March 3, 2010
· Filed under Endpoint Security, Industry Trends, Microsoft Security and Systems Management, Patch Management, Shavlik General, Shavlik News
The most recent out-of-band patch from Adobe for Reader and Acrobat seems to have generated renewed interest in the problem of application level patching — some call it 3rd party application patching.
I couldn’t be more pleased. If you operate in a Microsoft shop — and who doesn’t — the issue of patching applications should be a hot topic. In 2009, the top most attacked software applications didn’t come from Microsoft. They came from Adobe, Apple, and Sun. The SANS Technology Institute went so far as to suggest that we should all stop using Adobe products until the corporation takes the issue seriously and solves its security problems.
Shavlik has been singing this tune for years. But just recently, there’s been a storm of emails on patchmanagement.org, Adobe and Microsoft appear to be at least willing to work together, and today Shavlik announced the release of Shavlik SCUPdates.
Shavlik SCUPdates delivers to SCCM users what Microsoft doesn’t — a way to patch 3rd party applications without increasing the workload on SCCM administrators. SCUPdates is a catalog that is imported into System Center Updates Publisher and then synchronized with SCCM. The patch assessment and deployment logic is merged right into SCCM along with patches Microsoft applications and operating systems.
Shavlik is providing a single, trusted source for multiple vendors, multiple products, multiple versions. Priceless. Check out SCUPdates on our website or get more information from Rod Trent at myITforum.
February 12, 2010
· Filed under Antivirus, Asset Management, Endpoint Security, Patch Management, Shavlik General, Virtualization Security and Management
Answer: All recently received a “Best Buy” rating.
NetChk Protect received 5 stars in all ratings categories and a “Best Buy” rating from SC Magazine. The magazine, geared to IT security professionals, was performing a rating of patch management solutions.
Shavlik came out on top of a group of 5 vendors who offer patch management. NetChk Protect received recognition as an “Excellent product with a fantastic feature set.” You can see the complete review here.
NetChk Protect was honored for its simplicity and intuitive user interface. The reviewers were especially impressed with how quickly they were able to start managing their physical, virtual, and software assets, patches, and AV.
Getting the honor is great. But I really hope IT administrators take the time to read the article that leads into the reviews. SC Magazine did a great job of identifying what may be the biggest IT nightmare for 2010: patching non-Microsoft software applications.
We all like to pile on Microsoft. It is an easy thing to do given their history of bugs and security flaws. But this isn’t 2004 and Microsoft no longer tops the list of most vulnerable software. No. That honor belongs to…drum roll please…Adobe. And Apple. And Mozilla Firefox. Hackers have turned their attention to client-side vulnerabilities and are exploiting them by turning trusted websites into malicious servers.
I give Microsoft credit. When it comes to patching, they have an established, mature process. They give users structured guidance, share research, offer tools to help with workarounds, have well-known avenues to access support, and are willing to go out-of-band to combat zero-day issues.
Contrast that with Adobe and Apple. They are 100% geared to the home user to the detriment of the business user. Their processes and their attitudes show it.
Business users need to demand more from their vendors. What happens to all those iPhone users if a business is forced to prohibit iTunes because Apple makes it impossible to patch in a corporate environment?
January 25, 2010
· Filed under Microsoft Security and Systems Management, Patch Management, Shavlik General, Shavlik News, Top of the News
George Kurtz, McAfee’s worldwide chief technology officer, has blogged about how the Internet Explorer vulnerability – called “Operation Aurora” – was exploited, and going so far as calling it a “watershed moment” for cybersecurity.
“What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the main goal appearing to be to steal core intellectual property,” said Kurtz.
Click here for the complete content of Kurtz’ blog.
For me, this feels a lot like the 1993 movie, Groundhog Day, with Bill Murray. It hasn’t even been a year since security and operations chastised our industry for over-hyping Conficker. McAfee seems intent on stirring the FUD pot over the latest zero-day exploit in Internet Explorer. Is this déjà vu all over again?
But now word comes that Google — the literal and figurative face of this exploit — is investigating the possibility that some of its employees in the China office may have facilitated the attack. Google won’t comment on the ongoing investigation, but Reuters is reporting that some Google China employees were denied access to internal networks after January 13, while some staff were put on leave and others transferred to different offices in Google’s Asia-Pacific operations.
Watershed event for cybersecurity? I don’t know. Competitors have tried to steal one another’s intellectual property through illegal means since some caveman figured out a better way to make fire. What we know today is that to neutralize this exploit, you need to apply MS10-002. Do it today.
