Microsoft's patch manager gets a refresh

By Margie Semilof, News Director 21 Apr 2006 | SearchWinIT.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Some might say that comparing Microsoft's free Windows patching tool, WSUS, to a full-blown patching tool that comes with a price tag would be like comparing a KIA to a Mercedes-Benz.

But Windows Software Update Services (WSUS) 3.0, which makes its formal debut next week at the Microsoft Management Summit in San Diego, Calif., is looking less and less like the humble patch management tool of yore.

According to a blog posting by Craig Marl, a Microsoft program manager, the new WSUS will offer a new user interface, custom views based on products, classifications, sync date and the groups the updates are approved for. Also there is new filtering based on approvals and the status of a client.

In WSUS, the notion of approved for detection goes away. Users can build views where they can see which updates are unapproved and needed by clients. WSUS 3.0 will also allow for nested target groups, Marl said.

Many of the features Microsoft added to the 3.0 version of WSUS have long been available in paid-for products.

Originally called SUS 2.0, Microsoft renamed twice -- first WUS and then WSUS. WSUS was finally released in June 2005. Each version has offered more granular control of patching.

There is, however, one big downside to the product: It can only patch Microsoft platforms and not even all Microsoft platforms at that. Third-party patch managers can usually support Linux and Unix as well as third-party applications. WSUS also does not support uninstalls. That feature is part of Systems Management Server (SMS), Microsoft's fully featured desktop management software package.

One IT expert said that IT shops are using WSUS and scaling it out more than she believes anyone -- including Microsoft -- would have ever anticipated. "The OS has to support patch management," said Susan Bradley, a Microsoft MVP and CPA at Tamiyasu, Smith, Horn and Braun, a Fresno, Calif., accounting firm. "If it's being used more than you thought, then you built it better than you thought. You just have to have patch management built into the OS."

Bradley uses a patch manager from Shavlik Technologies, in Roseville, Minn., because she says it gives her more control than she would get from WSUS. "It's one of those things. You get what you pay for."

Other vendors that make patch management products are Altiris Inc., Configuresoft Inc., Ecora Software Corp., St. Bernard Software, Patchlink Corp. and BigFix Inc.

This article originally appeared on SearchWinIT.com.

Tags: Security Patch Management,  Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Security Patch Management Squad: Tokenization, Phishing and the Feds Should management processes change based on a patch release schedule? Should Windows Mobile updates come from Microsoft? Adobe updates ColdFusion, JRun, Flex Trusteer CEO criticizes Adobe, touts better patch deployments Patch management study shows IT taking significant risks Vulnerability mitigation study shows need for faster patching Microsoft to issue security report card, new tool at Black Hat How to manage patches for Adobe When is it suitable to remove Java updates? Windows Security: Alerts, Updates and Best Practices Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending Attackers target Microsoft IIS; new SMB flaw discovered Microsoft repairs Windows media, TCP/IP vulnerabilities Microsoft five critical updates won't include IIS

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary attack vector  (SearchSecurity.com) back door  (SearchSecurity.com) ethical worm  (SearchSecurity.com) Patch Tuesday  (SearchSecurity.com) zero-day exploit  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary