Labs Answers Patch Management Questions

Labs answers questions that arose during eSeminar Q&A.

Patch management should always be on the front burner for all IT departments, but in the aftermath of yet another onslaught of malicious code, its even more compelling.

During Ziff Davis Media Inc.s late-August Patch Management Best Practices eSeminar, participants raised many key questions, including how best to budget scarce IT time and dollars for an ever-expanding task.

Presenting during the eSeminar was eWEEK Labs Senior Analyst Cameron Sturdevant, and the following are his responses to some of the questions asked by seminar attendees using the platforms Q&A tool.

For a recorded version of the eSeminar or to learn more about the eSeminar program, go to To read eWEEK Labs recent patch management package, click here.

Im a team of one doing net administration and user support. How can I study and test patches when I have such limited time already?

It can be quite helpful to get consolidated tech notes, newly posted hot fixes and service releases. PatchLink and several other vendors provide this kind of assistance.

Should patch management be considered a full-time job?

It depends on the size of the organization and the variety of operating systems and applications that are considered business-critical.

What are some things software companies (such as Microsoft Corp.) can do to reduce the drastic increase in vulnerabilities that we are experiencing?

Corporate IT can insist on a lockdown default system configuration from suppliers.

Wouldnt agent-based patch management be more appropriate for laptop systems?

That depends more on how theyre connected to the network than on the form factor of the client system (laptop or desktop). However, assuming that laptops are more likely to be connected only occasionally and may connect from behind a firewall, agent-based patch management systems are best for laptops. This is because the agent can facilitate secure communication between the central patch management server and the client without relying on RPCs [remote procedure calls], which is how most agentless patch management systems work.

Next page: Service packs or security patches?