Images Events Jobs Premium Services Media Kit Network Map E-mail Offers Vendor Solutions Webcasts
IT Management Webcasts:
The Role of Security in IT Service Management

Preparing for an IT Audit

More Webcasts

Search EarthWeb Network

Be a Commerce Partner
KVM over IP
KVM Switch over IP
Baby Photo Contest
Web Hosting Directory
Online Education
Compare Prices
Promotional Golf
Computer Hardware
Holiday Gift Ideas
Imprinted Promotions
Rackmount LCD Monitor
Logo Design
Build a Server Rack

Linked Data Planet Conference & Expo

IT Management : Columns : Executive Tech: Can Patch-Management Companies Survive?

Install What You Need with Windows Server 2008
Windows Server 2008 is Microsoft's most full-featured server operating system yet, so it's ironic that one of its most exciting new features is an install option that cuts out most of the other features. Paul Rubens explores why a Server Core installation makes a great deal of sense in many instances. »

Identify Hardware and Software That Meet Microsoft Standards
The "Certified for Windows. Server 2008" logo identifies hardware and software solutions that meet Microsoft standards for compatibility and best practices with the Windows Server 2008 operating system. »

Windows Server Catalog: Certified Hardware Devices
Search the Windows Server 2008 catalog to find solutions to deploy with confidence. »

Windows Server Catalog: Certfied Servers
Search the Windows Server 2008 catalog to find servers you can deploy with confidence. »

Download the Windows Server 2008 Trial
With Windows Server 2008 you can develop, deliver, and manage rich user experiences and applications, provide a secure network infrastructure, and increase technological efficiency and value within your organization. »

Related Articles
Why Can't Microsoft Catch Its Own Bugs?
Hybrid PC Integrates Keyboard With Slate
Ctrl+Del To Control E-Mail Lists
How Not to Unsubscribe
Sender ID Declines, Domain Keys Shines
- ITSMWatch Newsletter -
Tech Focus: Security

Cybersecurity: Laws Only Go So Far

Mozilla Firefox vs. Internet Explorer: Which is Safer?

Is Your Blog Leaking Trade Secrets?

The Las Vegas Counterfeiting Story: Is Your Privacy Worth More Than a Poker Chip?

Stopping Spammers at The Point of Sale

Product Watch
IOGEAR KVM - Includes Audio/Peripheral Sharing
Coverity Prevent / Coverity Thread Analyzer - Analyze Source Code For Defects, Security Vulnerabilities
USSD Series - SDRAM-Based Solid State Drives to 256 GB
UltraSMS - Send SMS From Your PC
Sentinel Sensors - Wi-Fi Based Temperature Monitoring Especially For Cold Storage

more products >>

Datamation Definitions
data mining
grid computing
network appliance
FREE Tech Newsletters

Visit ServerWatch for summaries of server and development tool updates, the latest on server news and trends, and more.

Can Patch-Management Companies Survive?
November 9, 2004
By Brian Livingston

Brian Livingston Who would have thought that a day would come when there are far more companies selling ways to patch PC operating systems than there are companies selling PC operating systems?

That's where we find ourselves now. The Microsoft Corp.'s Windows operating system ships on more than 93 percent of PCs worldwide, according to a report by market-research firm IDC.

Meanwhile, there are at least 21 major players in the business of providing patch-management software that simplifies the maddening task of applying the scores of fixes that come out each year for Windows, Microsoft Office and other programs, according to a recent buyer's guide by Jeff Fellinge in Windows IT Pro magazine.

I don't know whether having so many companies in this space is a good thing or a bad thing, but one thing's for sure — it's a whole 'nother layer of software that IT managers didn't have to grapple with just a few years ago.

Live And Let Die

There's so much ferment in solutions for patch management that John Dix, the editor of Network World, a weekly tech magazine, recently challenged all the vendors to a "virtual showdown" — an online debate beginning Nov. 15 on how best to patch. In his announcement, Dix implied that there would soon have to be a consolidation of the major providers, who now come in three configurations:

Pure-Play Patch Management. These are specialized companies, such as Shavlik Technologies and Big Fix, which concentrate almost entirely on patching operating systems and applications.

Server And Desktop Management. Firms such as Configuresoft and Altiris, which traditionally have focused on computer asset management, are increasingly moving into patch management as well.

Security Scanning. Companies that grew famous on their antivirus and vulnerability scanning tools, such as McAfee and Symantec, are also building up their offerings in the patch-management field.

Can all of these players continue to innovate without some of them falling by the wayside? Dix declined to comment for this article.

Don't Get Out The Embalming Fluid Yet

One of the standalone patch-management vendors makes a strong case that the specialized firms will have a continuing role for a long, long time.

