5 Questions about Patch Management Software
- By Stephen Swoyer
- August 09, 2004
It may not seem like it, but patch deployment tools have come a long way in a short time. Purchase a tool from one of the leading vendors today, and you’re getting integrated scanning and deployment facilities, support for both desktops and servers, granular scheduling and coverage of a wide variety of applications, technologies, and operating systems. The same wasn't true as recently as three years ago.
There are key differences among tools, though. Some are agent-less, others are agent-based and some support both. Some tools support non-Microsoft platforms – Sun’s Solaris and Linux are the most popular alternatives – while many remain Microsoft-only plays. Some tools offer more robust or flexible reporting, while others boast support for features like patch rollback.
And that’s just the beginning. A complete rundown of each vendor’s support for Microsoft’s technology stack would make for a pretty hefty PDF file. Shavlik Technologies’ HFNetChk Pro 4.3 product, for example, supports all current Microsoft operating systems, including Windows NT 4.0, along with several versions of Office, Internet Explorer, DirectX, IIS, Exchange and SQL Server. St. Bernard Software supports all of these technology offerings in a single product -- UpdateExpert. Ecora Software covers almost all of this software stack – with the exception of DirectX. But Shavlik supports several versions of Red Hat Linux, while Ecora supports Sun Solaris. You get the picture.
One thing seems certain, however: Today’s patch management tools are a cut above Microsoft’s free Software Update Services (SUS) offering. Whether it’s blanket or near-blanket coverage of Microsoft’s operating systems and applications (SUS doesn’t support Windows NT 4.0, for example), bandwidth management or throttling capabilities, integrated reporting or policy-based patch management, most of the users we spoke with say that commercial patch management tools – including Microsoft’s Systems Management (SMS) 2003 -- successfully address SUS’ most glaring shortcomings.
Oh yeah, and some users say they’re a heckuva lot easier to use, too.
“We tried to use [SUS] before deciding to purchase a solution,” says Andrea Dahl, a Windows administrator with a municipal credit union based in the Southeast. “We could not get it working and multiple people spent time troubleshooting [it]. It's supposed to be easy, but it wasn't, and we didn't think that you could call Microsoft for support.”
Dahl, like many other users, turned to a commercial patch management solution – in this case, St. Bernard Software’s UpdateExpert.
Sorting through the glut of available patch management tools can be a confusing task. We can't do it for you, but we can provide a framework to help. What follows is five important issues to make sure you've considered when selecting a patch management tool.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.