Software patching remains a laborious process

IT professionals at Microsoft's TechEd conference say they are still scrambling to keep their Windows systems one step ahead of vulnerabilities, despite the steady stream of new products designed to ease their burden.

This Content Component encountered an error

ORLANDO, Fla. -- Are the darkest days of patch management and security woes in the past? IT professionals at Microsoft's TechEd conference don't think so, and while there are many new products to ease the burden, managing the software patching process is still a tough job.

… over the long haul, these tools do make your job easier.


Lane McMullen, systems administrator, Noel-Levitz Inc.

,

From finding adequate time to test critical patches to making sure those critical patches are deployed before an exploit hits, patch management is still time consuming.

"Our biggest challenges are serving various platforms," said Jason Hayes, network administrator for Winter Haven Hospital in Winter Haven, Fla. Hayes patches systems from Windows 95 to Windows XP with Service Pack 2.

First priority is on critical patches

What else causes patch stress? "Ensuring that we have the most critical, high vulnerability patches out to lower the threat and scheduling server downtime," he said.

TechEd roundup

News from Microsoft TechEd 2005

To help administrators keep up to date on security patches, on Monday Microsoft announced the availability of its Windows Server Update Services (WSUS) and Microsoft Update. Additional products, the Microsoft Baseline Security Analyzer 2.0 and the Systems Management Server (SMS) 2003 Inventory Tool for Microsoft, are due this summer, CEO Steve Ballmer told attendees in his keynote address.

Tim Strawn, senior systems engineer with Orlando-based Harcourt Education, used the beta of WSUS to patch more than 320 servers. He found it to be a marked improvement over its predecessor, Software Update Services (SUS). "SUS didn't work right," Strawn said. "It was not hitting servers when it should [have]. [With WSUS] things just worked."

WSUS better than SUS, but no panacea

WSUS, however, isn't the silver bullet of patch management, and IT doesn't see the job going the way of the dinosaur any time soon.

Related links

SearchWindowsSecurity.com topic: Patch management

 

Book excerpt: Introduction to patch management

"I think there's always room for improvement," said Lane McMullen, systems administrator with Noel-Levitz Inc., an Iowa City, Iowa, consulting firm. "I think it's an ever-going battle, but over the long haul, these tools do make your job easier." His firm is piloting WSUS after evaluating both SUS and SMS 2003.

Julie Hayes, a senior network analyst with Publix Super Markets Inc., in Lakeland, Fla., said she hopes to see better reporting tools in future Microsoft patching tools. "Any kind of tool that you've got out there is just not perfect," she said. However, being able to create reports on the patch status of her machines -- something she can't do with SMS 2.0 -- would make her job easier, she said.

Striving for client uniformity

Eric Cox, a lead engineer at the Department of Defense, said the agency uses SMS to patch its desktops. Keeping them up to date with the latest patches isn't his biggest problem. "That would be getting all of the clients to become uniform," he said. "You might get better tools, but you're still going to have to do it."

Jenn Davis, senior systems engineer with Science Applications International Corp., in Washington, D.C., agreed. "I don't expect Microsoft to get to the point where they're going to stop delivering patches," Davis said. "That's just not realistic."

Dig deeper on Patches, alerts and critical updates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close