install updates until we're for sure 41 00:03:15,460 --> 00:03:19,550 that whatever updates are we are installing on our enterprise systems 42 00:03:19,550 --> 00:03:26,175 don't affect a system negatively. 43 00:03:26,175 --> 00:03:28,680 A vendor's -- Microsoft, 44 00:03:28,680 --> 00:03:37,020 Apple, Linux, and others -- all have pulled back updates in the past year 45 00:03:37,020 --> 00:03:42,610 because of something not working right when they released it. 46 00:03:42,610 --> 00:03:45,810 Vendors will also tell you anything. 47 00:03:45,810 --> 00:03:50,189 "This operating system doesn't get viruses", for example. 48 00:03:50,189 --> 00:03:59,119 I've heard that one many years, prior to about 2010 more so. 49 00:03:59,119 --> 00:04:01,209 Okay. 50 00:04:01,209 --> 00:04:06,137 Linux gets viruses and Macs get viruses. 51 00:04:06,137 --> 00:04:10,724 Don't be fooled by what other people tell you. 52 00:04:10,724 --> 00:04:27,350 CVEs or the Common Vulnerabilities and Exposures are a set of -- not rules but releases -- 53 00:04:27,350 --> 00:04:31,129 that vendors make or the industry makes to show you 54 00:04:31,129 --> 00:04:34,550 what has been discovered as vulnerable. 55 00:04:34,550 --> 00:04:37,009 These are known vulnerabilities. 56 00:04:37,009 --> 00:04:42,199 So, if we look over the vulnerabilities or the CVEs over the past several years, 57 00:04:42,199 --> 00:04:47,090 we know that the three largest vendors with the most amount 58 00:04:47,090 --> 00:04:53,050 of vulnerabilities have been Apple, Microsoft, and Adobe. 59 00:04:53,050 --> 00:04:57,909 So, it's not only operating systems, it's things like Adobe Reader; 60 00:04:57,909 --> 00:05:01,177 or what about Oracle and Java? 61 00:05:01,177 --> 00:05:08,829 Microsoft and Apple didn't even start building an antivirus into their operating systems 62 00:05:08,829 --> 00:05:12,194 until several years ago. 63 00:05:12,194 --> 00:05:14,199 Do we trust them now? 64 00:05:14,199 --> 00:05:19,504 It's up to us to make sure that whatever a vendor is pushing out, 65 00:05:19,504 --> 00:05:25,075 no matter who it is, we make sure that our systems are secure. 66 00:05:25,075 --> 00:05:32,250 Good system management takes into account the entirety of a system, 67 00:05:32,250 --> 00:05:37,464 and that's not just the system that's running your service, for example. 68 00:05:37,464 --> 00:05:42,970 This is the entire, everything that it integrates with. 69 00:05:42,970 --> 00:05:44,935 Let's say that we have, 70 00:05:44,935 --> 00:05:50,655 in Microsoft, let's say that we have an active directory domain, 71 00:05:50,655 --> 00:05:54,300 and we decide to update a domain controller. 72 00:05:54,300 --> 00:05:59,204 Are we prepared to update that domain controller 73 00:05:59,204 --> 00:06:06,074 and push updates to all the other devices that touch that domain controller? 74 00:06:06,074 --> 00:06:08,685 All the computers on the network? 75 00:06:08,685 --> 00:06:11,745 For us, that would be around three to five thousand. 76 00:06:11,745 --> 00:06:15,420 I can't remember the last count of devices. 77 00:06:15,420 --> 00:06:20,730 What happens if that update goes awry? 78 00:06:20,730 --> 00:06:29,845 We've just effectively brought our organization to a screeching halt. 79 00:06:29,845 --> 00:06:33,094 So, we also need to look at the users of the system. 80 00:06:33,094 --> 00:06:38,604 How are the users going to be impacted by whatever we do to the system? 81 00:06:38,604 --> 00:06:43,150 How is the system actually being used as well? 82 00:06:43,150 --> 00:06:46,754 Vendors can't tell you all that information. 83 00:06:46,754 --> 00:06:50,989 They can't tell you how users are going to use a system. 84 00:06:50,989 --> 00:06:56,970 It's the old, you know, you call up tech support and they say, 85 00:06:56,970 --> 00:06:59,384 "Hey, my coffee cup holder isn't working" 86 00:06:59,384 --> 00:07:06,354 and turns out that they were using their CD-ROM drive as a cup holder. 87 00:07:06,354 --> 00:07:09,204 That's how some users use a system. 88 00:07:09,204 --> 00:07:10,829 So understanding 89 00:07:10,829 --> 00:07:21,000 what can be done goes a long way to ensuring we are effective in our system management. 90 00:07:21,000 --> 00:07:26,529 So it's up to you to decide what to do for your own systems, 91 00:07:26,529 --> 00:07:30,716 no matter if it's your home system or an enterprise system. 92 00:07:30,716 --> 00:07:35,345 In conclusion, we've talked a little bit about the vendors 93 00:07:35,345 --> 00:07:37,360 and I can't stress it enough. 94 00:07:37,360 --> 00:07:45,009 You need to decide for your self and for your own organization whether or not the patches 95 00:07:45,009 --> 00:07:50,680 that you are putting in place are the correct action to take at the time.