This article can also be found in the Premium Editorial Download "Information Security magazine: Security survivor all stars explain their worst data breaches."
Download it now to read this article plus other related content.
NetChk Protect 5.5
Price: $17.50 to $35 per seat
|Shavlik Technologies' NetChk Protect 5.5|
Shavlik Technologies' NetChk Protect provides a unique integration of automated patch management and antispyware through a single management console.
Shavlik Technologies' NetChk Protect 5.5 is a unique combination of security tools. It integrates HFNetChk-Pro, the company's flagship patch management product, with its NetChk Spyware antispyware module in a single management console. The result is a smooth path for existing customers who want to add antispyware capabilities, and new customers who can fill two needs in one purchase. But there are some catches.
NetChk Protect works only with Windows machines (it supports Windows XP, 2000 and 2003 Server), which is fine for many shops, but a big red flag to larger, heterogeneous enterprises, particularly for patch management. Also, while NetChk Protect may reduce the chaos on your enterprise network, it won't eliminate it.
The antispyware module is an effective tool to detect and remove spyware from Windows desktops and laptops, with some limitations. It's scan-based, which is good news for security managers reluctant to manage yet another client app. Once a scan is executed, NetChk Spyware reports back to the console and then terminates so it doesn't leave an active application on the remote machine. However, this also means that NetChk Protect has no means of detecting spyware-type activities other than scanning for signatures, nor can it protect against new infections.
The patch and spyware scans are separate; you can't run both at once.
Installing and running NetChk Protect is straightforward and reliable, provided your copies of Windows are set up as they come from Microsoft. But if you make changes in file sharing, administration or security, NetChk Protect may not be able to scan your computers. Personal firewalls, for example, will need to have a pair of TCP ports open for communication with the server. If your personal firewalls aren't centrally managed, you'll need to go to every machine and make the changes. If simple file sharing is turned on, NetChk Protect won't work.
Installation was uneventful; we ran the installer on the machine that's intended to be the console, and entered the license key. After that, you can set up scan groups by entire network, specific domains, specific IP addresses, or IP address ranges. You can either fire off or schedule a scan. If you're like most companies, you'll create your own groups, and appoint a trusted administrator to scan only the group that belongs to them. You can also use Active Directory groups and containers.
Once everything is set up, you'll need to give NetChk Protect's engine an administrator-level user name and password, so that it can install the scanning engine remotely and then execute it.
NetChk Protect does this each time it runs, and it checks to make sure that the remote application is up to date before it sends it out and runs it.
NetChk Protect creates a comprehensive set of reports after a scan. You can easily create custom reports, choosing how they appear.
Within its limits, Shavlik's NetChk Protect 5.5 is a useful tool, although support for operating systems in addition to Windows would make it more attractive to larger organizations. And, getting your network ready to work with NetChk Protect will take some time beyond just setting up the application.
But once it's running and you've configured your network, NetChk Protect provides a useful and effective tool for managing Windows patches and keeping spyware at bay.
This was first published in April 2006