Product Reviews

Seal the Cracks

Patchlink Update 3.0 systematically keeps your network up to date.

• By David W. Tschanz
• 06/01/2002

Let’s face it—Windows has cracks. A lot of them apparently, based on the number of security warnings, updates and alerts that crop up every time an enterprising hacker finds and exploits a vulnerability.

Enter Patchlink Update 3.0. Patchlink Update requires Windows 2000 Server (with Service Pack 2), plus 512MB RAM and 20GB disk space. Software requirements include IIS Web Server and “...no other software application. Specifically, you must not have SQL Server or MSDE installed on the target system...” In addition, the system can’t be a primary domain controller. Once you’ve ensured that you meet all of these requirements and exceptions, installation proceeds smoothly.

PatchLink claims to be a targeted, systematic management framework to patch all computers on a network. The claim, while a bit grandiose, isn’t overly inflated. The application is a software-distribution product coupled with an inventory system and a subscription service that helps keep an organization’s systems patches up to date. Basically it does for NDS eDirectory and ADS what Windows Update does for the Windows desktop: It detects software product versions on all networked systems and provides the means to correct them.

It does this through a patent-pending Discovery Agent, which can effectively detect patch fingerprints across many different types of computers connected by nothing more than your existing Extranet. Whether you patch your systems by hand or use the Deployment Wizard to do it automatically, the Reports generated by Discovery Agent will always show you what is patched—and what isn’t.

Patchlink checks vendor Web sites every day for new releases, then notifies agents on your site if new software is available. You get notification via e-mail showing what’s available for which platforms. Update Agents are available for NetWare as well as Win2K, Windows NT, Windows 95/98/Me, Unix/Linux, and Java environments. The administrator can then roll out the fixes using a Web-based distribution system. The small native code footprint coupled with the ability to run without user intervention, provides a ready way for to distribute software across an enterprise.

The “packages” (Patchlink’s term) to be distributed can include patches, service packs, and even small administrative tasks—which can either come pre-built directly from the PatchLink Patch Archive Subscription or be developed expressly for your enterprise. Finally, the Update Agent communicates exclusively via Web protocols, even through a proxy server, if necessary. This means you won’t need to open additional holes in your firewall to update computers scattered around your company’s extranet. Patchlink can also update the PCs of mobile workers or at remote locations using nothing more than an Internet connection.

Version 3.0 is capable of fingerprinting the patches that exist on a particular computer and then advising an administrator on exactly what type of patch a machine has and what revisions it may need. The fingerprinting requires a good deal of planning and diligence in order to be done correctly. For example, in NT, if you have a service pack installed and you install another product, it may replace some of the files, meaning you’d have to reapply the service pack. PatchLink is supposed to catch all of these situations.

PatchLink also has the option to patch servers and workstations in parallel or sequentially. In parallel, it’ll patch all PCs at once; in sequential order, it will patch one and, if it’s successful, will continue to the next machine. If something were to go wrong, an admin would only have to deal with one down computer.

Patchlink.com notes that it’s imperative to test all patches before rolling them out and that they will only guarantee what the manufacturer says about the patch. Once a patch is tested, it can be sent automatically with a single click.

Patchlink Update 3.0 lived up to its promises in my testing and proved to be a solid, reliable product that should be a must where accurate patch-like activity is required or time savings are imperative. You should remember, however, that without careful monitoring on the administrator’s part, the program can’t succeed.