Manage Windows (and security) hotfixes
Those who manage Windows systems and bear security responsibilities for such systems know that sometimes the only way to keep the wolf from your metaphorical network door is the timely application of the proper Windows security hotfix. A growing crop of tools to help track, manage and apply these sometimes critical system and application patches is emerging, and it promises to make administrators' jobs more manageable in the process. This is particularly true if you're savvy with task automation and scheduling in the Windows environment, whether you use the batch-like AT command and the built-in scheduler, or opt for a more sophisticated automation tool like Opalis Robot or tools of that ilk.
One tool along these lines that Microsoft itself makes available is HFNetChk. Microsoft provides a free download of a command line version of this tool, developed by Shavlik Technologies (www.shavlik.com), along with documentation FAQs and other useful information. In a nutshell, when an HFNetChk scan is run, it can be directed at one or more machines, at the operating system or at key applications (such as IIS) where security patches are not unknown and seem to be becoming routine. HFNetChk accesses an XML file that contains information about known patches and fixes from Microsoft and uses this information to compare what's available and recommended with what's installed. Shavlik Technologies also offers a commercial implementation called HFNetChk Pro that supports a GUI interface and offers more sophisticated update and check capabilities. For more information on the free version from Microsoft, check Knowledge Base article Q303215 for download and basic operating instructions, or article Q305385 for an FAQ on to the tool. For more information about Shavlik's commercial implemenation, visit http://www.shavlik.com/nshc.htm.
Other tools in this category include:
- St. Bernard Software's UpdateChecker (formerly well-known as SPQuery)
- GravityStorm Software's Service Pack Manager 2000
- Microsoft's HFCheck utility for IIS 5.0
- Steve Gibson's Patchwork utility is not as comprehensive as HFNetChk, UpdateChecker or SP Manager 2000, but it does a decent job of scanning for documented vulnerabilities.
One thing's for sure: with regular, automated use of a good patch management tool, you'll be able to keep up with the flood of patches, fixes and whatnot.
Editor's note: Discussion of products in this tip is not intended to provide an exhaustive list of such products. Nor should it be taken as a recommendation by TechTarget or www.searchwindows2000.com of such products. The information is provided for the use of subscribers at their own risk.
Thomas Alexander Lancaster IV is a consultant and author with over ten years experience in the networking industry, focused on Internet infrastructure.
This was first published in January 2002