Nominations to the "Hall of Shame" can be entered here
HALL OF SHAME HONOREES
for NON SUPPORTING OF PATCHES
(or extremely bad patching implementations)
| Name of Application | Vendor | Patch Support Status | Good Vendor Award | Vendor statement or customer representation |
| Real Player | Real Networks | Not informing users of Security patch need |
On June 26h, Real Player released a fix to
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=547
but has not publcized it on |
|
| Adobe Acrobat | Adobe | Must "upgrade" with a replacement DLL |
http://www.adobe.com/support/security/bulletins/apsb06-20.html
http://marc.theaimsgroup.com/?l=patchmanagement&m=116542559024778&w=2 |
|
| Apple Quicktime | Apple | No standalone installer - Windows machines install vulnerable version |
http://marc.theaimsgroup.com/?l=patchmanagement&m=116983477503580&w=2
Windows machines can only download a vulnerable version of Quicktime and THEN install the update through Apple's software installer program http://secunia.com/software_inspector/ run Secunia's tool to ensure that you really ARE patched |
|
| Adobe Flash | Adobe | To remove vulnerable old version you have to remove ALL versions | http://www.adobe.com/cfusion/knowledgebase/index.cfm?id=tn_14157 | |
| See listing | Issues with XP sp2 | "Some programs appear to stop responding after XP sp2" Official listing of issues and workarounds | ||
| Any games using copy protection drivers | n/a | no Xp sp2 | no xp sp2 support | |
| MAS 500 | Best Products | No security patch past 04-012, no Windows 2003 sp1 | Patches past 04-012 not 'certified' for support. Customer told to set up on test network | |
| Paint Shop Pro 8 | Jasc.com | Must use workround to install around DEP | http://support.microsoft.com/?kbid=873176 | |
| CCH Trial Balance | CCH | Trial Balance not certified on XP sp2 | http://prosystemfxsupport.tax.cchgroup.com/service/product-compatibility-and-certifications/operating-systems.asp "Trial Balance has not yet been certified." | |
| Unicenter Service Plus | CA | Windows 2003 sp1/IE |
 |
The IE browser on a 2003/SP1 system is not supported at
this time. Please open an Issue with Support if this is a requirement in
your environment.
https://supportconnectw.ca.com/public/uniservplus/infodocs/unispsd60-cert_matrix.asp
Product now supports 2003/sp1 |
| Microsoft Office | Microsoft |
|
[update - Office service packs are now cumulative] |
|
| Apple | Apple | Patch | Steadfast refusal to patch versions of their operating system which may be less than current by as few as 1 version. | |
| Express Options, Express Stock Purchase and Express Insider Forms | Transcentive | No support of XP sp2 |
From their FAQ (requires login and you may need to be a
customer to get into this portion of the site): The new service pack release (Service Pack 2) for Microsoft Windows XP has not been tested on any version of the Express Equity Suite applications. Only Windows XP, Service Pack 1 has been tested on versions of Express Options, Express Stock Purchase and Express Insider Forms that are v4.00 and higher and hence is fully supported. They also still don't support Windows 2003 Server. Interestingly enough their site is littered with the "Microsoft Certified" logo. |
|
| ArcGIS 8.3 | ESRI | Windows 2003 sp1 [DEP] | Must use workround to install around DEP. | |
Symantec/Veritas Enterprise Vault (KVS)
|
Veritas | Not certified to work with Windows 2003 sp1 |
*All items with
followed with an (*) in the charts mean that customers must review the
Enterprise Vault ReadMe and Compatibility Guides with the product to
insure that they are running on a supported SP level with the item(s)
indicated. VERITAS recommends that customers do not enable auto-update
operating system downloads for their server infrastructure. This allows
customers to evaluate the update impact on the operating system, and for
VERITAS time to test and certify these updates. http://www.veritas.com/Products/www/html/Data_Protection/ent_vault_compmatrix.html |
|
| Sparcs | Navis | No XP sp2 | this application runs in 50% on the maritime ports of the world. | |
| Secure Access Manager | Citrix | .NET Service Pack | http://support.citrix.com/article/CTX107165 Requires .NET Framework 1.0 SP2. Will not work if SP3 is installed. | |
| ACT2006 on SBS 2003 | SAGE | must remove sp1 | Vendor recommends removing SBS 2003 sp1 (which is uninstallable, and removing all SQL 2000 sp4 instances in order to install application | |
| Edit Plus | ES Computing | no XP sp2 | ||
| Kirchman Bankway | Kirchman | no sp2 | Vendor simply states that all "new" systems are fully patched when the application is installed. Although in a production environment several patches had to be backed off in order to get the software to work. Seems the company needs their customers to test for them... | |
| DEVCON | Acer | no sp2 | ||
| Sparcs | Navis | no 2k3 sp1 | Server version does not connect to host after installing SP1. |
Nominations to the "Hall of Shame" can be entered here
Please note: For the following summissions I have not placed them in the "Hall of Shame" since reasonable workarounds have been provided by the vendor:
| Name of Application | Vendor | Patch Support Status | Vendor statement or customer representation |
| Timematters | Lexis Nexus | Issues with XP sp2 | Prepare exclusions in the XP sp2 firewall |
Nominations on this site without links to official vendor links have not been independently verified and are based on representations of affected users.
That really annoying tag line that she used to stick in her email all the time.....