Who's Responsible? System Administrators

System administrators have a large responsibility to ensure that the computer systems they manage are running smoothly and are up-to-date with system patches. Because operating system and application manufacturers release updates periodically, some of which are critical to the system's stability, security, and use, system administrators are responsible for managing an organization's computer systems.

Because computer systems nowadays are complex, system administrators are reluctant to install a patch without fully testing it. Testing ensures that the patch is backward compatible with existing applications. Because comprehensively testing patches can take a long time, many system administrators are reluctant to deploy them individually. Instead, they wait until they can deploy the patches as a package.

What this often means are vulnerable systems when a worm is created to exploit a vulnerability. Since current Internet worms spread incredibly fast, systems may be infected within minutes, as the SQL Slammer worm demonstrated in January 2003. Other system administrators choose to ignore patches, hoping that their systems will not be affected. Unfortunately, they are often wrong.

At Stanford, Administrative Guide Memos 61 and 63 broadly define the role of system administrator, including supporting functions such as "software distribution and upgrading," "backup & recovery," and "virus protection." Ensuring that system components are up-to-date is among the many responsibilities of a system administrator.