Advertisement
Promo

Office applications Toolkit

Patching up bad patches

Jaclynn Bumback, In-Stat/MDR ZDNet US

Published: 26 Nov 2002 12:38 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

While maintaining patches for software has always been a part of software administration, the increase in deployed software has made the administration and security of software a nightmare for network administrators. As hackers and attackers focus more of their attention on taking advantage of publicly known vulnerabilities in software rather than trying to discover new vulnerabilities, it is becoming increasingly important for companies to secure themselves by installing publicly available software patches.

There are a few issues keeping software patches from being installed on vulnerable systems. These manmade issues include:

  • Determining which systems may be affected
  • Verifying which systems have been patched
  • Patching new systems added to the network
  • Patching systems that may become vulnerable after the initial patching process
  • Coordinating patch installation between both the network administration and security administration staff

To address the issues holding back security patch installation, patch management vendors have built in software inventory tools to keep track of which software is running on which machine. When a security release finds a vulnerability in a specific operating system, for example, the software can easily determine which machines need to be patched.

The security patch software also can verify which systems have been patched, and which still need to be patched. BigFix and Patchlink are both agent-based patch management systems, which have software running on each individual machine that syncs up with the manager. The administrator can push a patch to all machines with a click of a button. Sometimes the patch may not install on a machine, for a variety of reasons. In this situation, the security patch software is alerted that a patch did not successfully install and the administrator can follow-up to make sure that the computer is secured. Additionally, the patch management software may push a patch out to all users; however, some users may not be connected to the network. The patch management software knows that those unconnected machines have not been patched and will patch them as soon as they are connected. Therefore, road warriors will also continually be protected from software vulnerabilities to the same degree as the internal desktops.

Who should handle patches
As companies expand their networks to include more desktops, laptops, and servers, patch management software helps to check the security by ensuring that new systems include all previously issued security patches. In the same respect, through the agent software, computers notify the manager of changes in installed software. The manager can then detect if there are patches that need to be sent out to that machine because of the new software, even though the patches have already been distributed to the other networked computers. Therefore, a computer user who may have recently upgraded to a new version of Outlook would be automatically secured with the patches associated with that Outlook version.

One of the biggest challenges for software patch management vendors is the existing overlap of patch management between network management and security management. From a sales standpoint, the patch management vendors need to accurately find who in the organisation is responsible for ensuring software integrity. Patch management software has traditionally been focused on securing Microsoft software, however, vendors are continuing to expand to Linux, Unix, Mac OS, as well as, Adobe, Symantec, Sophos, WinZip, and others.

The need for a system to manage software patches is being realised, as Microsoft's Windows NT/2000 operating system alone experienced 42 vulnerabilities in 2001, according to SecurityFocus. While Microsoft hopes to reduce the amount of needed patches through its Trustworthy Computing initiative, the need will not diminish. Vendors have come to market to fill the void in managing the many software patches, and are expected to experience healthy growth. Some of the more prominent players in this space include Patchlink, BigFix, and St. Bernard.

Have your say instantly in the
Tech Update forum.

Find out what's where in the new Tech Update with our
Guided Tour.

Let the editors know what you think in the
Mailroom.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
55 out of 92 people found this useful


In association with HP

Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Office applications


Company/Topic Alerts

Create a new alert from the list below:











Video icon

Video

Discussions

CA CA

I'm surprised...

Friday 18 December 2009, 2:13 AM

1 comment
CA CA

Not that I use it....

Friday 18 December 2009, 1:35 AM

1 comment
CA CA

Good...

Friday 18 December 2009, 1:24 AM

1 comment
CA CA

Bottoms up..

Friday 18 December 2009, 1:17 AM

2 comments

View All

Vista Upgrade Blog

Tinsel on the TARDIS

There were shepherds on the hill, and the Doctor popped his head out of the TARDIS and said "you might want to see this" and they were astounded. WHY do we pay for a TV license?... More

Post a comment

Can I have fries with that? (Consumer...

Licence policies of Tech company's have been for a long time both complicated and 'Dick Turpin-esque', people just click 'I agree' without reading the Agreement. I do the same, but... More

1 comment

This Crap Site

How utterly stupid - I am ranked #40 in the top 100 - as a member of this site..... I mean HOW utterly stupid.... I have done sweet FA, I have only rejoined this site after a 3 or... More

2 comments


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters