What is patch management for 3rd party software?
What are patches?
Patches can be seen as some type of hotfix. Everyday exploits, bugs, and security risks are found within programs, and these are what the patches would fix. A bug in the software could be a failure or fault that could cause it to behave in unintended ways. If you think of an application as a wall, if you have holes in the wall, anyone that is willing may reach through and/or look through to see or grab whatever they want in your system. Whether it’s your personal information (i.e. your social security number, your name or even your email), or go after your financial records, patches help close up the holes so that no one can reach in and touch this stuff but you.
Patches come in different types. Below are a few different variations of patches:
- Can be seen as a quick fix. These are usually made to address a specific situation within the program or operating system that can’t wait until a full patch can be released.
- Point Release
- Minor software project to fix bugs or small problems rather than add big features.
- Program Temporary Fix
- Also known as PTF, released to fix a single bug.
- Security Patches
- Collection of updates or fixes that will enhance the program given in a single installation package
- Hot Patching
- Also known as dynamic software updating or live patching. Though most programs require you to shutdown or restart the system, this patch corrects the system on the go.
Why do I care about patches?
Patches not only improve system security, but it improves the usability or performance of the software. As operating systems release updates and improvements so will the need to update these programs. Though Windows does have a compatibility mode to help run those old programs, not everything will work as expected. The same can be said about patches, though they are made to improve performance and security. With so many various programs out there having so many different patches that need to be updated, it is a complete undertaking just to make sure a system is fully patched. For a single user, it can range anywhere from two to three third-party programs to up to one hundred or more.
As you can see, this can require a lot of time even for a single user. From a business standpoint, you can have a medium-size corporation with about fifty computers. Each computer could have a third party browser, for example, Firefox or Google Chrome. Then you will have your business’ programs, say its a financial business, the main one could be Quickbooks. As you can see, as the list grows in just the number of programs, it grows for each computer it is placed on. These patches will need to be implemented for each computer throughout the network. Otherwise, you may have computers vulnerable to intrusion as well as potential performance issues.
How can I manage patches?
Third-party patch management is a complete undertaking in of by itself. Normally, with Windows Updates, you can set it up to download these patches and update them, but some programs will require you to run the program, or even browse to the program’s website to get these patches. There are many things that a network administrator would need to do prior to implementing a new patch to the system. No one can really say what patch is good for what system, because like human beings, every system is different. What we need to remember is that before we implement any patches into a system, they will need to be tested. While one patch can be good for one system, it may take a whole separate system down.
Here are a couple of things to consider before implementing a patch to the computers on your network:
- Test the patch in a safe environment before implementation to your network.
- Verify that you will be able to restart these devices, whether it is a server or a desktop. Some software patches require that the target device reboot in order to complete the installation.
- Some programs may be required to be closed before the software patch can be installed. A small list of these programs are:
- Google Chrome
For network administrators on any size network, a good deployment tool for windows updates is to have a Windows Server Update Service (WSUS). This is a computer program built by Microsoft that helps administrators manage updates and hotfixes released for Microsoft products to computers. With this service, it will allow the network administrator to approve or deny which patches will be utilized in the network or using a third-party IT service to monitor updates and patches for their organizations. Windows updates are not foolproof, people may cancel these updates or turn the service off as to not be an inconvenience to them while they use their computer. As explained earlier, these patches and/or updates will help improve the security and performance of applications and operating systems for the user.
What to do if I need help or have more questions
With all the different types of patches and different types of software out there, it can get a bit confusing. Call SandStorm IT at 901-475-0275 if you need any help implementing these patches in a safe way.