PaulDotCom mailing list archives

3rd party application patching tools for Windows

From: j2mccluggage at adelphia.net (Jody & Jennifer McCluggage)
Date: Tue, 8 Sep 2009 19:59:22 -0400

Thanks Jack.  The NetChkProtect software looks promising.  I will download
the trial and give it a try.  Another issue that we run into with 3rd party
software is that even if that particular software does allow for automatic
updates (still not an ideal solution for an organization - no central
control or validation)is that many times those updates will not install if
the end-user is not running as a local administrator.

Thanks

-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Jack Daniel
Sent: Saturday, September 05, 2009 7:36 AM
To: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] 3rd party application patching tools for Windows

I have two suggestions-

I used Shavlik tools for many years, mostly NetChkProtect.  This does
agentless credentialed scans (although I think they also have agents
if needed) for a wide variety of products (including Citrix, BES,
VMWare, Mozilla, all the Adobe crap, and much more) from a central
console, reports on what needs to be updated, and can push the patches
(AND pull them back if they bork something).  It can also be used to
deploy supported software- like pushing Firefox out to desktops.
Almost everything can be scheduled, and many things can be automated.
It is easy to set up, especially for small environments, but can be
plugged into bigger environments well, too.  I have installed and run
it from a laptop for remediation situations.  Free trial available,
does some anti-spyware and AV now, too.  Shavlik did the original
tools for MS, and MS still uses them.  Even if you don't use Shavlik,
their patch management newsletter may be of interest.  (Yes, I'm an
Eric Schulte/Shavlik fanboy)

Also, I have not used it myself, but a lot of people like BigFix, and
there are a ton of great people working there.  It is (or can be) more
of a full-blown systems management suite, but it is available in
components.  I think there is a bit of base infrastructure required,
but BigFix can find missing patches and push them out among many other
things.  It doesn't seem to be in near as many small environments as
Shavlik, but if I were headed back into a patching role they would be
on my short list.

As far as others, I don't know what has happened to Patchlink since
they became Lumension, but if you are really exploring alternatives,
they are probably worth a look.  There are also a few scanners which
report on what's missing, some like Secunia offer links and wizards,
but it sounds like you want something that is a true upgrade from WSUS
that will find the problem, report it, and fix it- for that, I really
would look at Shavlik and BigFix.

Jack


-- 
______________________________________
Jack Daniel, Reluctant CISSP
http://twitter.com/jack_daniel
http://www.linkedin.com/in/jackadaniel
http://blog.uncommonsensesecurity.com





On Fri, Sep 4, 2009 at 8:12 PM, Jody & Jennifer
McCluggage<j2mccluggage at adelphia.net> wrote:

Hello everyone,



A few episodes ago Carlos made the excellent observation that many
organizations do not have a centrally controlled automated strategy for
patching 3rd party (non-Microsoft) applications on Windows. ?He correctly
pointed out that Microsoft/Windows Update and WSUS does not patch 3rd

party

applications.? As late as last year, the number one application attack
vector was Office. ?But according to one recent survey, this year the

number

one application attack vector were made up of some ubiquitous Adobe

products

(probably not a surprise to anyone here) so obviously patching only
Microsoft products is no longer a viable solution.

Does anyone have any recommendations of any products (commercial or open
source) that are appropriate for small to mid-size organizations that can
centrally deliver approved 3rd party application patches to Windows
machines?


Thank you,


Jody

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
No virus found in this incoming message.
Checked by AVG - www.avg.com 
Version: 8.5.409 / Virus Database: 270.13.78/2347 - Release Date: 09/05/09
05:51:00

Current thread:

Freeware/Open Source tool to open and Outlook OST file? Adrian Crenshaw (Sep 04)
- Freeware/Open Source tool to open and Outlook OST file? byte.bucket at 4a44.com (Sep 04)
  - Freeware/Open Source tool to open and Outlook OST file? Adrian Crenshaw (Sep 04)
- 3rd party application patching tools for Windows Jody & Jennifer McCluggage (Sep 04)
  - 3rd party application patching tools for Windows Rob Fuller (Sep 04)
    - 3rd party application patching tools for Windows Kim White (Sep 05)
    - 3rd party application patching tools for Windows Tim Krabec (Sep 05)
  - 3rd party application patching tools for Windows Scott Webster (Sep 04)
    - 3rd party application patching tools for Windows Michael Dickey (Sep 06)
  - 3rd party application patching tools for Windows Jack Daniel (Sep 05)
    - 3rd party application patching tools for Windows Jody & Jennifer McCluggage (Sep 08)