Solaris 9 to Ease Patch Uploads

Sun hopes to lift up its operating system where competitors have slipped, through automated software and security patch uploading.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Sun Microsystems Inc. is hoping to lift up its operating system where competitors have slipped, through automated software and security patch uploading.

Among the new features planned for Solaris 9, due at the end of the month, is Patch Manager, an analysis engine that automates the process of locating required security and software patches for a target system, said officials of the Palo Alto, Calif., company. Also on tap is Solaris Product Registry, a mechanism that maintains a record of the software installed, modified or removed through the life cycle of a system.

"The goal is to provide a consistent repository of information unique to that system, held locally so it can be interrogated from multiple sources," said Derek Maxwell, Suns product line manager for Solaris. "This is important for administrators, as it gives them a total software history for a machine."

Patch Manager, a Java application downloaded to the system, checks the configuration, determines what patches are already loaded and compares this against the Patch Database resident at Sun. A patch assessment and recommendation is issued based on what patches should be on such a configured system, said Dave Uhlir, group manager for Solaris Systems, a division of Sun.

"These are all signed patches and delivered via a secure transport protocol, which is a change from the current system of general delivery of unsigned patches," Uhlir said. "We want to ensure customers only get those patches appropriate for their systems."

Uhlir said administrators will have control and can either take no action or schedule installs whenever its convenient. "Users can be very granular about which of these discrete patches they select," he said.

Patches destabilize systems

Earlier this year, some Windows XP users said automatic patches delivered from Microsoft Corp.s Windows Update caused systems to become unstable and some device drivers to stop working.

That is unlikely to happen with Solaris Patch Manager, Uhlir said, because Suns patches are limited to narrow issues and designed to fix only known problems without touching other parts of the system. Windows Update often pushes out a conglomeration of patches and enhancements all at once that can cause unintended changes under the covers, he said.

Jim Cullinan, lead product manager for Windows XP at Microsoft, in Redmond, Wash., said Microsoft has a unique set of challenges with patches, given the huge number of Windows users and the variety of system and hardware configurations they have.

"Our patch delivery system is not perfect yet, but we are doing the best we can," Cullinan said. "We are listening to customers and providing the tools they want. Suns Solaris is nowhere near as popular as Windows, so they do not face the same challenges we do."

John Weekley, an information security analyst at a large financial company in St. Louis, welcomed the Sun moves, saying users will now be able to easily gather the total history of a system. But Weekley said that, as a security analyst, he was still concerned about the prospect of Patch Manager sending what amounted to vulnerability data to a third party.

"Id much prefer to see this functionality provided as an entirely stand-alone system that could be used from inside corporate defenses, without exposing what could be sensitive information to others," Weekley said.

Alan DuBoff, CEO of Software Orchestration Inc., in San Jose, Calif., disagreed, saying it makes sense to be able to get security patches easily over the network to update a machine.

Sun will also offer a command-line version of Patch Manager for all previous versions from Solaris 2.6 onward sometime after the Solaris 9 launch, Suns Uhlir said.

Also shipping for the first time with Solaris 9 is Live Update, a technology that allows users to set up multiple boot environments that can be assembled offline. If one such environment is problematic, users can reboot into the previous environment.

Related stories

  • Solaris 9 Beta Two Hits The Street
  • Review: Solaris 9: Major Advance