Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Microsoft vs. third-party tools for patching

If I'm primarily supporting Windows (2003, XP, 2000), should I choose Microsoft or a third-party vendor for patching tools? Also, will a tool dedicated to scanning find more holes than a complete patch management tool? I'm trying to weigh my options.
SMS will certainly do the trick, but it is not free. It is also much more than patch management (more of systems management - e.g. support, inventory, etc.). WUS will do a decent job with OS patches, but it cannot do third party patching (e.g. patching Acrobat Reader, Firefox, etc.). It is not really a full-fledged patch management system.

Assuming the customer will be buying a solution, I would say there are a number of usable solutions for Windows environments -- I wouldn't necessarily recommend sticking with a Microsoft solution. On the free side, though, I would say Microsoft's combination of MBSA and WUS would be one of the better free solutions.

Regarding finding more holes - vulnerability scanning tools will tend to find more overall security issues than patch management tools. Vuln scanners will be looking for things like password policy, unnecessary services enabled, file permissions (i.e. vulnerabilities that are unrelated to patching). On the other hand, patch management tools (as you would expect) will tend to focus on missing patches.

Dig Deeper on Patches, alerts and critical updates

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.