Microsoft and Adobe update / patch cycles in sync? Maybe.

According to this article at ZDNet, it looks like Microsoft and Adobe may be in the process of syncing up their patch release cycles (in reality, this looks more like Microsoft is going to continue business as usual and Adobe is going to begin releasing regular updates in concert with the Microsoft monthly updates).  This would be significant because many Microsoft users are already ‘conditioned’ to look for updates on the second Tuesday of each month (Patch Tuesday).  Adobe is, by most counts, the number 2 target for viruses and malicious software and it’s high rate of compromise can be directly attributed to users just not installing updates (how many of you still have Adobe Reader 10, or Adobe Reader 9 or earlier?).  

We see a considerable spike in virus and malware infection, typically starting around the Monday and Tuesday *after* patch Tuesday and after the announcement of a security update for Adobe (or Java, but this is a Microsoft and Adobe article).  In almost every case, the cause of the infection can be attributed to a missed Microsoft update or an outdated version of an Adobe application (e.g., Adobe Reader or Adobe Flash Player) and, in every case where this is true, the virus or malware could not have installed / functioned if the updates had been installed.

For clients with a minimum of 4 workstations, we offer monthly updates at a fixed price of .25 billable hours per workstation and 1 billable hour per server that includes installing the Microsoft, Adobe and Java updates and a general assessment of the computer (checking event logs and antivirus logs, etc.).  In many cases, if a virus / malware item has had time to install, there’s no (timely or cost effective) way to guarantee successful removal without a complete reinstall of Windows (many of the latest viruses, once installed, a) are polymorphic and able to hide very well and b) overwrite (trojan) legitimate system files so that they cannot be reliably found and removed).  Our standard bill rate for a reload is 3 hours so a single reload on a workstation would equate to 12 months of updates.