RE: Deploying Microsoft patches

From: Chris Alliey (calliey_at_comcast.net)
Date: 07/12/03

  • Next message: NR: "Re: cracking tool named 'nc' ?" 
    To: "'Su Wadlow'" <swadlow@utdallas.edu>, <security-basics@securityfocus.com>
Date: Fri, 11 Jul 2003 20:51:34 -0400

    The down side to SUS is it only does critical updates, and doesn't do
    service packs.

    I personally use Patchlink (www.patchlink.com) - which has always rated
    one of the best (most times the best). It costs a little to initially
    get it setup, but maintenance is as low as $15 a windows machine - per
    year. Add that to a ~$1200 console (paid once) and your golden.
    Patchlink is also what I consider an enterprise solution, as it handles
    Windows platforms and software, Unix (a number of commercial flavors -
    including RedHat Linux), it also does Netware. With this price, you
    also get email notification of all patches that come out on these
    platforms (down to media player patches). It also comes with additional
    abilities that allow you to deploy other software (Adobe Acrobat Reader,
    WinZip, ....) You can also add your own packages. I just created one
    that scheduled defrags on my windows 2000 servers (SUS certainly can't
    do that).

    When you are talking about an enterprise solution, you can't beat this.
    If you are talking about a small shop that can't afford a little money
    ($1500 gets the console and 17 Windows clients for the first year, $250
    covers you for the next year), then SUS might be a good solution.

    Another option if you are in a small environment is HFNETCHKLT
    (http://www.slavlik.com) is free for the first 50 clients you use it on.
    There is no time limit on this product, and it is free to use. Though
    it is much better then SUS, it still doesn't compare to PatchLink
    (IMHO).

    Good luck.

    Chris

    -----Original Message-----
    From: Su Wadlow [mailto:swadlow@utdallas.edu]
    Sent: Friday, July 11, 2003 2:28 PM
    To: security-basics@securityfocus.com
    Subject: Re: Deploying Microsoft patches

    --On Friday, July 11, 2003 2:47 AM -0700 Ronish Mehta
    <sf_mail_sbm@yahoo.com> wrote:

    > Currently we are deploying patches manually, and this
    > is very time consuming, and we are not able to keep
    > uptodate with the latest patches being released by
    > Microsoft
    >
    > Anyone who has an automated process for deploying

    Microsoft Software Update Services.

    <http://www.microsoft.com/windows2000/windowsupdate/sus/default.asp>

    Basically a company-internal version of Windows Update. Note that you
    can't use it to apply service packs; but it's *great* for applying other
    patches. And it's one product that you don't have to pay MS for. :-)

    We've been using it for patch deployment for over a year now, and it
    works great. Takes all the manual labor out of keeping our systems up
    to date. 

    -- 
Su
------------------------------------------------------------------------
---
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top
analysts! The Gartner Group just put Neoteris in the top of its Magic
Quadrant, while InStat has confirmed Neoteris as the leader in
marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access
in about an hour, with no client, server changes, or ongoing
maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
------------------------------------------------------------------------
----
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
  • Next message: NR: "Re: cracking tool named 'nc' ?"

    Relevant Pages

    • RE: Deploying Microsoft patches
      ... > You can't use a domain controller as a SUS ... > How can you apply different patches to w2k and win xp ... >> a DC as a client. ... The Gartner Group just put Neoteris in the ...
      (Security-Basics)
    • Re: Patch/Update Management questions
      ... SUS only does Windows patches and IMHO there's no comparison. ... Fixed a bug where DirectX 4.7 patches were being suggested for Windows ... > How does SUS compare to HFNetChkPro? ...
      (microsoft.public.windows.server.sbs)
    • RE: Deploying Microsoft patches
      ... I don't know how good it is, as I am just deploying it myself, but if it ... One other thing, over half the patches they announce, don't require you ... SUS seems to have good documentation, ... The Gartner Group just put Neoteris in the top of its Magic Quadrant, ...
      (Security-Basics)
    • RE: Deploying Microsoft patches
      ... There is a SA version of SUS that can do OS patches and _some_ ... Bear in mind that SUS only supports OS patches. ... > The Gartner Group just put Neoteris in the top of its Magic Quadrant, ... > in about an hour, with no client, server changes, or ongoing maintenance. ...
      (Security-Basics)
    • Re: Deploying Microsoft patches
      ... How can you apply different patches to w2k and win xp ... I just set up SUS and deploy it through group policy. ... > a DC as a client. ... The Gartner Group just put Neoteris in the ...
      (Security-Basics)