Product Reviews

Keeping Pace With Patches

Ecora automates Windows and Unix patch management.

It only takes one vulnerable machine and one attack to make a system administrator’s day go horribly wrong. That’s why patching is so important, and why I was glad my editor asked me to look at Ecora Patch Manager 3.0, which I ran on my Windows XP Professional system. (The company has since begun shipping version 3.1.)

Ecora has a Web licensing service that provides the license after installing and running the application for the first time. I stepped through the configuration screens, providing information for each of the various components that make up the product: SQL Server database to store the system and patch history information, a local shared repository location to keep local copies of downloaded patches, and the Web Reporting Center. I was unable to install the Reporting Center during the initial setup (ex-plained later, and involving a call to tech support), so I continued the install, thinking I’d resolve the issue later. I was anxious to get patching.

Patch Manager provides a single location for performing the tasks necessary to patch a network. From the Patch Manager main console you can scan systems, schedule scans and patch installations and search the repository.

Now it was time to add systems to the Patch Manager database. This can be done several ways, the easiest of which is to “discover” the systems. I checked a Windows Server 2003 system and an XP Pro workstation for hotfixes, as I knew these machines wouldn’t have the latest hotfixes applied (don’t tell my boss). Once I discovered these systems—a straightforward process by choosing the domain and system names from a list—I scanned them for missing patches. Patch Manager successfully connected and scanned both systems quickly. In the time it took to scan only two systems—about 15 seconds—I concluded that my entire network could be scanned on an evening schedule in under 10 minutes.

Ecora Patch Manager
Ecora Patch Manager looks for missing patches and schedules installs. (Click image to view larger version.)

I noted one system, my Windows 2003, was missing a specific hotfix, KB828035 to be exact; it fixes an issue with buffer overruns in Messenger. To test the validity of this finding, I went out to Windows Update and manually reviewed what critical updates weren’t applied. I saw that no critical updates were available from Windows Update. Hmmm. I reviewed my installation history on Windows Update and discovered that this update had been applied already, back in October. Was Ecora misreporting this patch? Not at all: Patch Manager was aware that this patch had several revisions and I didn’t have the latest version.

I mentioned earlier an issue with installing the Reporting Center. Of all of the components to install, this was one I’d decided to install remotely, not on my XP box with all the other pieces. Subsequent installs of Reporting Center failed on the Windows 2003 IIS machine. I called technical support about this along with another issue concerning the Help screens displaying a blank form. I’m happy to note that a subsequent installation of the product fixed both issues. Support answered the phone in less than two minutes on every call, even the day after Christmas. With Reporting Center functional, I was able to view all the patch installations through the browser and filter the reports off of system groups, which is a nice feature for larger organizations.

There are enough features in Patch Manager 3.0 to make it a worthwhile investment. Centralized administration, superb auditing and reporting and instant access to information about all available hotfixes makes it a strong contender. Patch Manager 3.0 is relatively new and there are features I’d like to see added, like having a history automatically displayed in the main console without having to load in saved scans after each launch. Also, many of the dialog boxes are a little too heavy on the tooltips, which inundated me with yellow popups endlessly when trying to discover systems. An example: If I didn’t know that the Cancel button would “close the dialog box without saving or implementing changes,” maybe I shouldn’t be the one patching systems.

Overall, Ecora Patch Manager 3.0 was impressive, and has an advantage over Windows-centric patch management offerings: It also patches many Unix systems. Until Windows Update can do that, which will be never, Patch Manager will have a leg up on SUS and other security patch products—even if they’re free.

About the Author

Rodney Landrum is an MCSE working as a data analyst and systems engineer for a software development company in Pensacola, Florida.  He has a new book from Apress entitled ProSQL Server Reporting Services.


comments powered by Disqus

Subscribe on YouTube