Ask the Expert

Microsoft vs. third-party tools for patching

If I'm primarily supporting Windows (2003, XP, 2000), should I choose Microsoft or a third-party vendor for patching tools? Also, will a tool dedicated to scanning find more holes than a complete patch management tool? I'm trying to weigh my options.
SMS will certainly do the trick, but it is not free. It is also much more than patch management (more of systems management - e.g. support, inventory, etc.). WUS will do a decent job with OS patches, but it cannot do third party patching (e.g. patching Acrobat Reader, Firefox, etc.). It is not really a full-fledged patch management system.

Assuming the customer will be buying a solution, I would say there are a number of usable solutions for Windows environments -- I wouldn't necessarily recommend sticking with a Microsoft solution. On the free side, though, I would say Microsoft's combination of MBSA and WUS would be one of the better free solutions.

Regarding finding more holes - vulnerability scanning tools will tend to find more overall security issues than patch management tools. Vuln scanners will be looking for things like password policy, unnecessary services enabled, file permissions (i.e. vulnerabilities that are unrelated to patching). On the other hand, patch management tools (as you would expect) will tend to focus on missing patches.

This was first published in June 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: