- Oct 3, 2004
- 5,411
- 2
- 76
Background on my question:
I am a business owner with about 15 PC installed in our office network. We do not have any in house IT support and contract out our network and PC support to a third party provider, who has always given us great service and the cost has been very reasonable. To date we have never had a problem with viruses or other malware (knock on wood). We are currently using Windows XP SP3 Microsoft Office 2003 or 2007 and IE V7 or 8 and some Firefox V3 and Symantec Endpoint for virus protection.
Today, we received this unsolicited proposal (quoted below) from our support company and it seems a little like overkill to me, but I really don?t have the knowledge to make a final judgment.
CLIFFS:
Consultant is recommending we install
Shavlik's NetChk Protect
--or?
ScriptLogic's Patch Authority Ultimate
Does anyone have any advice regarding if this is necessary??
**********************************************************************************************************
I want to let you know about an issue regarding computer security that is becoming increasingly important, and some options for addressing it.
The Issue: Running antivirus (AV) software on your PCs is an essential step towards keeping them free of viruses and other "malware". However, no AV software is perfect, so it's also important to keep your PC free of the vulnerabilities that malware exploit. In the past it was enough to tell users not to download unexpected files or open unexpected attachments. But while malware writers continue to target flaws in Windows itself, they also are increasingly targeting flaws in common web-based programs and files, such as Adobe Flash, Adobe Reader (PDFs), and Sun's Java, to install malware on PCs without requiring any action by the computer user.
Minimizing the Risk: Beyond keeping your antivirus software updated, the most important step in avoiding these risks is keeping up-to-date any software on your PC that might interact with web sites that you browse to. This includes Windows and MS Office, of course, but also software such as:
? Adobe's Flash, Reader and Acrobat
? Apple's QuickTime and iTunes
? Sun's Java
? RealPlayer
? Mozilla's FireFox web browser (and it's related Thunderbird email program)
While the organizations behind such software do include auto-update capabilities, these are clearly imperfect since I frequently find older versions of all these programs installed on PCs.
Solution 1: Keep Your PC Up-to-date: One obvious solution to this problem is to require that each computer user keep the software on their computer updated. For a home PC this is the only option available, though you can use free software such as Secunia Personal Software Inspector (http://secunia.com/vulnerability_scanning/personal/) to help with the job. However, for office PCs this is, in my experience, unrealistic.
Solution 2: Use Centralized Scanning and/or Updating Software: I think the only reliable way to ensure that all office PCs are kept up-to-date is to use scanning software that works like Secunia PSI, but which is designed to scan all PCs at once. I also think that the requirements for such software should be narrowed to include only those which can automatically download and install any required updates. The has come to be known as "patch management" software.
There are many products which advertise patch management capabilities, but most can only scan for and install updates to address vulnerabilities in core Microsoft software, such as Windows and Office. I see little benefit to these latter products, since they duplicate the service provided (reasonably well) by Windows Update, while ignoring the growing need for updates to third party software from Adobe, Apple, etc.
Fortunately there are patch management products which do including scanning and updating of such third party software. However the choices are limited by the fact that all seem to use the technology of one company, Shavlik Technologies (http://www.shavlik.com). This was the company that created the first Windows vulnerability scanner for Microsoft, and Shavlik has gone on to create their own line of patch management products, as well as licensing their core technology to other companies for inclusion in their own products. These latter products tend to be large enterprise management systems, where patch management is just one feature among many. This leaves only two options (that I could find) which provide relatively inexpensive patch management for smaller networks:
? Shavlik's NetChk Protect (http://www.shavlik.com/netchk-protect.aspx): Coming from the company that provides the technology to everyone else, this also claims to offer spyware scanning as well as patch management. However it is more expensive, at about $50/PC plus annual maintenance (which isn't shown on their web site)
? ScriptLogic's Patch Authority Ultimate (http://www.scriptlogic.com/Pro...atchauthorityultimate): This is limited to patch management, but the list of programs included in their scanner (http://support4.scriptlogic.co...article.aspx?id=15052) is the same as that advertised by Shavlik. Cost is about $20/PC plus annual maintenance (which isn't shown on their web site)
Both products let you evaluate their software for 30 days (though with a limit of 10 PCs scanned), and can be purchased from their respective websites. I did a short test of the current ScriptLogic software, but haven't tested Shavlik's current version.
