The patch that refreshes

I wrote last week that a free utility, MBSA, is now available to scan the Windows XP, 2000 and NT 4.0 machines on your network to find any that lack the latest security patches.Why stop there? Wouldn't it be nice to have something install all those service packs for you?

I wrote last week that a free utility, MBSA (Microsoft Baseline Security Analyser), is now available. This tool allows you to scan the Windows XP, 2000 and NT 4.0 machines on your network to find any that lack the latest security patches.

And, let's face it, on any network of two or more machines, you're bound to find updates you've somehow neglected. (MBSA is available here).

But as nice as this program may sound, why stop there? Now that you've discovered that your network of 1000 seats needs, say, 6539 patches, wouldn't it be nice to have something install all those service packs for you?

That's exactly what some independent software vendors have created. Their products aren't free, but with threats and patches emerging almost weekly, they may be cheaper than doing nothing.

EnterpriseInspector. This product is published by Shavlik Technologies, the company that produced MBSA and earlier programs for Microsoft. As a result, there are numerous similarities, such as searching across a network for needed updates, weak passwords and other problems.

Shavlik adds to EnterpriseInspector with HFNetChkPro. This module remotely "pushes" patches to machines individually or by group.

HFNetChkPro starts at $US1124 per 50 machines, but there's also a free version that pushes only a single patch at a time. Contact the company for pricing on EnterpriseInspector.

ECM and SUM. Configuresoft.com makes two related products named ECM (Enterprise Configuration Manager) and SUM (Security Update Manager).

The first compiles a database of settings and service-pack levels of machines across a network. This includes dealing with Microsoft quirks, such as the fact that installing patch MS02-008 doesn't create a readable Registry entry. A basic function of ECM is to allow IT managers to modify Windows configurations globally.

The second program is an add-on module used to push patches out to machines.

Configuresoft lists ECM at $US995 per server plus $US30 per workstation; SUM at $US30 per server plus $US5 per workstation.

UpdateEXPERT. StBernard.com offers this product at $US780 for 50 machines. It updates many Office-type applications in addition to doing patches.

Service Pack Manager. Gravity Storm Software recently released a new version of its own push program ($US1055 for 50 seats). This adds an Event Log and other features.

Programs such as these stay current in a variety of ways, such as linking via XML to Microsoft, which updates its patch database as new fixes come out.

Next week I'll begin printing your findings with MBSA and its commercial alternatives.

Send tips to Livingston. He regrets that he cannot answer individual questions.

Join the newsletter!

Error: Please check your email address.

Tags patches

More about LivingstonMBSAMicrosoftShavlikShavlik Technologies

Show Comments
[]