Combining the Shavlik Netchk patch management system with the Sunbelt VIPRE anti-malware engine, Protect 7 is a full- featured security solution. Howewer, anti-malware is not fully integrated into the management console, and eWEEK Labs experienced some quirkiness with the GUI during tests.
Perhaps the most time- and resource-consuming task on IT professionals'
security to-do list is patching applications and operating systems. The rise in
popularity of virtual machine technology only intensifies the issue.
Add to that the nightmare of malware. No longer simply a nuisance, today's
malware threatens personal, corporate and customer data, not to mention the
havoc it can wreak on both physical and virtual machines.
Most companies deal with this by putting up strong defenses in the form of
firewalls, anti-malware gateways and endpoint protection suites. In the event
that a threat gets through, it's more common to reformat and redeploy than it
is to clean and reconfigure. And after a machine is redeployed, it needs to be
Shavlik Netchk Protect 7 promises to solve both patching and malware issues
with a single agent for each physical and virtual machine, as well as a single
management console. For the most part, Protect 7 delivers, but several
shortcomings disappointed me during testing.
Protect 7-which is priced starting at $40 per seat with volume discounts
available-is a great patch management product, a very good client anti-malware
product and an extremely user-friendly management console. However,
anti-malware is not fully integrated into the management console, and I
experienced some quirkiness with the management GUI.
The management console was stable on a Vista Ultimate 64 workstation, which
is where I did most of my testing. I experienced scan result updating
issues, and I had major stability issues on my initial Windows Server 2003 EE
There is a requirement, which I did not see in the documentation, that the
management console not run on a domain controller. After I called to report the
problems I was having, tech support informed me that "... the machine SID
fails. When a machine becomes a DC it gives up its machine SID
to be the Domain SID. For now, we have made
it part of our requirements to not install the console on a DC."
The instability made it impossible to test on Windows Server 2003. I lost
agent configurations, and patch deployments were abruptly terminated. This
seems too important a requirement to be buried on a list in the manual, but I
technically can't blame Shavlik because it was there. That said, perhaps it
would make sense if the installation could check to see if it is being
installed on a domain controller, or even the program could check when it
starts. Anything rather than crashing every few minutes would be better.
Installing Netchk Protect 7 went as smoothly as could be. An installation
wizard scanned my server for requirements (but not for whether the server was a
domain controller), then downloaded and installed required components as
needed. On first run, a setup wizard gave me the option to import old scan
templates and configure automatic e-mailing of results.
Matthew D. Sarrel, CISSP, is a network security,product development, and technical marketingconsultant based in New York City. He is also a gamereviewer and technical writer. To read his opinions on games please browse http://games.mattsarrel.com and for more general information on Matt, please see http://www.mattsarrel.com.