************************************************************************
I am a business owner with about 15 PC installed in our office network. We do not have any in house IT support and contract out our network and PC support to a third party provider, who has always given us great service and the cost has been very reasonable. To date we have never had a problem with viruses or other malware (knock on wood). We are currently using Windows XP SP3 Microsoft Office 2003 or 2007 and IE V7 or 8 and some Firefox V3 and Symantec Endpoint for virus protection.
Today, we received this unsolicited proposal (quoted below) from our support company and it seems a little like overkill to me, but I really don?t have the knowledge to make a final judgment.
CLIFFS:
Consultant is recommending we install
Shavlik's NetChk Protect
--or?
ScriptLogic's Patch Authority Ultimate
Does anyone have any advice regarding if this is necessary??
**********************************************************************************************************
I want to let you know about an issue regarding computer security that is becoming increasingly important, and some options for addressing it.
The Issue: Running antivirus (AV) software on your PCs is an essential step towards keeping them free of viruses and other "malware". However, no AV software is perfect, so it's also important to keep your PC free of the vulnerabilities that malware exploit. In the past it was enough to tell users not to download unexpected files or open unexpected attachments. But while malware writers continue to target flaws in Windows itself, they also are increasingly targeting flaws in common web-based programs and files, such as Adobe Flash, Adobe Reader (PDFs), and Sun's Java, to install malware on PCs without requiring any action by the computer user.
Minimizing the Risk: Beyond keeping your antivirus software updated, the most important step in avoiding these risks is keeping up-to-date any software on your PC that might interact with web sites that you browse to. This includes Windows and MS Office, of course, but also software such as:
? Adobe's Flash, Reader and Acrobat
? Apple's QuickTime and iTunes
? Sun's Java
? RealPlayer
? Mozilla's FireFox web browser (and it's related Thunderbird email program)
While the organizations behind such software do include auto-update capabilities, these are clearly imperfect since I frequently find older versions of all these programs installed on PCs.
Solution 1: Keep Your PC Up-to-date: One obvious solution to this problem is to require that each computer user keep the software on their computer updated. For a home PC this is the only option available, though you can use free software such as Secunia Personal Software Inspector (http://secunia.com/vulnerability_scanning/personal/) to help with the job. However, for office PCs this is, in my experience, unrealistic.
Solution 2: Use Centralized Scanning and/or Updating Software: I think the only reliable way to ensure that all office PCs are kept up-to-date is to use scanning software that works like Secunia PSI, but which is designed to scan all PCs at once. I also think that the requirements for such software should be narrowed to include only those which can automatically download and install any required updates. The has come to be known as "patch management" software.
There are many products which advertise patch management capabilities, but most can only scan for and install updates to address vulnerabilities in core Microsoft software, such as Windows and Office. I see little benefit to these latter products, since they duplicate the service provided (reasonably well) by Windows Update, while ignoring the growing need for updates to third party software from Adobe, Apple, etc.
Fortunately there are patch management products which do including scanning and updating of such third party software. However the choices are limited by the fact that all seem to use the technology of one company, Shavlik Technologies (http://www.shavlik.com). This was the company that created the first Windows vulnerability scanner for Microsoft, and Shavlik has gone on to create their own line of patch management products, as well as licensing their core technology to other companies for inclusion in their own products. These latter products tend to be large enterprise management systems, where patch management is just one feature among many. This leaves only two options (that I could find) which provide relatively inexpensive patch management for smaller networks:
? Shavlik's NetChk Protect (http://www.shavlik.com/netchk-protect.aspx): Coming from the company that provides the technology to everyone else, this also claims to offer spyware scanning as well as patch management. However it is more expensive, at about $50/PC plus annual maintenance (which isn't shown on their web site)
? ScriptLogic's Patch Authority Ultimate (http://www.scriptlogic.com/Pro...atchauthorityultimate): This is limited to patch management, but the list of programs included in their scanner (http://support4.scriptlogic.co...article.aspx?id=15052) is the same as that advertised by Shavlik. Cost is about $20/PC plus annual maintenance (which isn't shown on their web site)
Both products let you evaluate their software for 30 days (though with a limit of 10 PCs scanned), and can be purchased from their respective websites. I did a short test of the current ScriptLogic software, but haven't tested Shavlik's current version.
************************************************************************