"There are a handful of standalone patch-management companies: Shavlik, Patchlink, Big Fix, Ecora, St. Bernard," says Eric Schultze, the chief security architect of Shavlik Technologies. "Any of the other vendors use one of those five companies' technology," he notes, citing Configuresoft as an exception that has built its own solution.

Patch-management software, in this view, is a product that you can either buy from its original developer or from a major-label software publisher with only cosmetic differences.

"We've decided that we want to be the 'Intel Inside' of the patch-management market," Schultze explains. "We have technology that's used by Symantec, BMC Software through its Marimba acquisition, iPass, Bindview, NetIQ, Executive Software, and in some sense Microsoft. The Microsoft Systems Management Server 2.0 and SMS 2003, its patch-management detection engine, is an older version of the Shavlik engine." Symantec obtained a relationship with Shavlik through the larger corporation's February 2004 acquisition of On Technology, which had previously signed a deal with Shavlik.

In addition to business opportunies for the specialized firms to provide technology to the larger, more established companies, there are plenty of new challenges that IT leaders will need help to confront, Schultze says. Shavlik itself is moving into "spyware management," for example.

Spokespersons for McAfee and Symantec did not provide company executives for comment on this subject by press time.

Nailing Down The Patch-Management Market

Others also see plenty of openings for players of all sizes. "Patch management software for Windows is still in its infancy, really. Microsoft is still working out the kinks in providing companies with reliable patches in a consistent format," says Fellinge, the author of the patch-management buyers' guide.

"Patch management software must do three things right: deploy patches reliably, scan systems accurately, and provide solid reports of enterprise patch status," he explains. "I think that in the short term there is room for small and large vendors — but those companies that get these three points at a reasonable price will nail the market."


We may question why we have to install multiple security upgrades every month — but the reality is that this is going to continue to be a fact of life, now that hackers around the world have learned how easy it is to exploit holes in Windows and other software.

Simply setting Microsoft's "Windows Update" program on automatic and letting it do its thing is a poor defense for most companies. Major enterprises must test all new patches before deploying them. And even small businesses must use separate, nonautomatic systems to update non-OS software, such as Microsoft Office, which has its own upgrade procedure.

The need to handle all these application changes is so great that most of the patch-management vendors seem likely to stick around for the duration — whether their code retains its original name or takes on the logo of a more famous software publisher.

Brian Livingston is the editor of and the co-author of Windows Vista Secrets and 10 other books. Send story ideas to him via his contact page. To subscribe free and receive Executive Tech via e-mail, visit our signup page.

Add to your favorites
Add to your browser search box
IE 7 | Firefox 2.0 | Firefox 1.5.x
Receive news via our XML/RSS feed

Executive Tech Archives



Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks
Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: 7.0, Microsoft's Lucky Version?
Microsoft Article: Hyper-V--The Killer Feature in Windows Server 2008
Avaya Article: How to Feed Data into the Avaya Event Processor
Microsoft Article: Install What You Need with Windows Server 2008
HP eBook: Putting the Green into IT
Whitepaper: HP Integrated Citrix XenServer for HP ProLiant Servers
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 1
Intel Go Parallel Portal: Interview with C++ Guru Herb Sutter, Part 2--The Future of Concurrency
Avaya Article: Setting Up a SIP A/S Development Environment
IBM Article: How Cool Is Your Data Center?
Microsoft Article: Managing Virtual Machines with Microsoft System Center
HP eBook: Storage Networking , Part 1
Microsoft Article: Solving Data Center Complexity with Microsoft System Center Configuration Manager 2007
Intel Video: Are Multi-core Processors Here to Stay?
On-Demand Webcast: Five Virtualization Trends to Watch
HP Video: Page Cost Calculator
Intel Video: APIs for Parallel Programming
HP Webcast: Storage Is Changing Fast - Be Ready or Be Left Behind
Microsoft Silverlight Video: Creating Fading Controls with Expression Design and Expression Blend 2
Downloads and eKits
Sun Download: Solaris 8 Migration Assistant
Sybase Download: SQL Anywhere Developer Edition
Red Gate Download: SQL Backup Pro and free DBA Best Practices eBook
Red Gate Download: SQL Compare Pro 6
Iron Speed Designer Application Generator
Tutorials and Demos
How-to-Article: Preparing for Hyper-Threading Technology and Dual Core Technology
eTouch PDF: Conquering the Tyranny of E-Mail and Word Processors
IBM Article: Collaborating in the High-Performance Workplace
HP Demo: StorageWorks EVA4400
Intel Featured Algorhythm: Intel Threading Building Blocks--The Pipeline Class
Microsoft How-to Article: Get Going with Silverlight and Windows Live