Re: Patching iTunes and Firefox

["Stanclift, Michael" <michael.stanclift () ROCKHURST EDU>]

An MSI for iTunes can be extracted from the downloaded installer, then with a couple modifications can be deployed 
using Group Policy. There is also a third party bundle of Firefox compiled for MSI at 
http://www.frontmotion.com/Firefox/ that we have been using for a while. In the case of Firefox, they usually lag 
behind by a couple weeks in releasing updates, sometimes longer for moves like 3.5 to 3.6, but compared to the 
alternative of having much older versions running around it's not bad.

Another site to check out is http://www.appdeploy.com/ as they have a great KB on most applications. In a lot of cases 
you'll find applications with EXE wrappers around an MSI that can easily be extracted and deployed. In some cases you 
can also run the EXE in a test environment with an before and after tool to create an MSI of the changes.

A good tool to have around also is Orca, it's a Microsoft MSI editor. It's helpful for customizing pre-built MSI files. 
It'll let you edit a lot of things like shortcut creation, language packs, default options, file registrations, etc.

We've managed to move from doing large images with a lot of preinstalled software to creating much leaner ones that get 
updated through GP/MSI installs when they're added to our domain. It also allows us to use the same image for different 
areas based on what applications get pushed to them.

Michael Stanclift | Network Analyst | Computer Services
Rockhurst University | 1100 Rockhurst Road, Kansas City, MO 64110
Phone: 816.501.4231 | Fax: 816.501.4014 | http://help.rockhurst.edu<http://help.rockhurst.edu/>

PHelp keep our campus green, think before you print!
ÏRUCS will never ask you for your password!

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of 
Christianson, Lorrayne K.
Sent: Tuesday, February 09, 2010 10:00 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Patching iTunes and Firefox

We are reviewing the products we place on our "standard image" and, as in years past, are faced with more and more 
products which our clients want, but are hard to patch and keep secure. So we are looking for feedback on how others 
are dealing with patching products such as iTunes and Firefox.


Lori Christianson
Associate Director-Client Services
Information Resources & Technologies
University of St. Thomas
2115 Summit Ave
Mail 5051
St. Paul, MN 55105
(651) 962-6286
lori_c () stthomas edu<mailto:lori_c () stthomas edu>

[cid:image001.png@01CAAA31.14EC2460]

Don't take the bait!  IRT will never ask you for your username and password via email. Phishing e-mails attempt to 
deceive the recipient into giving up private information in a response to a message or by leading the recipient to a 
fraudulent Web site.  Learn more about phishing here<blocked::http://www.stthomas.edu/irt/support/email/phishing.html>.