Managing Patches In A Community

Patch management itself can be a very challenging task for many organizations.  What is the best patching policy?  What if I have questions about a patch?  Vendors can supply their own ideas or troubleshooting tips, but there are times that people who are responsible for their own companies patch management have the best support and ideas.

Patchmanagement.org is a community of patch management experts that provide support to each other.  They communicate through an email list that is not owned or directed by any vendor.  All content is provided by the community itself.

I have been a part of this community for a few years and it is an invaluable resource for me.

If you would like to learn more or join, please visit Patchmanagement.org.

For Microsoft WSUS users, there is also a community specifically designed for you.  The WSUS mailing list can also be found on that web page.

– Jason Miller

You Can’t Protect What You Don’t Know You Have…

One of the most important IT business practices that every company large and small should engage in is IT asset management. To ensure your various software and hardware assets are both visible, and measurable over their useful life – generally the use of automated tools to manage the discovery of these types of assets is very important. The ability to establish a complete and accurate picture of your current base of information technology assets not only will have an impact on your ability to properly support your current base of users, but it will also have a direct impact your ability to identify and remediate any type of previously unidentified vulnerabilities.

One of the key steps that necessary to take relative to the implementation of a good IT asset management methodology is the ability to define a measurable process to manage these assets from acquisition through final disposition. This process should include the following components:

Item 1 – Establish a clear set of policies around the acquisition and appropriate use of these type of assets. This process should include a means of tracking existing software and hardware assets, capturing, at a minimum, product name, version, and manufacturer. Additionally, this information can be used to proactively determine software license compliance – which should be measured annually.

Item 2 – Once the asset(s) (software or hardware) have been acquired, you’ll need to implement some form of automation to track their status – from their initial deployment to their disposition. Considering the frequency by which systems and applications change, this type of “best practice” will help optimize the use and performance of these assets throughout their useful life.

There was an excellent article published recently titled, “Back to Basics: 5 Things IT Could Do Better in 2010” – that does an excellent job touching on the importance of asset inventory management. The author and I agree – we both firmly believe that asset inventory management is important security best practice.

http://www.technewsworld.com/story/Back-to-Basics-5-Things-IT-Could-Do-Better-in-2010-68662.html?wlc=1258469771

Other advantages that can be realized from a well throughout IT asset management program centers around:

Help Desk / Support Reduction – The asset management information you able to garner is invaluable in terms of diagnosing individual system problems, as well as minimizing end-user downtime. Help Desk or Client Support should have access to individual system details directly from whatever system you put into place – which will certainly help improve support levels via a more accurate diagnosis of the problem.

Risk Reduction – These days, with the sheer number of vulnerabilities on the rise, the ability to accurately assess your inventory of both software and hardware go a long way towards helping you reduce risk. It’s very difficult to protect yourself from things that your unaware of…thus (again) the importance of good automation to assist with the process.

In summary…by better understanding the types of assets you currently manage, you’ll quickly realize a much greater level of efficiency, as well as reduce your potential for risk.

Dave Eike

Shavlik Technologies

Patching Non-Microsoft Products

So just exactly which products are patched with Shavlik NetChk?  We have a wide variety ranging from Microsoft to Adobe.  You can find a full listing of the supported products here.

This list is updated automatically each time we release new patch XML.

– Jason Miller

Apple Application Support – Round 3

Apple released a new version of their Safari browser last week.

Question:  What does an Internet browser have to do with an Apple iPhone?
Answer:  Apparently everything!

Apple is now bundling Apple Application Support with their Safari browsers.  If it is not installed, the Safari browser will not run.  To make matters worse, Safari bundles a newer version of Apple Application Support.  If you have any version of Apple Application Support previous to 1.1 (1.0, 1.0.1) installed, the browser will not launch.

If you run into the AAS error with Safari, you will need to extract appleapplicationsupport.msi from the Safari browser install.  Using AAS 1.0 and 1.0.1 will not work.

Like I said before:  vendors should focus on creating stable and secure products and stop worrying about bundling in applications.  I am sure it is only a matter of time before Apple “accidently” puts Apple Application Support in their Apple Updater Software.

– Jason Miller

Shavlik Antivirus = Great Virus Detection Rates

With Antivirus programs, you want to install it and let it sit.  Unfortunately, this has not been the case for many years.  It is not uncommon for administrators to have two different Antivirus programs installed on one network.  Many AV programs detect only a certain percentage of known viruses.  A second AV program is run on a network to catch all of the threats the first AV program missed.

So how about Shavlik’s Antivirus?  Shavlik NetChk uses Sunbelt’s VIPRE Antivirus program.  This program is extremely lightweight (system resources) and has great detection rates.

