Product Reviews

Kill Two Birds with One Stone

NetChk Protect combines the functionality of Shavlik's patching and anti-spyware tools in a single console.

There are two ongoing and inescapable tasks that any network administrator must face -- patch management and spyware prevention. Both are as essential as they are incessant.

Documentation 15%
Installation 10%
Feature Set 35%
Performance 30%
Management 10%
Overall Rating:

1: Virtually inoperable or nonexistent
5: Average, performs adequately
10: Exceptional

If you aren't diligent about applying software updates, you open your network to security vulnerabilities on out-of-date machines. Waiting a few months to patch a machine can mean the difference between being hacked and being secure. Last year, Gartner Inc. predicted that 90 percent of all Internet attacks during 2005 would be against previously patched security holes.

You could set your machines to automatically install all updates from the Windows update site, but that may cause more problems than it solves. This approach doesn't allow for testing, which is essential -- especially in larger environments. It's one thing to have a “bad” patch take down 20 users. It's quite another when that same patch takes down 2,000 users. A tool that automates patch management and facilitates testing is a must.

Keeping a diligent eye on spyware is just as critical as timely patch management. Spyware that sneaks onto your systems can gather personal information about your users' Internet habits, and relay that to advertisers who bombard them with targeted pop-up ads. It can also kill productivity due to computer instability and unbearably slow network performance.

Most anti-spyware products manage one machine at a time. You install the client and configure locally on each machine, then check in continually to make sure updates and scans are occurring as they should. Managing spyware this way will work, but it's inefficient to say the least. In larger environments, it's virtually impossible. Shavlik's NetChk Protect gives you a central console with which to manage both patching and spyware prevention for all of your machines.

A scanner darkly...
[Click on image for larger view.]
Figure 1. From the NetChk Protect console, you can choose which machines to scan and whether you want to scan for spyware or patch status.

Patch Management
NetChk Protect works simply and automatically. It will scan your Windows-based machines and determine their patch status. Then it generates a status report for each machine, which can be sent to you automatically via e-mail notifications.

Once you know which patches need to be applied, you can push them out immediately or schedule them for later -- during the evening or weekends. After patches are applied, you can reboot your machines automatically or manually.

NetChk Protect uses XML and cabinet (CAB) files maintained by Microsoft to determine the patch state of a machine. It compares the file versions on the computer it's scanning with the XML file versions. Depending on the type of scan being performed (quick scan or full scan), it may also compare the file checksums.

NetChk Protect copies all patches to the target machines and uses Microsoft's Qchain.exe to install them all at once. This lets it deploy all patches with only one reboot. All scanning and patching takes place behind the scenes. The only thing your users will notice is whether or not a reboot is required.

The software offers four levels of patching, depending on which version you select:

  • NetChk Patch, Basic Edition: This supports up to 500 machines, provides limited reporting and can run up to 13 different scanning threads at once.
  • NetChk Patch, Audit Edition: This provides all of the functionality of NetChk Patch, Basic Edition. It supports an unlimited number of machines, provides more robust reporting and can run up to 256 different scanning threads at once.
  • HFNetChkPro: This provides all of the functionality of NetChk Patch, Audit Edition. It supports the SafeReboot feature, gives you access to different schedulers, auto-deployment features and pre- and post-installation scripts. You can export reports in a number of different formats.
  • HFNetChkPro Plus: This provides all of the functionality of HFNetChkPro. It also lets you deploy custom patches, supports a Microsoft SQL database for storing those patches and can preserve bandwidth over WAN links by using distribution servers.

Spyware Scanning
You have two general options to scan for spyware with NetChk Protect -- console-based scans and machine-based scans. Console-based scans run over the network from the console machine. This can cause a lot of network traffic, but it works without having to copy anything to the target machine. A machine-based scan copies an instance of the spyware scan engine to the target machine and runs the scan “locally.” This improves the scan speed, as each machine is responsible for running its own scan. Machine-based scans also dramatically reduce network traffic.

NetChk Protect identifies and categorizes instances of spyware based on its perceived level of threat. The software will kill any destructive or invasive processes associated with the spyware. It then deletes all associated files, folders and registry data.

Within an hour of installing the software, I had already scanned all eight of my machines for spyware and missing patches and deployed all the up-to-date patches.

You can also have the suspected spyware files quarantined in a secure area if you wish to inspect them later. This also provides rollback functionality. If a necessary program or file is inadvertently removed, you can easily restore it from the quarantine area. Removing spyware may or may not require that you reboot the target machine, but if so you can do it manually or automatically.

The interface for NetChk Protect is very straightforward and easy to navigate. For example, first it will ask you what you want to scan. After completing the scan, it displays a summary report of what it found. Click on details and then right click on the machine, group or domain that you want to patch and choose “Deploy patches.” You can select to deploy all patches or certain patches based on their criticality level. At this point all of the patches are pushed to the selected machines.

Simplified Scanning
Whether scanning for patch status or spyware, you can scan computers by name, IP address, domain name or Active Directory Organizational Unit (OU) structure (see Figure 1). You can also create machine groups and target your scans toward these groups. This lets you establish a test group for safely and securely testing patches before rolling them out to your entire network.

NetChk Protect supports network scanning of the following clients:

  • Windows NT 4.0
  • Windows 2000
  • Windows XP (although you'll have to disable simple file sharing for the scan to work properly)
  • Windows Server 2003

To scan a machine -- any machine -- you'll need administrative rights to that machine (which shouldn't be a problem). You'll also have to start the Server service and the Remote Registry service, and enable file and print sharing. Finally, you'll need access to the remote machine over TCP ports 139 and 445, and the %systemroot% share (i.e. C$) must be accessible.

Installing NetChk Protect is a breeze. If your system doesn't have all the requisite software components, it will automatically download and install the missing pieces during setup. The readme file says that you won't have to reboot after installation, but I was prompted to reboot my laptop after installing NetChk Protect. It's always a good idea to do so anyway.

When I first started using NetChk Protect, I thought I might be doing something wrong because using it was so easy. Within an hour of installing the software, I had already scanned all eight of my machines for spyware and missing patches and deployed all the up-to-date patches.

I was also pleasantly surprised to learn that NetChk supports updates for more than just Microsoft products. In my testing, I was able to update my Adobe Reader and RealPlayer software as well.

NetChk Protect does a great job of keeping your machines clean of spyware and up to date with the latest patches. If you're responsible for patch management and spyware control for your network, you owe it to yourself to give it a try.

About the Author

Chad Todd, MCSE, MCT, CNE, is the author of Hack Proofing Windows 2000 Server by Syngress Publishing. He is the co-owner of Training Concepts, which specializes in Windows 2000 and Cisco training.


comments powered by Disqus

Subscribe on YouTube