Client Management Suite

 View Only

Altiris Patch Management vs Shavlik Patch Management 

May 14, 2009 04:06 PM

I recently read an article on patch management, the way forward and what most other solutions or companies are doing to keep with the fast pace and changes in the technology world. Virtualization was once only a dream by many, virtual offices, virtual malls, virtual pets, etc... Not so many years have passed and we now stand at that stage where virtualization is indeed a reality. Just looking at the computer industry, we have software that can basically do anything, from virtual hardware for your servers (although there is still some hardware involved, but much cheaper) to virtual applications that do not modify your base operating systems registry, can be activated / deactivated (installed / removed) within a matter of seconds, application streaming, etc.

Although your hardware is virtualized, the operating systems on these virtual platforms are still the same as it use to be, with some minor changes, Microsoft Windows, Linux, Unix and AIX are all still there and all function on these virtual hardware platforms. With the increase in development of these new virtual platforms, many more risks are also born and systems need to be updated with the latest security patches available. These days there are many patch management software solutions available out there, but only few are worth investing in or spending your time and effort on.

We have all worked with Microsoft WSUS at one stage of our careers, but let's face it, it was good in the beginning when it was one of the first solutions of its kind, but reporting functionality on WSUS is not very good. That's where the other software houses come into play, they contain the full package, functionality of deploying patches across the enterprise to endpoints and also provide excellent reporting on the status and vulnerability of your networks. Altiris Patch Management is one of those solutions that has all it takes to be the best. I will not go into many details of how Altiris Patch Management works, but would rather want to highlight some functionalities of the solution and compare it with Shavlik Patch Management Solution.

Altiris Patch Management Solution is an agent based solution, where it plugs into the Altiris Agent on the endpoint (computer), which is supported on Windows, Linux, Unix, AIX, Solaris and VMware platforms. This agent scans the end point for any vulnerabilities and reports back to the Altiris Notification Server, in the process giving you a complete overview of your organizations security risk.

Deploying the agents can sometimes be problematic as notebooks are not always connected to the network, agent services have been disabled / stopped or the agent can become corrupted and have to be reinstalled to remedy the problem, which takes up some resource time to troubleshoot and resolve.

With Shavlik Patch Management Solution, which I have used a couple of times, you have the same core functionality as you would find within the Altiris Patch Management Solution, but I'm not too sure on the reporting functionalities on vulnerabilities and status of a enterprise network. Shavlik can either be and agent or agentless solution and is also supported on Windows, Linux, Unix, AIX, Solaris and VMware. Being agentless, saves you the time of deploying the agent to your endpoint as it is not needed for the solution to function. An added extra to the Shavlik solution is that it has developed the ability to patch offline VMware images, impressive!

Even though your VMware server image is offline, you will be able to patch that server, so when it is brought into the live environment it will be up to date with the latest security patches, saving time and effort in setting up a new server or workstation into the production world.

I'm not sure if Altiris Patch Management is also headed that way in versions to come, but it would add a great deal of functionality to the solution.

Statistics
0 Favorited
2 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

Aug 30, 2010 02:05 PM

Phil,
There is already support for Dell Patch Management (drivers, firmware, etc) so I would think it would just take HP and Symantec partnering to define the "rules" and links, etc.  Not sure how this is handled with Dell currently, but I would think it is possible for HP as well.  The Software Management framework, combined with existing Inventory should be able to come together to provide the necessary targets as well.  I would suggest creating a new "Idea" (click Create - Idea in the upper-right corner) in the Ideas section, and posting a link back to it here.

Aug 30, 2010 09:17 AM

One 3rd party supplier I would love to see integrating with Altiris patch management is HP. If you use MS SCCM 2007 they have a plugin called HP Server Updates Catalog for System Center Configuration Manager 2007 which enables driver/firmware/psp updates to be integrated right into the windows update services client. When you have to roll out MS updates it's often the ideal time to include driver and firmware updates - so you can avoid multiple downtime windows.

I'm sure this kind of integration is possible with Altiris patch management services. With the long history of integration between HP and Altiris (rapid deployment pack being the obvious example) is there any chance we might see this kind of plugin in the future?

