KUALA LUMPUR, July 19 (Bernama) – Cybersecurity firm Kaspersky said all its software updates are accompanied by a significant number of internal tests and checks, and the release will not be rolled out to customers until they are passed.
In a statement, it said that to avoid situations such as the global information technology outage that affected airlines, banks and media companies today, Kaspersky noted that information security vendors need to be highly responsible for the quality of the updates they release.
Kaspersky head of threat research Alexander Liskin said it is already known that the outage was caused by a software update issue released by cybersecurity vendor Crowdstrike.
“As for Kaspersky, since 2009, we have been running an internal framework to prevent mass failures among customers.
“Within this framework, each update undergoes a multi-level quality check. This allows us to fix every problem identified before a release, analyse the reasons behind each issue and develop preventive measures accordingly,” he said.
At this stage, it is difficult to estimate how long it will take to fix the issue as the difficulty lies in the fact that when such a problem occurs, each device (computer, laptop or server) must be rebooted into safe mode manually, explained Liskin.
This cannot be done using management tools, he said, adding that this is indeed a serious problem that has affected numerous processes, including those in critical infrastructure.
Liskin said it is also important to adhere to the principle of a granular release of updates, meaning they are not distributed globally to all customers simultaneously but gradually so that any unforeseen failure is possible to localise and fix quickly.
-- BERNAMA
