Altiris Patch Management vs Shavlik Patch Management
I recently read an article on patch management, the way forward and what most other solutions or companies are doing to keep with the fast pace and changes in the technology world. Virtualization was once only a dream by many, virtual offices, virtual malls, virtual pets, etc... Not so many years have passed and we now stand at that stage where virtualization is indeed a reality. Just looking at the computer industry, we have software that can basically do anything, from virtual hardware for your servers (although there is still some hardware involved, but much cheaper) to virtual applications that do not modify your base operating systems registry, can be activated / deactivated (installed / removed) within a matter of seconds, application streaming, etc.
Although your hardware is virtualized, the operating systems on these virtual platforms are still the same as it use to be, with some minor changes, Microsoft Windows, Linux, Unix and AIX are all still there and all function on these virtual hardware platforms. With the increase in development of these new virtual platforms, many more risks are also born and systems need to be updated with the latest security patches available. These days there are many patch management software solutions available out there, but only few are worth investing in or spending your time and effort on.
We have all worked with Microsoft WSUS at one stage of our careers, but let's face it, it was good in the beginning when it was one of the first solutions of its kind, but reporting functionality on WSUS is not very good. That's where the other software houses come into play, they contain the full package, functionality of deploying patches across the enterprise to endpoints and also provide excellent reporting on the status and vulnerability of your networks. Altiris Patch Management is one of those solutions that has all it takes to be the best. I will not go into many details of how Altiris Patch Management works, but would rather want to highlight some functionalities of the solution and compare it with Shavlik Patch Management Solution.
Altiris Patch Management Solution is an agent based solution, where it plugs into the Altiris Agent on the endpoint (computer), which is supported on Windows, Linux, Unix, AIX, Solaris and VMware platforms. This agent scans the end point for any vulnerabilities and reports back to the Altiris Notification Server, in the process giving you a complete overview of your organizations security risk.
Deploying the agents can sometimes be problematic as notebooks are not always connected to the network, agent services have been disabled / stopped or the agent can become corrupted and have to be reinstalled to remedy the problem, which takes up some resource time to troubleshoot and resolve.
With Shavlik Patch Management Solution, which I have used a couple of times, you have the same core functionality as you would find within the Altiris Patch Management Solution, but I'm not too sure on the reporting functionalities on vulnerabilities and status of a enterprise network. Shavlik can either be and agent or agentless solution and is also supported on Windows, Linux, Unix, AIX, Solaris and VMware. Being agentless, saves you the time of deploying the agent to your endpoint as it is not needed for the solution to function. An added extra to the Shavlik solution is that it has developed the ability to patch offline VMware images, impressive!
Even though your VMware server image is offline, you will be able to patch that server, so when it is brought into the live environment it will be up to date with the latest security patches, saving time and effort in setting up a new server or workstation into the production world.
I'm not sure if Altiris Patch Management is also headed that way in versions to come, but it would add a great deal of functionality to the solution.
Coming soon!
Comming soon to Connect is a new feature called "Ideas" where you will be able to submit feature requests to product developers. We've had many questions regarding the best way to submit a feature request to Symantec and that will be your opportunity to communicate with the product teams.
Endpoint Management & Virtualization
Community Manager
www.twitter.com/EMnV_symc
Thanks will look out for that
Thanks will look out for that new "Ideas" section to add the requests there.
Technical Consultant
Http://www.alttech.co.za
Correction...
Shavlik does not have support for Linux/UNIX (Solaris/AIX/HP-UX) patching - it is Windows focused with support for various 3rd party applications and patching offline or "cold" Virtual Machines, which you pointed out. They did acquire some *nix patching capability from St. Bernard some years ago but I don't believe they are currently spending any Engineering cycles maintaining/updating that code.
Anyway, I am the Product Manager for Altiris Patch Management and have captured your "Ideas"...:-)
Thanks for the feedback.
------------------------------------
Product Manager
Symantec
Thanks for correcting me
Thanks for correcting me there Andrew, as i also mentioned have little experience working with that product. Not many products to come close to Altiris Patch Management in my opinion.
Technical Consultant
Http://www.alttech.co.za
Altiris Patch Management vs Shavlik NetChk Protect
I am an Altiris TMS customer and have been using PM for a couple of years now. Great product for patching Microsoft products and reporting on compliance, no doubt. I'm disappointed in the lack of ability to patch other 3rd party applications (such as Adobe for example). Altiris solution is to build and deploy software delivery packages to address these vulnerabilities which takes us back to dedicating resources to doing so and then managing compliancy ourselves. Not a good alternative in my opinion.
I have also been fortunate enough to utilize Shavlik NetChk Protect for several years. We enjoy the agentless option, especially given that we have so many agents installed on our devices already (several Altiris, SEP, BESR, etc). Shavlik NetChk also has done a great job of managing our spyware. But the main reason we maintain Shavlik in our environment is to patch our non-Microsoft applications. Is this on the roadmap for Altiris Patch? It definately should be.
Emily, Andrew will probably
Emily,
Andrew will probably respond to this thread as well, but he has stated on others that patching for Adobe Reader and Java are in the pipeline and the last I saw he hoped to have them in production by the end of 2009 (under NS/Patch 7.x only, not back-ported to NS6/Patch 6.2).
Thanks,
Kyle
Symantec Trusted Advisor
If your question has been resolved, please be sure to click "Mark as Solution"! Thank you.
Whoops...
Although I've arrived a bit late to the Party, Kyle is correct (when isn't he? ;-) ) With our CMS 7.0 SP1 release due out this month (September 2009) we have added support for Adobe (Reader, Acrobat, Flash) and Mac OS X (Apple Software Update Only).
------------------------------------
Product Manager
Symantec
It's a shame that patching
It's a shame that patching 3rd party applications will only be available in the 7.x branch, as only Client Management Suite customers have the freedom to migrate to 7.x line.
Customers who've purchased stuff from the Asset side have no option at the moment but to stick with the legacy 6.x branch until the rest of the solutions are upgraded to 7.x (and then of course its months of test'n'dev to make sure all the important stuff migrates nicely)
So I can't help but be insanely jealous of those who've just bought CMS by itself -patching apps like Adobe Reader, Flash and Java takes an awful lot of our time.
On the flip side however, all this stuff should be well bedded-in by the time we join the fold....
Ian Atkin
Senior Developer for the ICT Support Team,
Oxford University, UK
Would you like to reply?
Login or Register to post your comment.