Hello Shavlik Community!

I was just playing around with some new features in NetChk Protect and noticed today’s XML Release had gone live.  I even scanned and deployed the Skype update to my machine so IT does not come down on me for having an old version of this software on my machine.  Sticklers, those guys, you would think we take IT Security seriously or something!  Well, I flipped back through the last few XML updates on the RSS feed in NetChk Protect while my patch downloaded and installed and noticed just how much has come out in just the last month.  I sit right next to the Shavlik Patch Patrol Team and see them working hard every day and it is still surprising to see just how much they do to simplify IT management for our customers!

Looking back at 2010, it was a big year for patch management.  Microsoft finished big in 2010 topping its largest patch Tuesday release three times in the last half of the year.  August made everyone wince with 15 Security Patches, October made some eyes pop with 16 Security Patches, but December had 17 Security Patches.  This is a lot of patches!

Since the December Patch Tuesday there have been many 3rd Party releases as well.

December 17 – Chrome 8.2.10464 and Skype 5.0.0.156 went live in Shavlik XML.

December 18th – Adobe Reader X, Foxit Reader 4.3, Winamp Media Player 5.601, and WinZip 15.0 were added.

December 29th – Citrix XenApp 5.0 HR1, Apple iTunes 10.1.1 and BlackBerry Desktop Manager 6.0 were added.

And here we are in the New Year.  On Jan 4th Shavlik released support for Opera 11.

And yesterday Skype 5.1.0.104 was added.

Mixed throughout were a number of MS, Citrix, and WinZip non-security releases as well.

So what’s the best practice to keep your systems patch in 2011? Server Admins may be able to get by with regular monthly patching (the one exception this past month was XenApp Server if you run Citrix), but how are your workstations looking?  Once a month just isn’t enough.

If you are patching workstations with NetChk Protect I recommend a couple of things to keep your systems up to date and secure.  These suggestions are not only recommended and implemented by Shavlik SEs when they go onsite with our customers and get them up and running, but also used by Shavlik IT Management.

1. All of your workstations would do well to run the NetChk Protect Agent and have a patch task run weekly.  You can configure your Deployment Template to “Reboot when needed” and Schedule the reboot “On the next occurrence of specified time” and choose a time after typical business hours.  Set the If a user is logged on to “Force action after” 120 minutes, “Countdown timeout” to 15 minutes, and check “Extend timeout up to the scheduled action time” to 15 minutes.  Set the scan to occur around the lunch hour so assessment occurs at a convenient time for the user, but high probability that the system is on and available in the office.

2. Setup a Agent Policy for Desktops and another for Laptops.  The Laptops policy can be configured to download from Vendor as a Backup under your General Settings in the Agent Policy.  This will ensure that even if the Laptop is not in the office, you still have a chance at getting updated.  As long as the machine has an internet connection it will attempt to get the patches needed directly from the vendor.

3. Include the workstations in your monthly agentless scans as well.  This task will bat cleanup for any task that may have been missed during the week.

The good news for January is that Microsoft is going to take it easy on us.  Two bulletins were announced.  One is critical. We will be holding our monthly webinar on Wednesday, January 12th at 11am CT to review the patches from patch Tuesday.  If you would like to hear Shavlik experts break down these new patches, you can register for the event here.

Chris Goettl
Agile Product Owner
Shavlik Technologies