Forum Stats

  • 3,854,123 Users
  • 2,264,322 Discussions
  • 7,905,571 Comments

Discussions

Oracle Patches , Virus and Malware. Fight between security team and dba's

user8398205
user8398205 Member Posts: 1
edited May 28, 2020 2:33PM in Database Security - General

Hi Everyone

So based on my heading, I am sure alot of your heads were turning and like, Really ? What a question.

So reality is I am a oracle technical specialist for the last 20 years and have never came across any issues with Oracle Patches. However recently, our security team has prevented my team from downloading oracle patches, as they reckon they have to scan them for malware and virus's.

This has created such a pain in our lives as it takes them days to provide us with patches.

So my question is, what security is in place that ensures downloading from Oracle patches, is safe and secure ?

Has there been ever a recorded case , of oracle patches having malware or virus's.

Please I would appreciate answers, so that I can formally take this up with the security team.

they have yet to provide me with valid concerns or proof.

pmdbaEdStevensEmad Al-Mousa

Answers

  • EdStevens
    EdStevens Member Posts: 28,778 Gold Crown
    edited May 20, 2020 10:25AM
    user8398205 wrote:Hi EveryoneSo based on my heading, I am sure alot of your heads were turning and like, Really ? What a question.So reality is I am a oracle technical specialist for the last 20 years and have never came across any issues with Oracle Patches. However recently, our security team has prevented my team from downloading oracle patches, as they reckon they have to scan them for malware and virus's.This has created such a pain in our lives as it takes them days to provide us with patches.So my question is, what security is in place that ensures downloading from Oracle patches, is safe and secure ?Has there been ever a recorded case , of oracle patches having malware or virus's.Please I would appreciate answers, so that I can formally take this up with the security team.they have yet to provide me with valid concerns or proof.

    I'd be curious as to what they (non-Oracle people) are doing to confirm that the patches are acceptable . . .

    pmdba
  • pmdba
    pmdba Member Posts: 103 Bronze Badge
    edited May 21, 2020 1:16PM

    Wouldn't confirmation of the checksum for the patch download be enough to confirm that what was received is what Oracle released? i.e. not modified with a virus? Even the US DOD doesn't require more than that, and whatever default virus scan occurs as the files are downloaded...

    EdStevensEmad Al-Mousa
  • Emad Al-Mousa
    Emad Al-Mousa Member Posts: 716 Bronze Trophy
    edited May 28, 2020 2:33PM

    to add/clarify what pmdba said, when you download the patch from Oracle Support website....there is check sum md5 value of the file so after download you can perform verification.