Strengths: Wide ranging support for heterogeneous infrastructures.
Weaknesses: Strict installation requirements; needs a powerhouse server in order to run really well.
Verdict: An excellent enterprise patch management system.
It has been a while since we last looked at PatchLink Update. In fact, since last reviewing it, the product has advanced from version 5.0 to 6.2 (the version we tested here). And a lot has happened in the meantime.
It has a hugely impressive range of support for different operating systems. Not only does it support Windows from 95 onwards, but it also supports AIX, HP-UX, Macintosh’s OSX, Red Hat Linux, Red Hat Enterprise Linux AS/ES/WS, and Solaris. And Novell Netware is thrown in for good measure.
The installation requirements are strict. In the end, we settled for installation on a clean system as it didn’t like sharing a machine with Microsoft Access. Nor, we were told, would it install on a primary or secondary domain controller. In fact, the vendor recommended that the server should be installed on a standalone workgroup server. With this in mind, security professionals should consider how this product would be integrated into their infrastructure.
The minimum hardware requirements are very good, needing only a 800MHz processor and a gig of RAM. But this is very much an enterprise product, so for thousands of machines, make sure this is installed with a fast processor with lots of memory and hard drive space.
Once installed, it took over 10 minutes to connect to the internet and update the patch database. The main console is via a web interface. It is clearly laid out and has a wealth of information about different patches.
The interface also includes a good asset management page for keeping tabs on the various machines on the network.
Updating the software has been made much more user-friendly, with information updated incrementally, rather than refreshing the whole database. We found this improved the time spent pushing critical patches out to endpoint devices and kept bandwidth overheads to a minimum.
This product is definitely worth considering for large installations. Most of the improvements have gone into ensuring that thousands of computers can be fully patched against all known threats.