Windows Security Ranks High on Tech Ed Agenda

Reporter's Notebook: Patch management, spyware and virus protection are hot topics for Tech Ed attendees.

ORLANDO, Fla.—Walking into Steve Ballmers keynote on the first morning of Microsofts Tech Ed conference here, one immediately gets the sense that software updates, patch management and Windows security will be front-burner topics.

Even before the Microsoft Corp. CEO officially announced the release of WSUS (Windows Server Update Services), attendees were fiddling with free copies of the patch-management infrastructure handed out before the keynote began.

For Ismael Pimienta, a network specialist at the University of Miami, the final version of WSUS is a "must have" to help schlep through the complications associated with the large-scale, rapid deployment of Windows updates.

"Were managing a Windows-centric environment with 150 servers and we depend heavily on these tools," Pimienta said in between visits to the many security-themed booths on the show floor.

Pimienta and two other colleagues said they are here at Tech Ed primarily to look at security technologies to improve the way the universitys servers and desktops are protected.

After grilling the representatives at the Sybari Software Inc. booth about features of their enterprise anti-virus and anti-spam products, Pimienta told Ziff Davis Internet News that he was largely satisfied with Microsofts efforts to secure the software it sells and was pleased that a patch-management solution was ready and freely available.

"I have to say, they [Microsoft] have been much more responsive on security and their patches and updates have become more and more stable. We trust SUS for the delivery of patches and we plan to migrate to WSUS now that theres a final version," Pimienta said.

Even so, he said, the school still uses a third-party vendor to verify and test the updates before deployment, and adopts strict patch testing on a limited number of servers and desktop before full-scale rollout.

/zimages/1/28571.gifRead more here about the release of WSUS, Microsofts patch-management suite.

Mario Juarez, a program manager in Microsofts Security Business & Technology Unit, said the company was thrilled by user feedback during the extended WSUS beta test. "Weve had 68,000 downloads of WSUS, and the feedback has been phenomenal. Were seeing customers and partners doing some really cool stuff on the integration side," Juarez said in an interview.

Microsoft partners integrating the patch-management mechanism into third-party products include Patchlink Inc., Citadel Security Software Inc. and BindView Corp.

During the testing phase, Juarez said Microsoft logged almost 70,000 downloads and counted WSUS deployments on about 21,000 servers in corporate environments.

It was not easy to get attendees to open up about patch deployment and internal security mechanisms. Privately, IT administrators who made the trek here to survey security technologies said they plan to use WSUS but only alongside third-party patch-management solutions.

"We will use the Microsoft product but, for checks and balances, well pay for another vendor to help with the verification of the patches and, in some cases, even the delivery," said one IT administrator who is here to shop for enterprise anti-spyware software.

On the other hand, Brian Thompson, who is part of a two-man team responsible for security at Socket Communications Inc., said he currently uses SUS exclusively to handle the distribution of patches to the companys 75 desktop systems.

"Well upgrade to WSUS," he said matter-of-factly. "I havent found anything better to handle what we do. It works perfectly for us on the client side."

For Sockets 25 servers, it remains a manual update process. "Automated server patching is a no-no. I do those manually," Thompson said.

Next Page: The spyware menace.