Shavlik Technologies's response was unlike any of the others we evaluated. Shavlik did an excellent job explaining the features of its product, HFNetchkPro. If anything, we got more detail than we needed. It also offered two distinct deployment scenarios: one centrally managed and the other for distributed management.
Beyond that, however, Shavlik didn't make any attempt to discuss its product in terms of our RFP's requirements, environment description and pain points. As a result, we had to pick through the response to figure out what applied to our company.
Like St. Bernard, Shavlik offers the option of using agent-based or agentless options, which would give us a lot of flexibility. The agents (local copies of hfnetchk.exe) check in with the server and automatically download any missing patches. HFNetchkPro was the only suggested product that's agents perform automatic bandwidth throttling, a big plus for distributed environments.
The agent and agentless architectures aren't well integrated. Both options allow for local patch repositories to reduce overall traffic, but each requires its own coordinating and local servers, and its own consoles. Agentless machines have to be grouped manually, while the agent devices can be grouped dynamically.
Shavlik is the only vendor we examined that doesn't test patches for interoperability conflicts. It basically checks to ensure that its patch installs like Microsoft says it will.
We had security concerns with the agentless technology. The local distribution servers can use UNC, which leaves systems open to worms and viruses seeking to exploit open file shares. Further, it uses native Windows logons for authenticating as admins to the clients, meaning credentials are transmitted in cleartext or easily broken hashes.
This was first published in May 2005