OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Brad Judy (judy_at_colorado.edu)
Date: Thu Feb 20 2003 - 14:11:14 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I've been playing with SUS for a while, but not using it in production.
    There was a discussion on the topic recently on another list where
    various solutions including SUS, SMS, and third-party tools were
    discussed. Overall there seemed to be no ideal tool and different
    environments were better suited to different tools.

    There are some definite pros and cons for SUS. The most notable pro, of
    course, is the price. It is a free (outside of Windows Server licenses)
    solution for allowing clients to grab critical updates from a local,
    approved list.

    There are several cons:

    -Limited scope of patches (critical updates to IE and OS only)
    -Scheduled pull topology (can't push out an urgent patch)
    -Poor logging (minimal server-side logging and some client-side logging)

    Overall it's something to consider, but not nearly the same as the
    third-party solutions you mentioned. Those allow for a much broader
    range of patches to be applied and are generally push based. Personally
    I found Hfnetchk Pro to be the most appealing of the tools I tried, but
    the minimum license size of 50 systems was not appealing to someone who
    maintains only a handful of infrastructure servers.

    For our distributed environment the current version of SMS is not
    manageable due to its need for domain admin level access. I am hopeful
    that the next version will have more potential for environments like
    mine.

    Brad Judy

    Information Technology Services
    University of Colorado at Boulder

    > -----Original Message-----
    > From: Starks, Brad [mailto:BStarksco.marin.ca.us]
    > Sent: Wednesday, February 19, 2003 5:43 PM
    > To: 'focus-mssecurityfocus.com'
    > Subject: MS Software Update Service
    >
    >
    > Hi everyone,
    >
    > Microsoft's Software Update Service has been out for awhile
    > (they've recently released a service pack for it, too) and I
    > was curious as to what folks think about it. If you're using
    > this technology, are you happy with it? How well does it suit
    > your needs? Is it comparable to other solutions like Update
    > Expert, Hfnetchk Pro, Net Octopus, etc.?
    >
    > In addition, has anyone used the Feature Pack for SMS that
    > contains the SUS (as well as all kinds of additional)
    > components? How does that compare to the standard SUS?
    >
    > Thanks in advance,
    >
    > Brad Starks
    > IST Security Team
    > County of Marin
    >