Skip to main content

Patching and updating for home and corporate

We all are well aware of the Microsoft patches and windows update.  Same goes for those of us who use itunes and iOS devices, we know Apple Software Update.  Some of us may even patch our Adobe products, which we should since they have been the largest attack vector (http://goo.gl/bOQ3D) for the past 2 years hands down.  This is just at home.... How do you expect the security experts to keep on top of all of these patches in a corporate environment.  The number of patches for Oracle alone is daunting to understand and analyze.

There are ways to do this, you can use some clever software which I will outline below, or you can read ~25 RSS feeds and analyze vendor security bulletins.  I do enjoy doing some of this, but I don't have time to keep on top of all the releases.  Here is some software for home and corporate use to help manage this.

Corporate Patch Management:

  • Microsoft WSUS and SCCM - This is free and a no brainer for patching your desktops in a corporate environment.  If you need tighter control you can implement System Center Configuration Manager (SCCM, formerly SMS) which does a good job.  Microsoft has invested heavily in these products and brought them a lot way from the old SMS days.
  • Shavlik HFnetchk pro - Great product, but the price hasn't fallen as the competition has heated up.  This product does a good job with other products outside of Microsoft, but doesn't support Linux or other *NIX variants.
  • GFI Languard - Cheap tool and does a good job with patching servers or desktops.  Normally I recommend this for servers since it does a good job with general auditing too.  Works well on Linux as well.
  • Lumension Patch Management (formerly Patchlink) - Used this previously, its a mixture of online services and software in house.  Its a good product, and can handle multiple operating systems.  Cost is medium in range.  I haven't used the other components of the suite, but I would be willing to test them out.  When I was using the product it did a great job on Solaris, Linux, and Windows.
  • Manageengine Security Manager Plus - This product was missing some key features in managing the patch lists, but overall it worked well and it was inexpensive.  I love some of the other tools by these guys who also bring us the zoho products.  The product does support Linux as well as Windows.


Wish list : I wish spiceworks would get into this space!

Home Patch Management:

  • Windows Update - Turn it on, and use it at home.  It also manages updates for other Microsoft products if you follow these directions to enable this feature : http://technet.microsoft.com/en-us/magazine/ff642466.aspx
  • Secunia PSI - If you are a moderately advanced user this product does a great job managing updates to all of your other system software.  Highly recommend using this product.  I haven't tested the commercial versions of the products, I would be willing to test them if someone from Secunia contacts me.
  • Mozilla Firefox/Thunderbird - These products and plugins do a good job with updating themselves, but when there is a new release, they don't auto update.  This is something that Secunia would handle, for example moving from Firefox 3.5 to 3.6... or soon from 3.6 to 4.0.  The extensions update themselves well on any of the products from Mozilla.
  • Chrome - This product has the smartest best update system of any.  Since the application resides not in program files, but within the users home directory it doesn't have restrictions on what it can do to its own files.  This is both a blessing and curse in the security realm.  The downside is that if there is a security issue it could compromise the browser binary itself, versus something which is installed in a "secured" location such as program files.  The product will notify you, via a small icon that it has downloaded a new version.  When you close the browser and start it again its switched to it.  

Comments

Skadz said…
Check out CNET's Tech Tracker. Works on both Mac and Windows and checks all of your software for updates.
Unknown said…
Thanks Ryan, I read this comparison.

http://www.howfixcomputer.com/2010/06/02/updaters-revisited-cnet-techtracker-vs-secunia-psi/

I prefered PSI since they are a security company and they focus on security issues with outdated apps.

Popular posts from this blog

Dynatrace Growth Misinformation

For my valued readers: I wanted to point out some issues I’ve recently seen in the public domain. As a Gartner analyst, I heard many claims about 200% growth, and all kind of data points which have little basis in fact. When those vendors are asked what actual numbers they are basing those growth claims on, often the questions are dodged. Dynatrace, recently used the Gartner name and brand in a press release. In Its First Year as an Independent Company, Gartner Ranks Dynatrace #1 in APM Market http://www.prweb.com/releases/2015/06/prweb12773790.htm I want to clarify the issues in their statements based on the actual Gartner facts published by Gartner in its Market Share data: Dynatrace says in their press release: “expand globally with more than three times the revenue of other new generation APM vendors” First, let’s look at how new the various technologies are: Dynatrace Data Center RUM (DCRUM) is based on the Adlex technology acquired in 2005, but was cr

Vsphere server issues and upgrade progress

So I found out that using the host update tool versus Vcenter update manager is much easier and more reliable when moving from ESXi 3.5 to 4.0. Before I was using the update manager and it wasn't working all that reliably. So far I haven't had any issues using the host update tool. I've done many upgrades now, and I only have 4 left, 3 of which I am doing this weekend. Whenever I speak to vmware they always think I'm using ESX, when I prefer and expect that people should move to the more appliance model of ESXi. With 4.0 they are pretty much on par, and I'm going to stick with ESXi. On one of my vsphere 4.0 servers (virtualcenter) its doing this annoying thing when I try to use the performance overview:   Perf Charts service experienced and internal error.   Message: Report application initialization is not completed successfully. Retry in 60 seconds.   In my stats.log I see this.   [28 Aug 09, 22:28:07] [ERROR] com.vmware.vim.stats.webui.startup.Stat

Misunderstanding "Open Tracing" for the Enterprise

When first hearing of the OpenTracing project in 2016 there was excitement, finally an open standard for tracing. First, what is a trace? A trace is following a transaction from different services to build an end to end picture. The latency of each transaction segment is captured to determine which is slow, or causing performance issues. The trace may also include metadata such as metrics and logs, more on that later. Great, so if this is open this will solve all interoperability issues we have, and allow me to use multiple APM and tracing tools at once? It will help avoid vendor or project lock-in, unlock cloud services which are opaque or invisible? Nope! Why not? Today there are so many different implementations of tracing providing end to end transaction monitoring, and the reason why is that each project or vendor has different capabilities and use cases for the traces. Most tool users don't need to know the implementation details, but when manually instrumenting wi