Who's Responsible? System Administrators
System administrators have a large responsibility to ensure that the
computer systems they manage are running smoothly and are up-to-date with
system patches. Because operating system and application manufacturers
release updates periodically, some of which are critical to the system's
stability, security, and use, system administrators are responsible for
managing an organization's computer systems.
Because computer systems nowadays are complex, system administrators are
reluctant to install a patch without fully testing it. Testing ensures
that the patch is backward compatible with existing applications. Because
comprehensively testing patches can take a long time, many system
administrators are reluctant to deploy them individually. Instead, they
wait until they can deploy the patches as a package.
What this often means are vulnerable systems when a worm is created to
exploit a vulnerability. Since current Internet worms spread incredibly
fast, systems may be infected within minutes, as the SQL Slammer worm
demonstrated in January 2003. Other system administrators choose to ignore
patches, hoping that their systems will not be affected. Unfortunately,
they are often wrong.
At Stanford, Administrative Guide Memos 61
broadly define the role of system
administrator, including supporting functions such as "software
distribution and upgrading," "backup & recovery," and "virus protection."
Ensuring that system components are up-to-date is among the many
responsibilities of a system administrator.