Phil L

Nov 20, 2009 09:54 AM

jloubser,
The answer to your issue is to use Software Delivery.   The .msi or .exe for Flash and Adobe can be downloaded and customized and pushed out.  No, it is not as simple as Patch Management which figures out all the command lines, applicability, etc for you, but it the only real option you have.  IanAtkin has a very nice article on using software delivery (specifically around creating the requisite collections for pushing out only to applicable machines).  Well I guess you could enable the Automatic update functions in Flash and Reader...but that can be a lot of Internet bandwidth and takes a lot of control out of your hands...

Nov 19, 2009 08:23 AM

So then, have been using CMS 6x for a while and it works well...the downside of the Adobe and Flash patching has always been an issue, but we were looking forward to getting this fixed in version 7...then I went on the NS 7 training and suffice to say, we will NOT be going that route any time soon. This leaves us with a bit of a problem, how to address the Adobe and Flash issues?!? I would like to see Symantec adding that functionality in for CMS 6, would sure make a lot of people happy!!!

Sep 03, 2009 12:45 PM

Although I've arrived a bit late to the Party, Kyle is correct (when isn't he?  ;-) )  With our CMS 7.0 SP1 release due out this month (September 2009) we have added support for Adobe (Reader, Acrobat, Flash) and Mac OS X (Apple Software Update Only).

 

Jun 04, 2009 12:48 PM

It's a shame that patching 3rd party applications will only be available in the 7.x branch, as only Client Management Suite customers have the freedom to migrate to 7.x line.

Customers who've purchased stuff from the Asset side have no option at the moment but to stick with the legacy 6.x branch until the rest of the solutions are upgraded to 7.x (and then of course its months of test'n'dev to make sure all the important stuff migrates nicely)

So I can't help but be insanely jealous of those who've just bought CMS by itself -patching apps like Adobe Reader, Flash and Java  takes an awful lot of our time.

On the flip side however, all this stuff should be well bedded-in by the time we join the fold....








Jun 04, 2009 12:14 PM

Emily,
Andrew will probably respond to this thread as well, but he has stated on others that patching for Adobe Reader and Java are in the pipeline and the last I saw he hoped to have them in production by the end of 2009 (under NS/Patch 7.x only, not back-ported to NS6/Patch 6.2).

Jun 03, 2009 05:54 PM

I am an Altiris TMS customer and have been using PM for a couple of years now.  Great product for patching Microsoft products and reporting on compliance, no doubt.  I'm disappointed in the lack of ability to patch other 3rd party applications (such as Adobe for example).  Altiris solution is to build and deploy software delivery packages to address these vulnerabilities which takes us back to dedicating resources to doing so and then managing compliancy ourselves.  Not a good alternative in my opinion.

I have also been fortunate enough to utilize Shavlik NetChk Protect for several years.  We enjoy the agentless option, especially given that we have so many agents installed on our devices already (several Altiris, SEP, BESR, etc).  Shavlik NetChk also has done a great job of managing our spyware.  But the main reason we maintain Shavlik in our environment is to patch our non-Microsoft applications.  Is this on the roadmap for Altiris Patch?  It definately should be.

May 17, 2009 09:56 AM

 Thanks for correcting me there Andrew, as i also mentioned have little experience working with that product. Not many products to come close to Altiris Patch Management in my opinion.

May 15, 2009 04:33 PM

Shavlik does not have support for Linux/UNIX (Solaris/AIX/HP-UX) patching - it is Windows focused with support for various 3rd party applications and patching offline or "cold" Virtual Machines, which you pointed out.  They did acquire some *nix patching capability from St. Bernard some years ago but I don't believe they are currently spending any Engineering cycles maintaining/updating that code.

Anyway, I am the Product Manager for Altiris Patch Management and have captured your "Ideas"...:-)

Thanks for the feedback.

May 15, 2009 06:46 AM

Thanks will look out for that new "Ideas" section to add the requests there.

May 14, 2009 04:15 PM

Comming soon to Connect is a new feature called "Ideas" where you will be able to submit feature requests to product developers. We've had many questions regarding the best way to submit a feature request to Symantec and that will be your opportunity to communicate with the product teams.


Related Entries and Links

No Related Resource entered.