What advice would you give to other IT pros who are facing the problem of patching many remote and mobile desktops?
Keep your PC operating systems up-to-date ... [and do] frequent updates to [your] antivirus software. Any computer that accesses the Internet directly should also have personal firewall software installed. How did the Melissa virus affect SYSCO?
SYSCO as a whole did not take a big hit with Melissa. Each of our operating companies operate independently, and a few were using Exchange at that time. I recollect that there were a few infections.
In the Arizona offices, we were using TAO for our e-mail, and Internet access was not available to our users at the desktop. (TAO, or The Ace Orb, is open-source middleware that allows other programs to work together smoothly.) The e-mail application and client executables were located on a local server, which is always kept current with antivirus software updates. The TAO e-mail server also had antivirus software, which scanned all incoming and outgoing e-mail for viruses. Since infections could only take place from e-mail file attachments or media brought in, the Arizona office did not suffer from Melissa. What problems were you having with security updates? How did those problems impact your and your company's productivity?
Generally, somebody would phone me with a desktop [repair] issue that required me to pay a visit. During that visit, I would update any programs that required updating. This left many PCs in various states of not being current.
Productivity would generally be affected in two ways. For me, I was tied up at somebody's PC updating versions of software or drivers, as well as trying to resolve a problem. If the end user didn't have an open PC nearby, they were just waiting for me to finish. How do you use Patch Manager today?
Patch Manager is still beta software but works great. I know within a short amount of time what patches are installed on each of my PCs. I can even choose to install an important patch immediately or schedule it for a later time. On laptop computers, I can even schedule an installation during a time after they have 'left the network' -- when the laptop is physically not on our network anymore. The patch will install at the scheduled time. Although your office escaped from Melissa, you decided to beef up security against future attacks. How did you go about finding a security solution?
Ecora's Patch Manager accidentally fell into our laps. I had been talking to an associate prior to our company's conversion to Microsoft Active Directory. He recommended Ecora's main inventory application. During talks with Ecora, I learned about Patch Manager, which can scan each PC for its current level of patches. That fit my needs, since I had to identify that current status of each PC and get the appropriate patches prior to implementing Active Directory. Does Patch Manager completely solve the problem of deploying patches?
I don't think any software package can completely solve the problem of deploying patches. It helps you keep remote users up-to-date by scheduling scans during times remote users are connected to your network. Then you can use the data from the scan to schedule the deployment of the patches. Could you describe the implementation of Patch Manager?
It was as easy as running the setup program. Configuration was fairly easy. Ecora's rep walked me through doing a scan on the phone. It took us about 15 minutes to go over the finer points.