Third parties can simplify patch process

If you’re frustrated with the patching process too, perhaps it’s time for me to remind you that there are service offerings from third parties. They will not only inform you of the latest patches but also can automate the process of receiving them and installing them …

In my last column, I noted that David Aucsmith of Microsoft’s Security business unit suggested at a conference on online crime that security patches should be installed as soon as they’re available.

Then, last week, Network World Lab Alliance member Rodney Thayer issued a Tester’s Challenge to Microsoft and other operating system vendors to do something to make the patching process simpler for overworked network managers. Simply making patch availability information more readily accessible would be a good start, according to Thayer.

If you’re frustrated with the patching process too, perhaps it’s time for me to remind you that there are service offerings from third parties. They will not only inform you of the latest patches but also can automate the process of receiving them and installing them – Shavlik Technologies’ HFNetChkPro, Ecora’s Patch Manager, St. Bernard Software’s UpdateExpert, RippleTech’s PatchWorks and, possibly the granddaddy of them all, PatchLink.

Since 1996, PatchLink (originally called Gravitix) has been in the forefront of that network niche called patch management by providing network managers an easy way of getting information about new patches and automating the process of acquiring and installing them for all Microsoft, Unix/Linux, Novell NetWare and MacOS X operating systems. In addition, PatchLink maintains a patch profile of every computer (and operating system) that it’s watching and with the ability to rollback previously installed patches so that, at any time, you could completely reconfigure one PC or your entire network of computers quickly and automatically – without ever visiting a server or desktop.

You’d think the operating system vendors would check on the third-party products I mentioned – after all, if people are willing to pay for good patch management then it’s most likely they’re satisfied with the result. Microsoft did incorporate some of Shavlik’s technology in the recently released Baseline Security Analyzer, but the standard patch release system that Redmond uses still leaves a lot to be desired. I was going to say it was “one beer short of a six pack,” but the reality is that it’s at least three or four beers short. If you want to get a better handle on your patching processes you should visit each of the links listed above – one is sure to be right for you.

Tip of the week

This week I’m in Reston, Va., for NetPro’s Directory Experts Conference. If you’re there, stop me and tell me what improvements you’d like to see in the whole patching process. I can’t guarantee changes, but at least I’m willing to listen!