A few weeks ago, a new piece of malware was discovered.  This article shows some alarming results of running the virus against all major AV vendors:

“Only two of forty anti-virus companies currently detect the malicious file once downloaded”

 – Jason Miller

Microsoft Security Advisory 977544 – SMB

Microsoft has released a new security advisory, 977544.  This vulnerability affects SMB in Windows 7 and Windows 2008 R2.  This vulnerability could lead to a Denial of Service attack.  If successfully exploited, the attack could unexpectedly reboot systems.

Does a SMB security advisory sound familiar?  Microsoft Security Advisory 976497 was released (and subsequently patched) in early September.  That advisory also affected the SMB service, but for all operating systems this current advisory does not affect (XP, Vista, 2003, 2008).

It is important to note:  the current advisory is a Denial of Service, unlike the previous security advisory.  Security Advisory 975497 led to remote code execution.

The current work around stated by Microsoft should be used at your own risk.  Disabling TCP ports 139 and 445 can break many business functions such as file and print sharing.

It is unlikely Microsoft will release an out of band patch for this vulnerability.  The vulnerability is not publically known and will only lead to a denial of service attack if exploited.  Expect this patch to be released in their next patching cycle for December.

– Jason Miller

IDC Presented Virtualization Trends This Week at vForum

I traveled to VMware’s vForum event in Orange County, CA this week and was pleasantly surprised at how well attended this regional event was. Over 600 attendees were there to hear about the latest technologies available from VMware for virtualization management as well as to hear some new industry research results from IDC.

The use of virtualization has definitely been given a boost due to the waning economy this last year or so as IT departments have been forced to reduce hardware spending, as confirmed in this article by Jessica Davis.

I attended the keynote presentation which included a session by Michelle Bailey, the VP, Datacenter Trends and Enterprise Platforms for IDC. She revealed results from a recent IDC survey on virtualization use and concluded that server virtualization is now considered mainstream, sharing that 48.4% of the respondents indicated that the default build for new server hardware in their organization is “virtualization first, unless a business case can be made for standalone” and another 27.7% stated that their default build is “standalone, but we strongly recommend or incent virtualization”. Ms. Bailey went on to discuss the challenges that virtualization is intended to solve, namely, data center consolidation and efficiency gains. The operational costs of the data center continue to rise dramatically as Bailey indicated that worldwide spending on server hardware, power and cooling, and data center management are $180 billion annually.

As the use of virtualization continues to grow, the traditional costs of the data center will begin to be offset by costs of managing virtual machines and the need to track and control virtual machine sprawl and virtual machine movement. IDC continues to give guidance to their customers that without the proper policy and automation tools, spending on management and administration will sky rocket.

The focus then turned away from the data center and server management to desktop management as Patrick Harr, VP Product Marketing for Desktop at VMware gave a very engaging presentation on View4 just recently available from VMware. The new features in View4 will definitely give XenDesktop a run for its money and may help to accelerate the deployment of virtualized desktops at a faster pace than most in the industry predict.

IDC’s virtualization study also asked about plans for virtualized desktops and survey respondents stated that 9.1% of their desktop/client devices are virtualized today and plan that 15.7% of their desktop/client devices will be virtualized 12 months from now.

Hope this is useful for you,
Colleen Kulhanek
Director of Marketing
Shavlik Technologies

Great Review of NetChk Protect 7 in eWeek

eWeek just released a review of NetChk Protect 7 and the author had many good things to say about this new and unique solution.

Of course the statements that bubbled to the top when I read it were:
“Installing Netchk Protect 7 went as smoothly as could be”
“The management console GUI is extraordinarily friendly”
And my favorite:
“Patch management options are, in a word, fantastic. This mature product makes Microsoft’s WSUS (Windows Server Update Services) look like a kindergarten toy”

Matthew Sarrel was quick to point out some of the challenges he had, but admitted he hadn’t read the relevant recommendations in the documentation.

The reviewer also had a good experience with the integrated antivirus engine now available in Protect:
“The big news in Protect 7 is the addition of the Sunbelt VIPRE anti-malware engine. In my testing, the anti-malware capabilities were excellent, although management could be improved. I installed the agent on a Windows XP Pro SP3 machine that was riddled with malware. After using Protect 7, everything except the pernicious CoolWebSearch was detected and quarantined immediately without affecting system stability.”

And we certaily appreciate his input on the need for better integration of the anti-malware component into our console.

Please read it for yourselves at http://www.eweek.com/c/a/Security/REVIEW-Shavlik-Netchk-Protect-7-Provides-Patch-Management-AntiMalware-in-a-Single-Tool-398780/

Take care,
Colleen Kulhanek
Director of Marketing
Shavlik Technologies