Like professional athletes who seem to discover religion after every indiscretion, Microsoft has found securityagain
Like professional athletes who seem to discover religion after every indiscretion, Microsoft has found securityagain.
When breaches occur, the born-again Microsoft issues, maybe, a couple of new patches and a couple of workarounds. This time, after the little Code Red, uh, imprudence, Microsoft has also added a very useful tool to its standard redemption rites.
Microsoft Network Security Hotfix Checker (known as Hfnetchk and downloadable at support.microsoft.com/support/kb/articles/q303/2/15.asp) is a command-line tool that let me quickly check all the Windows NT 4.0 and Windows 2000 servers here in the East Coast lab for missing patches. Besides finding holes in the operating system and in Internet Information Services, the checker also looked for missing patches for Internet Explorer 5.01 and later and for SQL Server 7.0 and 2000.
The tool downloads an XML-based signature file from Microsoft every time it is run, so its always up-to-date. However, Hotfix Checker simply displays the affected system and the cryptic patch ID number that Microsoft uses. This greatly added to our workload because we had to track down each patch on the Microsoft Web site.
Ideally, the tool would automatically download the patches, but we would have settled for links to the pages on the Microsoft site plus a little more information about the risks themselves.
The tool was created by Shavlik Technologies (www.shavlik.com), which sells a commercial version of this tool with a Web interface and links to download needed patches.
Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.