Q

Microsoft vs. third-party tools for patching

If I'm primarily supporting Windows (2003, XP, 2000), should I choose Microsoft or a third-party vendor for patching tools? Also, will a tool dedicated to scanning find more holes than a complete patch management tool? I'm trying to weigh my options.
SMS will certainly do the trick, but it is not free. It is also much more than patch management (more of systems management - e.g. support, inventory, etc.). WUS will do a decent job with OS patches, but it cannot do third party patching (e.g. patching Acrobat Reader, Firefox, etc.). It is not really a full-fledged patch management system.

Assuming the customer will be buying a solution, I would say there are a number of usable solutions for Windows environments -- I wouldn't necessarily recommend sticking with a Microsoft solution. On the free side, though, I would say Microsoft's combination of MBSA and WUS would be one of the better free solutions.

Regarding finding more holes - vulnerability scanning tools will tend to find more overall security issues than patch management tools. Vuln scanners will be looking for things like password policy, unnecessary services enabled, file permissions (i.e. vulnerabilities that are unrelated to patching). On the other hand, patch management tools (as you would expect) will tend to focus on missing patches.

This was first published in June 2005

Dig deeper on Patches, alerts and critical updates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close