That Old-Time Security Religion

By Jim Rapoza  |  Posted 2001-08-27

Like professional athletes who seem to discover religion after every indiscretion, Microsoft has found security—again.

When breaches occur, the born-again Microsoft issues, maybe, a couple of new patches and a couple of workarounds. This time, after the little Code Red, uh, imprudence, Microsoft has also added a very useful tool to its standard redemption rites.

Microsoft Network Security Hotfix Checker (known as Hfnetchk and downloadable at is a command-line tool that let me quickly check all the Windows NT 4.0 and Windows 2000 servers here in the East Coast lab for missing patches. Besides finding holes in the operating system and in Internet Information Services, the checker also looked for missing patches for Internet Explorer 5.01 and later and for SQL Server 7.0 and 2000.

The tool downloads an XML-based signature file from Microsoft every time it is run, so its always up-to-date. However, Hotfix Checker simply displays the affected system and the cryptic patch ID number that Microsoft uses. This greatly added to our workload because we had to track down each patch on the Microsoft Web site.

Ideally, the tool would automatically download the patches, but we would have settled for links to the pages on the Microsoft site plus a little more information about the risks themselves.

The tool was created by Shavlik Technologies (, which sells a commercial version of this tool with a Web interface and links to download needed patches.

Rocket Fuel