Perhaps the most time- and resource-consuming task on IT professionals' security to-do list is patching applications and operating systems. The rise in popularity of virtual machine technology only intensifies the issue.
Add to that the nightmare of malware. No longer simply a nuisance, today's malware threatens personal, corporate and customer data, not to mention the havoc it can wreak on both physical and virtual machines.
Most companies deal with this by putting up strong defenses in the form of firewalls, anti-malware gateways and endpoint protection suites. In the event that a threat gets through, it's more common to reformat and redeploy than it is to clean and reconfigure. And after a machine is redeployed, it needs to be patched.
Shavlik Netchk Protect 7 promises to solve both patching and malware issues with a single agent for each physical and virtual machine, as well as a single management console. For the most part, Protect 7 delivers, but several shortcomings disappointed me during testing.
Protect 7-which is priced starting at $40 per seat with volume discounts available-is a great patch management product, a very good client anti-malware product and an extremely user-friendly management console. However, anti-malware is not fully integrated into the management console, and I experienced some quirkiness with the management GUI.
The management console was stable on a Vista Ultimate 64 workstation, which is where I did most of my testing. I experienced scan result updating issues, and I had major stability issues on my initial Windows Server 2003 EE test machine.
There is a requirement, which I did not see in the documentation, that the management console not run on a domain controller. After I called to report the problems I was having, tech support informed me that "... the machine SID fails. When a machine becomes a DC it gives up its machine SID to be the Domain SID. For now, we have made it part of our requirements to not install the console on a DC."
The instability made it impossible to test on Windows Server 2003. I lost agent configurations, and patch deployments were abruptly terminated. This seems too important a requirement to be buried on a list in the manual, but I technically can't blame Shavlik because it was there. That said, perhaps it would make sense if the installation could check to see if it is being installed on a domain controller, or even the program could check when it starts. Anything rather than crashing every few minutes would be better.
Installing Netchk Protect 7 went as smoothly as could be. An installation wizard scanned my server for requirements (but not for whether the server was a domain controller), then downloaded and installed required components as needed. On first run, a setup wizard gave me the option to import old scan templates and configure automatic e-mailing of results.