Nancee Melby
Director, Product Marketing
Shavlik Technologies
January 11, 2010
· Filed under Antimalware, Antivirus, Patch Management, Shavlik General
Earlier this month, Adobe announced that it is going to beta an automatic updater for its products in response to the surge of attacks against its software — Reader, Acrobat, and Flash.
According to McAfee’s threat prediction report for 2010, Reader and Flash will replace the Microsoft operating system as the primary targets for malware attacks in 2010. That’s bad news for all of us since these products are nearly ubiquitous for both home users and corporations.
While I give Adobe credit for taking some action — much like I gave them credit for adopting a quarterly patch cycle — silent patching with an auto updater is not a good answer for businesses of any size. Why? Loss of control. With auto updates, businesses can’t determine if or when or how a patch is applied. They can’t control when the auto updater service runs or where it pulls updates from or what updates are going to be installed. Adobe says it will provide some control to the end user — which is fine for home users, but that’s not who has responsibility for patching in businesses.
Businesses need to centralize control over the patching process. They need to control if and when to patch, how and when systems will be rebooted, and they need to have proof that patches were successfully deployed. Adobe and other vendors who create auto updaters are asking you to operate your business on blind faith. If more and more vendors follow Adobe’s lead, our systems will be slowed by updaters vying for CPU and our network bandwidth will be clogged with multiple updaters downloading the same patch hundreds or thousands of times.
That sounds like a recipe for chaos. And readers/subscribers of patchmanagement.org seem to agree.
Nancee Melby
Director, Product Marketing
Shavlik Technologies
December 23, 2009
· Filed under IT Risk and Compliance Issues, Patch Management, Uncategorized
All I want for Christmas is for Apple, Inc., to acknowledge that they have created a mess by bundling Apple Application Support with iTunes v9, QuickTime v7.6.4, and Safari. Oh, and for Apple to fix the problem.
Shavlik and Apple customers have been wrangling with this problem since September. Consumers — home users — are affected but not to the extent that corporations are impacted. Why? Because home users are more likely to simply double-click the installer to upgrade to a newer version of these products. If that is the update method followed, no problem. The Apple Application Support app is installed. Check out discussion thread at discussions.apple.com to get a feel for the pain the home users are feeling.
But corporations can’t follow the home user method. They need to ensure that updates are applied or risk exploit of one of many critical vulnerabilities that exist in these Apple applications. For even small corporations — 50 to 100 systems — they need to automate the update process. That means either scripting or using patch management software to automate the update process. Both of these methods require use of command line switches on the installer to silently install otherwise automation is not feasible.
That’s where Apple has created its mess. Whether intentional or unintentional, Apple Application Support fails to install if the silent install switches are used. The main applications — iTunes, QuickTime, and Safari — will install but Apple Application Support doesn’t. Then the user is left with the annoying message to uninstall and re-install iTunes. Shavlik has published workarounds for our customers. But workaround for such a ubiquitous problem should not be required and should not be seen as acceptable.
Apple, you sold 7.4 million iPhones in the quarter that ended in September. Many of those iPhones went to corporate executives. iTunes is required to use an iPhone. Your software has critical vulnerabilities that put businesses at risk. Fix this problem so corporations can protect themselves.
Nancee Melby
Director, Product Marketing
Shavlik Technologies
November 19, 2009
· Filed under Microsoft Security and Systems Management, Virtualization Security and Management
Our director of product marketing, Nancee Melby, has just launched a series of Common Sense videos focused on key areas of IT systems management. The first one focuses on controlling VM sprawl and getting a handle on your virtualization management issues.
You can find it on our virtualization management page or directly at this link
And in the very near future you will start to see some common sense systems management blog entries directly from Nancee on this blog site. So stay tuned,
Colleen Kulhanek
Director of Marketing
Shavlik Technologies
November 13, 2009
· Filed under Industry Trends, Virtualization Security and Management
I traveled to VMware’s vForum event in Orange County, CA this week and was pleasantly surprised at how well attended this regional event was. Over 600 attendees were there to hear about the latest technologies available from VMware for virtualization management as well as to hear some new industry research results from IDC.
The use of virtualization has definitely been given a boost due to the waning economy this last year or so as IT departments have been forced to reduce hardware spending, as confirmed in this article by Jessica Davis.
