By now you've heard of the HFNetChk command line tool distributed by Microsoft and its GUI replacement, the Microsoft Baseline Security Analyzer (MBSA). Well, the company that designed the core structure of these tools, Shavlik Technologies, has an updated version of HFNetChk that you should seriously consider employing.
HFNetChkPro4 is a GUI-based patch management system that is simple to operate yet powerful enough to get the job done quickly and efficiently. This patch-implementation tool can support Windows NT, Windows 2000, Windows XP and Windows Server 2003 foundational operating systems, as well as the add-on products of Exchange, SQL Server, Outlook, Microsoft Office, Java Virtual Machine and more.
Patch management through HFNetChkPro4 is as detailed as you need it to be. It can be used to granularly control patch application down to which individual patches are applied to which systems all the way through to forcing all patches to all systems. The tool self-updates as it is launched so you always have the latest up-to-the-minute information from Microsoft as to what patches are necessary or recommended for your software. In comparison with any Microsoft patch distribution product, HFNetChkPro4 is easier to use, more versatile and more exhaustive. One of the features of HFNetChkPro4 that I'm most impressed with is its ability to use external third-party threat information, such as from BugTraq and CVE, in addition to that provided by Microsoft. This feature alone makes HFNetChkPro4 rank above any other product.
The main differences between HFNetChkPro4 and MBSA include:
- HFNetChkPro4 can be used remotely against all the systems on your network
- HFNetChkPro4 scans Exchange, SQL, Office, and Commerce Server systems
- HFNetChkPro4 performs patch ranking and supports third-party threat information
- HFNetChkPro4 includes an automatic self-update feature
HFNetChkPro4 is available for a free trial as well as full purchase for enterprise deployment. The free trial is a fully functional version of the software with no time restrictions on use, but it can only be used to manage patches for 10 clients and one server. I highly recommend visiting Shavlik and downloading this tool. After a few experiments with configuring patch implementation solutions, I'm sure you'll never want to go back to manual download and installation again.
There are several other options for a patch management solution, but I see no direct competitor to HFNetChkPro4. But just in case you want to make the comparison yourself, here is a list of the top patch management products available today:
- Altiris, Inc.'s Altiris Patch Management Solution
- BigFix, Inc.'s Big Fix Patch Manager
- Configuresoft, Inc.'s Security Update Manager
- Ecora's Ecora Patch Manager
- GFI Software Ltd.'s GFI LANguard Network Security Scanner (NSS)
- Gravity Storm Software, LLC's Service Pack Manager 2000
- LANDesk Software, Ltd.'s LANDesk Patch Manager
- Microsoft Corp.'s Software Update Services (SUS)
- Novadigm, Inc.'s Radia Patch Manager
- PatchLink Corp.'s PatchLink Update
- St. Bernard Software's UpdateExpert
About the author
James Michael Stewart is a partner and researcher for ITinfopros, a technology-focused writing and training organization.
This was first published in December 2003