Hi Todd/Steven, If you are looking for a simple solution for patch management using SCUP check out our demo's here: https://patchmypc.net/scup and https://patchmypc.net/documentation.
Please let me know if you have any questions, and feel free to ping me offline if you think we may be a good solution for you. Thanks, Justin Patch My PC Support Support Forum: https://patchmypc.net/forum Support Email: [email protected]<mailto:[email protected]> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Miller, Todd Sent: Wednesday, July 9, 2014 4:50 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] Secunia I find the scanning portion of the tool to work very well. You can scan using a client on the system, or it can be made to scan against software inventory data in SCCM. I choose to scan against SCCM software inventory data, but that does mean you have to turn on SCCM software inventory which plently of people hate. I find I need it for other things anyway - so two birds one stone. It helps to figure out what patches you are missing in your environment and also to prioritise which patches you should focus on based on number of hosts affected and severity of the vulnerability. Those are the PROS of the software. Here are the CONS... They only provide patches due to security issues, so if patches are provided by software for feature or bugfix reasons, they do no support the patch. For instance, they are behind on Shockwave patches currently because the current version is a bug fix to a previous version and is not a security risk. To me, I want to rely on this product to patch Shockwave - not just when the missing patch is a security risk. The other major drawback of the product is the quality of the patches are really not up to snuff. It is uncommon for me to take a patch from secunia and have it work reliably. I end up recoding all the patches and by the time I finish with that, I wonder if I am really gaining all that much over SCUP. On the one hand the detection part of the patch is all fixed up for me, but I have to write my own code to actually apply the patch and the secunia framework just calls the executable I write to apply the patches. Here are examples of what I mean. We installed Flash using the MSI provided from the Adobe redistribution license. Secunia was great at detecting that flash was out of date and provided a patch to update flash to the current version. Unfortunately, the patch from Secunia assumes you used the EXE version of the Flash installer from Adobe. The end result from using Secunia's provided patch is that the systems were left with two versions of Flash installed. One older from the MSI version and one current from the EXE/patched version. Same story for Shockwave. I have a custom build of Firefox, so I always have to build the new version of Firefox MSI and then replace the Secunia patch installer with my own custom MSI. It is not that much work. Apple Quicktime, I modified to not check for updates and not put the quicktime icon on the desktop. After applying the Secunia supplied Quicktime patch, all those settings (no check for update - no desktop icon) revert to the default. So I had to build my own self-extracting exe that updated Quicktime silently. So, it is no panacea. If you think you can just check in a bunch of patches for third party programs and deploy them out to your clients seamlessly, forget about it. It is still a full time job one week a month to prepare/test/deploy patches. But, Secunia is great at figuring out what patches you should be working on, and is a big help at developing the targeting rules in the patch and publishing to SCCM. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Sherry Kissinger Sent: Wednesday, July 09, 2014 2:30 PM To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] Secunia I've used it in a lab environment--and it's quite nice. We haven't bought it (yet--internal politics, who is going to pay for it, that kind of thing; but I have high hopes). I can't think of anything bad about their product at all. It's all good. Contact them for a demo is the easiest. To be fair, don't forget about looking at Shavlik, PatchMyPC.net, and um...I think there's a couple more. Eminentware? did I forget a few more? If you've already implement SCUP / deployed a trusted certificate, any one of them will allow you to deploy 3rd party patches. You'd just have to determine which vendor best fits your needs. Sherry Kissinger On Wednesday, July 9, 2014 1:57 PM, "Mitchell, Steven R" <[email protected]<mailto:[email protected]>> wrote: Hey all, Does anyone have any good/bad information on Secunia? There is a move here to look into this for addressing vulnerabilities. Just curious if you have had dealings with it as a solution. Thanks, Steven CONFIDENTIALITY NOTICE: This e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and may contain confidential and privileged information protected by law. If you received this e-mail in error, any review, use, dissemination, distribution, or copying of the e-mail is strictly prohibited. Please notify the sender immediately by return e-mail and delete all copies from your system. ________________________________ Notice: This UI Health Care e-mail (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is confidential and may be legally privileged. If you are not the intended recipient, you are hereby notified that any retention, dissemination, distribution, or copying of this communication is strictly prohibited. Please reply to the sender that you have received the message in error, then delete it. Thank you. ________________________________