I attended the keynote presentation which included a session by Michelle Bailey, the VP, Datacenter Trends and Enterprise Platforms for IDC. She revealed results from a recent IDC survey on virtualization use and concluded that server virtualization is now considered mainstream, sharing that 48.4% of the respondents indicated that the default build for new server hardware in their organization is “virtualization first, unless a business case can be made for standalone” and another 27.7% stated that their default build is “standalone, but we strongly recommend or incent virtualization”. Ms. Bailey went on to discuss the challenges that virtualization is intended to solve, namely, data center consolidation and efficiency gains. The operational costs of the data center continue to rise dramatically as Bailey indicated that worldwide spending on server hardware, power and cooling, and data center management are $180 billion annually.
As the use of virtualization continues to grow, the traditional costs of the data center will begin to be offset by costs of managing virtual machines and the need to track and control virtual machine sprawl and virtual machine movement. IDC continues to give guidance to their customers that without the proper policy and automation tools, spending on management and administration will sky rocket.
The focus then turned away from the data center and server management to desktop management as Patrick Harr, VP Product Marketing for Desktop at VMware gave a very engaging presentation on View4 just recently available from VMware. The new features in View4 will definitely give XenDesktop a run for its money and may help to accelerate the deployment of virtualized desktops at a faster pace than most in the industry predict.
IDC’s virtualization study also asked about plans for virtualized desktops and survey respondents stated that 9.1% of their desktop/client devices are virtualized today and plan that 15.7% of their desktop/client devices will be virtualized 12 months from now.
Hope this is useful for you,
Colleen Kulhanek
Director of Marketing
Shavlik Technologies
November 12, 2009
· Filed under Antimalware, Antivirus, Endpoint Security, Patch Management
eWeek just released a review of NetChk Protect 7 and the author had many good things to say about this new and unique solution.
Of course the statements that bubbled to the top when I read it were:
“Installing Netchk Protect 7 went as smoothly as could be”
“The management console GUI is extraordinarily friendly”
And my favorite:
“Patch management options are, in a word, fantastic. This mature product makes Microsoft’s WSUS (Windows Server Update Services) look like a kindergarten toy”
Matthew Sarrel was quick to point out some of the challenges he had, but admitted he hadn’t read the relevant recommendations in the documentation.
The reviewer also had a good experience with the integrated antivirus engine now available in Protect:
“The big news in Protect 7 is the addition of the Sunbelt VIPRE anti-malware engine. In my testing, the anti-malware capabilities were excellent, although management could be improved. I installed the agent on a Windows XP Pro SP3 machine that was riddled with malware. After using Protect 7, everything except the pernicious CoolWebSearch was detected and quarantined immediately without affecting system stability.”
And we certaily appreciate his input on the need for better integration of the anti-malware component into our console.
Please read it for yourselves at http://www.eweek.com/c/a/Security/REVIEW-Shavlik-Netchk-Protect-7-Provides-Patch-Management-AntiMalware-in-a-Single-Tool-398780/
Take care,
Colleen Kulhanek
Director of Marketing
Shavlik Technologies
November 10, 2009
· Filed under Cloud Computing, Virtualization Security and Management
Shavlik Technologies recently conducted a survey of 290 participants at recent events and found that 58% are considering adoption of cloud computing. The top reason given for this was cost reduction. See our press release with further survey statistics.
We are getting ready to launch the beta of Shavlik’s solution hosted in the cloud, IT.Shavlik.com. For registered participants, they will get free access during the beta period to many of the capabilities we offer today in our current solutions, but will be available from our IT.Shavlik.com web site. Hope you give it a try.
Regards,
Colleen Kulhanek
Director of Marketing
Shavlik Technologies
August 5, 2009
· Filed under Asset Management, Shavlik General, Virtualization Security and Management
The purpose of this blog is to provide another vehicle for information exchange with our customers and partners. We want to use this blog to update you on both industry happenings and Shavlik happenings. So visit here regularly for information on the latest product features and releases, case studies, product promotions, and upcoming events as well as new product beta opportunities or requests for product feedback.
To get the ball rolling, as many of you might know, we recently released new versions of both our Shavlik NetChk Protect and Shavlik NetChk Configure products. We are very excited about the latest capabilities we’ve added around virtualization management and our newest addition to the suite – Asset Management. In all honesty, we should have delivered this capability long ago. Our unique agentless technology lends itself perfectly to the deep discovery that companies need to identify all of their IT assets. Our customers can now have a single view of all their hardware, software, and virtual machine asset information from the NetChk console. Here is what one customer recently said: “I welcome the new asset management. It is very convenient to have this facility in the same program as is used for security patching.”
If you are a Shavlik customer that has tried our Asset Management functions, please let us hear about your experience.
Regards,
Colleen Kulhanek, Director of Marketing, Shavlik Technologies
