InfoWorld
Lead with Knowledge
HOME/ SITEMAP
SUBJECT INDEXES
ABOUT US
WHITE PAPERS

Learn to secure your PCs from new and unknown hacker attacks.

Free IDC White Paper - Discover Secure File Sharing for the Enterpriseattacks.

SEARCH:  
Home  //  Community //  Opinions //  Article
Print Article    Email Article
Window Manager
Brian Livingston
The patch that refreshes

I WROTE LAST week that a free utility, MBSA (Microsoft Baseline Security Analyzer), is now available. This tool allows you to scan the Windows XP, 2000, and NT 4.0 machines on your network to find any that lack the latest security patches. And, let's face it, on any network of two or more machines, you're bound to find updates you've somehow neglected. (MBSA is available at http://www.microsoft.com/technet/security/tools/tools/mbsahome.asp.)

But as nice as this program may sound, why stop there? Now that you've discovered that your network of 1,000 seats needs, say, 6,539 patches, wouldn't it be nice to have something install all those service packs for you?

That's exactly what some independent software vendors have created. Their products aren't free, but with threats and patches emerging almost weekly, they may be cheaper than doing nothing.

EnterpriseInspector. This product is published by Shavlik Technologies (http://www.shavlik.com), the company that produced MBSA and earlier programs for Microsoft. As a result, there are numerous similarities, such as searching across a network for needed updates, weak passwords, and other problems.

Shavlik adds to EnterpriseInspector with HFNetChkPro. This module remotely "pushes" patches to machines individually or by group.

HFNetChkPro starts at $1,124 per 50 machines, but there's also a free version that pushes only a single patch at a time. Contact the company for pricing on EnterpriseInspector.

ECM and SUM. Configuresoft.com makes two related products named ECM (Enterprise Configuration Manager) and SUM ( Security Update Manager).

The first program compiles a database of settings and service-pack levels of machines across a network. This includes dealing with Microsoft quirks, such as the fact that installing patch MS02-008 doesn't create a readable Registry entry. A basic function of ECM is to allow IT managers to modify Windows configurations globally.

The second program is an add-on module used to push patches out to machines.

Configuresoft lists ECM at $995 per server plus $30 per workstation; SUM at $30 per server plus $5 per workstation.

UpdateEXPERT. StBernard.com offers this product at $780 for 50 machines. It updates many Office-type applications in addition to doing patches.

Service Pack Manager. Gravity Storm Software (http://www.securitybastion.com) recently released a new version of its own push program ($1,055 for 50 seats). This adds an Event Log and other features.

Programs such as these stay current in a variety of ways, such as linking via XML to Microsoft, which updates its patch database as new fixes come out.

Next week, I'll begin printing your findings with MBSA and its commercial alternatives.




RELATED SUBJECTS

Security

MORE >
SUBSCRIBE TO:    E-mail Newsletters  InfoWorld Mobile InfoWorld Magazine
Home  //  Community //  Opinions //  Article Print Article    Email Article
Back to Top
 ADVERTISEMENT
 

SPONSORED LINKS

Learn to secure your PCs from new and unknown hacker attacks.
Click here to receive a FREE Success Kit from Oracle.
SPEED, PERSONALIZATION AND INTEGRATION: THE KEY TO E-COMMERCE SUCCESS.
Protect Your Data: Get your FREE Enterprise Backup Intelligence Kit from ADIC.
New HP digital projectors — click now for limited-time introductory offers.

SUBSCRIBE
E-mail Newsletters
InfoWorld Mobile
Print Magazine

Web-based training
ABOUT INFOWORLD  |  SITE MAP  |  EMPLOYMENT  |  PRIVACY  |   CONTACT US

Copyright 2002 InfoWorld Media Group, Inc.