I must be dumb here, but I don’t quite understand this.
McAfee, Inc. , the anti-spam, anti-virus people, yesterday announced (not yet seen on corporate site. Registration possibly required) they had been granted US Patent 6,725,377 entitled “Method and System for Updating Anti-Intrusion Software.” This technology, they said in a press release, would allow them to update client’s anti-intrusion software automatically by ‘pushing’ the updates to the customer’s network.
“Prior to this patented invention,” McAfee says, “the system administrator for a network would need to have the knowledge that the system or network protection against the specific attack was out-of-date, and then request updated attack pattern information, such as signature updates, from the customer’s anti-intrusion software vendor. The administrator would then have to download the updated attack pattern information and update the deployed security technology.”
I’m no expert on this, of course, but this seems like one of those no-brainer moments. First off, I thought that most anti-intrusion software was updated automatically, checking back regularly to see if new updates were available and then updating them. If so, what’s all this about system administrators needing to have the knowledge that their network protection was out of date? Second, why has it taken the online security community so long to figure out this was a prime candidate for push — where the updated software itself goes out looking for places to update, rather than the other way around?
“Checking back regularly to see if new updates were available and then updating them” is different from server-initiated push. In the first case the client does the request (regardless of the existence of new updates) at specific intervals (with the possibility it didn’t download the latest updates for a number of hours or days after they were first available). In McAfee’s patent, the server distributes the updates as soon as they’re available, it doesn’t rely on a request by the client, and it doesn’t leave a window of opportunity when the newest threats could be effective.
But is not push technology intrusive by definition?