Affordable IT: Patch Management

Until the developers responsible for applications and operating systems create code that is without vulnerabilities, your systems are safer only if you install patches. A manual-update system requires no initial

purchase, but unless your IT personnel are eager to make patch management their calling, you will need a better solution. Precisely what that will be depends on the nature of your systems. In this article, we will take a look at common OS and application configurations.

Patching Windows

For now, Microsoft's Software Update Services (SUS), which automates updates to critical patches only, is your best source for Windows patches. SUS downloads patches to your server and passes updates from there rather than from Microsoft's public servers. With a Windows 2000 server, this service is free.

With simple Windows networks, Microsoft's Windows Update Services, now in open-evaluation stages with final release expected in Q4 this year, can be used to keep your home computers up-to-date and may be enough to provide critical systems with the latest patches. Microsoft says the final release of Windows Update Services will add features that will make it your best patch source. It promises more features, including the capability to automate uploads of suggested and preferred patches, not just critical ones. Despite its limitations, SUS remains valuable, especially when paired with a tool like MBSA (Microsoft Baseline Security Analyzer), which scans your Microsoft systems for patch and vulnerability status and links to SUS to provide critical updates.