Smoothly handling a continuous series of upgrades — for Windows and many other pieces of software — is the key to keeping our computers safe from hackers and compatible with the latest technologies.
Patch management has become a crucial and in-demand skill in today’s world. So I’m excited that a new e-book has just been published that gives PC users and administrators a world-class education on the subject. Best of all, the company behind the e-book is giving it away for free.
Patch Management Best Practices is a 100-page, printable PDF file containing six chapters. The authors are Anne Stanton, president of the Norwich Group, a business-process consulting service, and Susan Bradley, a high-tech CPA and a contributing editor of the Windows Secrets Newsletter, whose Windows Patch Watch Column appears in the paid version.
The e-book is sponsored by and is being given away by Ecora Software Corp., the maker of Ecora Patch Manager, a serious upgrade-management solution. I was pleased to see, to the company’s credit, that the e-book contains almost nothing about Ecora and its products. Stanton and Bradley have focused on the facts Windows admins need on patch management — they haven’t written anything that could be considered an ad for the sponsor.
Patch Management Best Practices has emerged chapter-by-chapter over the past several months as the coauthors built up their information-rich resource. If you visit the Ecora home page today, the company still links to a giveaway offer for Chapter 4, for some reason. I advise you to ignore that and get the full e-book as soon as possible.
Stanton and Bradley shatter the myth that only Windows needs regular patching. They give their readers a much broader understanding of the challenges that face every networked company:
- “The reality of what we protect today includes products beyond those developed and supported by Microsoft.
"Third-party software we monitor for updates includes products from Apple, Macromedia, Real Networks, Adobe, WinZip, and many others. It even includes tracking vulnerabilities in antivirus agents.
"Many firms also track Solaris, RedHat, SuSe, Oracle, Cisco, and even vulnerabilities in devices and printers from vendors such as Ricoh and HP."
- "In late December 2004, the ‘Sanity’ worm affected Web sites that included code from the phpBB Web forum.
- "The ‘Ramen’ worm shut down print servers.
- "In 2000, well-known vulnerabilities in the ToolTalk database server compromised Solaris systems.
- "The ‘Slapper’ worm attacked Apache Web servers."
Frankly, you could teach a college-level course on patch management with the information that’s packed into this e-book.
The work makes no recommendation on which patch-management solutions (of the many that are now available) you should use. That isn’t the point of this book, however. The lineup of PM products changes so rapidly that any such recommendation would almost instantly be out of date. (See our Security Baseline Section, below, for the latest reviews of update-management software.)
There’s much more in the e-book itself, which you really should read for yourself. To get it, Ecora requires that you complete a short, free registration process, but the company is currently accepting any made-up e-mail address and phone number you may provide. If you wish to hear from the company, of course, you should enter valid information.
The work is available at Ecora’s e-book download page.
To send us more information about patch management, or to send us a tip on any other subject, visit WindowsSecrets.com/contact. You’ll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print.
Brian Livingston is editor of the Windows Secrets Newsletter and the coauthor of Windows 2000 Secrets, Windows Me Secrets, and eight other books.