Discussions
Categories
- 17.9K All Categories
- 3.4K Industry Applications
- 3.4K Intelligent Advisor
- 75 Insurance
- 537.7K On-Premises Infrastructure
- 138.7K Analytics Software
- 38.6K Application Development Software
- 6.1K Cloud Platform
- 109.6K Database Software
- 17.6K Enterprise Manager
- 8.8K Hardware
- 71.3K Infrastructure Software
- 105.4K Integration
- 41.6K Security Software
Oracle Patches , Virus and Malware. Fight between security team and dba's

Hi Everyone
So based on my heading, I am sure alot of your heads were turning and like, Really ? What a question.
So reality is I am a oracle technical specialist for the last 20 years and have never came across any issues with Oracle Patches. However recently, our security team has prevented my team from downloading oracle patches, as they reckon they have to scan them for malware and virus's.
This has created such a pain in our lives as it takes them days to provide us with patches.
So my question is, what security is in place that ensures downloading from Oracle patches, is safe and secure ?
Has there been ever a recorded case , of oracle patches having malware or virus's.
Please I would appreciate answers, so that I can formally take this up with the security team.
they have yet to provide me with valid concerns or proof.
Answers
-
user8398205 wrote:Hi EveryoneSo based on my heading, I am sure alot of your heads were turning and like, Really ? What a question.So reality is I am a oracle technical specialist for the last 20 years and have never came across any issues with Oracle Patches. However recently, our security team has prevented my team from downloading oracle patches, as they reckon they have to scan them for malware and virus's.This has created such a pain in our lives as it takes them days to provide us with patches.So my question is, what security is in place that ensures downloading from Oracle patches, is safe and secure ?Has there been ever a recorded case , of oracle patches having malware or virus's.Please I would appreciate answers, so that I can formally take this up with the security team.they have yet to provide me with valid concerns or proof.
I'd be curious as to what they (non-Oracle people) are doing to confirm that the patches are acceptable . . .
-
Wouldn't confirmation of the checksum for the patch download be enough to confirm that what was received is what Oracle released? i.e. not modified with a virus? Even the US DOD doesn't require more than that, and whatever default virus scan occurs as the files are downloaded...
-
to add/clarify what pmdba said, when you download the patch from Oracle Support website....there is check sum md5 value of the file so after download you can perform verification.