Microsoft Recommends Shavlik

Its pretty well known that we have been working on patch management for a long time, creating MBSA and now providing Shavlik NetChk Limted, which is directly recommended by Microsoft.  We are focused helping assure our customer's and the industry in general are getting strong security support. Our on going relationship with Microsoft is key to this.

Here are some related links:

Microsoft

Legacy Product Support: For customers using legacy products not supported by MBSA 2.0.1, Microsoft Update, and WSUS, Shavlik Technologies provides a free MBSA 2.0.1 companion tool called Shavlik NetChk Limited.

Users who have the following products in their environment can use Shavlik NetChk Limited to augment MBSA 2.0.1 results for comprehensive security update detection.

•	Office 2000
•	ISA Server 2000
•	FrontPage Server Extensions 2000/2002
•	Visual Studio .Net 2002/2003
•	SQL Server 7.0/2000
•	Other products not included in Microsoft Update's supported product list

WindowsITPro

"Shavlik Technologies was an easy choice for Microsoft to go to for providing continuity in supporting [complete security scanning] for customers who are using some of the older products," said Stephen Toulouse, Group Program Manager at Microsoft. "Shavlik has an intimate knowledge of security detection requirements since they helped develop the first version of MBSA for Microsoft."

Redmond Mag

ENT

Shavlik's NetChk Protect Limited searches for critical  security patches and spyware. However, the free version does not install patches  or remove spyware, according to the product's Quick Start Guide posted on  Shavlik's Web site. 

Get this free product, without any registration or timeous here.

Shavlik Survey (SSL Based)

I wrote up a survey at https://www.surveymonkey.com/s.asp?u=394252488617

Please take 5 minutes to answer a few questions if you have the time.  It really helps us build the right products and company for you.

The survey is SSL encrypted and you do not need to give us your name etc unless you want to.

I will post results once there is some solid data.

Thank you,
Mark

 

Patching beyond Microsoft - on Windows

Update: some of the products in the article will be supported by us in Q4 if we do not support them know.  Thanks for asking (via the comment below) I should have been more clear.

This is a good article on the issues around patching and patch management, its not just about Microsoft which is pretty clear.  Our patching products support these patches, all full featured patching products will but vendor supplied patching tools such as WSUS do not support these patching, leaving network security holes all over networks breaking any Risk or Compliance Management in place, if only some security patches are measured and managed systems are not secure but they will be reported as secure, which will of course lead to problems.

"JULY 28, 2006 | Holes in Microsoft Windows, Office, and Internet Explorer may be the most popular conduits for a desktop attack, but they aren't the only ones.

Other desktop apps can be softer targets, mostly because they don't get IT's attention when it's swamped with monthly Patch Tuesday updates. The Mozilla Firefox browser vulnerabilities, revealed this week, are a recent example of how other, not-so-high profile desktop apps are increasingly facing security risks."

New Scriptable Scanner Shipping

The testing of our MBSA 1.2.1 (written by us as part of our long time partnership with Microsoft a number of years ago now) patch management scanner is looking good and we are going to release the product shortly.  We are working hard so we can make a formal announcement in time for our users to test and integrate this new product in time for the May patch day from Microsoft.  (update: its shipping!)

This is an entirely new scanning engine, its much faster than the engine in MBSA, it uses much less network bandwidth and it looks for many more products. Its a long list of supported products, so much so you do not need MBSA 1.2.1, nor MBSA 2.1 or any other patching checking tool from Microsoft.  You can also simply rename the MBSA and other tool references in your scripts.  This is a big simplification which should reduce time and costs for all users including SMS users.  MBSA is a great product and its used by millions each day, we are just taking that engine and data and giving it an update.

We are calling this product Shavlik NetChk™ Analyzer, or sna, instead of hfnetchk to reflect the changes we have made over the years since hfnetchk was first launched.  But we have not gone that far from our roots, sna is based on the same code and uses the same input XML style as MBSA. (our xml comes from our data team and not from Microsoft, we did the initial XML for Microsoft but few years ago we started to make our own private versions so we can add more products and better detail the products we scan for).  Sna was written by the same team that wrote hfnetchk, they have been working on this for years. - thanks to them for making this new release.  You will see many of the hfnetchk roots in this latest release.

The beta and other feedback is showing many users are interested in this product, drop me a note with any feedback you have.

Susan Bradley on WSUS and HFNetChkPro

Susan Bradley has a nice overview on using our products along with Microsoft's.

I do agree with her key points of using a third party to verify, along with support for non-Microsoft products.  Both are items we are working to add more support for in the coming months and they do make us a solid compliment to WSUS and SMS.

I also think we can be a full replacement for WSUS and/or SMS giving admins one tool set to work with.  Since we support all the patches Microsoft WSUS and SMS does along with many more we can be either a complete WSUS replacement or a great compliment. 

I know our products have a charge now, but overall I think the time savings and increased coverage more than make up for the initial costs.  Our costs are recovered after about 2 patches days I think.  The same holds true for SMS and other system management products, its always good to check and there is no need to spend the time with SMS just to do patching.