Marty, this would be great news, IF I wasn't the victim.. I did read the article when I got my NW Fusion this month.. This needs to go to the folks who are infected... Is this the correct place for an Advertisement? Jim -----Original Message----- From: Marty Armstrong [mailto:MartyA@patchlink.com] Sent: Tuesday, March 18, 2003 12:57 PM To: McBurnett, Jim Cc: nanog@merit.edu Subject: RE: Code red- Returning? Network World evaluated several Patch Management tools on March 3rd. PatchLink Update won the Blue Ribbon Award. Also, none of our customers were hit by Slammer. PatchLink Update's flexibility helped it best three other products tested. Please see the attached link to read about our Blue Ribbon Award from Network World Fusion for Patch Management . http://www.nwfusion.com/reviews/2003/0303patchrev.html Review: Windows patch management tools PatchLink Update's flexibility helped it best three other products tested. By Mandy Andress, Network World Global Test Alliance Network World, 03/03/03 With Microsoft releasing more than 230 security bulletins since the beginning of 2000 - most of those requiring some sort of corrective action to fix a hole in one of its Windows-based products - the numbers speak for themselves: Windows patch management in an enterprise environment is a nightmare. We tested four stand-alone Windows patch management products - BigFix's Enterprise Suite, Gravity Storm Software's Service Pack Manager 2000, PatchLink's Update and Shavlik Technologies' HfNetChk Pro to find out if they improve patch deployment. (See "Not in the game" for declining vendors.) Patch management tools should identify accurately which patches are missing on each system, provide an easy means to deploy patches and provide administrative reports tracking patch status across multiple machines. The products we tested (see How we did it) attack the problem in two ways - with or without agent software. Agent-based products - such as those from PatchLink and BigFix - can greatly reduce network traffic by offloading processing and analysis to the target system, saving data until it needs to report to the central server. But they also force an administrator to manage software on all systems the product analyzes. With agentless products - such as those from Shavlik and Gravity Storm - you don't have any distributed management issues, but whenever a scan is requested all tests and communications travel over the network. If scanning a domain with a large number of systems, the increase in network traffic can be quite significant. PatchLink's Update 4.0 earned the Network World Blue Ribbon award for its ease of use, flexibility, automation and letting you easily create deployment packages. PatchLink has two components - PatchLink Update Server and the agent. The Update Server is installed on a Windows 2000 Server with SP2 and Internet Information Server (IIS). The installation process sets up a Microsoft Data Engine (MSDE) database, which can be upgraded to a full SQL Server after installation. This upgrade is recommended for large organizations. You easily can push the agents to targeted machines using the Agent Install Wizard, or agents can be installed during the logon process. For management purposes, administrators connect to the PatchLink server through a Web interface, which lets you view reports, deploy packages, create packages and view system inventory. PatchLink, the company, monitors Microsoft and other vendors, such as Citrix Systems and Adobe, for newly released patches. PatchLink engineers test the patches, put them into PatchLink's proprietary package format and deploy them to customers' local PatchLink servers through a periodic subscription-checking process, which occurs over Secure Sockets Layer at a time the administrator configures. Administrators receive e-mail informing them of a new patch on the PatchLink server. If it is a critical patch, it also is downloaded to the Update Server on the customer's network. Noncritical patches will be downloaded at the administrator's request. PatchLink automatically caches critical patches on the Update Server, a marked difference from BigFix and the agentless products. Caching patches is useful and the recent Sapphire/Slammer SQL Server worm proves the point. If a worm or other malicious act is taking place that slows down the Internet, how will administrators download patches to their critical servers? With cached patches, you already have the files at your location. Best Regards, Marty Armstrong martya@patchlink.com PatchLink Corporation 3370 N. Hayden Road Suite 123-175 Scottsdale, AZ 85251 (P) 480-970-1025 Ext. 136 (F) 480-970-6323 <<http://www.patchlink.com/>> PatchLink Update Awarded Blue Ribbion from Network World Fusion For the article go to: http://www.nwfusion.com/reviews/2003/0303patchrev.html PatchLink Update Receives Network Computing Editor's Choice Award for Patch Management For the article go to: <<http://www.patchlink.com/media_room/nwc92002.pdf>> -----Original Message----- From: McBurnett, Jim [mailto:jmcburnett@msmgmt.com] Sent: Tuesday, March 18, 2003 10:50 AM To: nanog@merit.edu Subject: Code red- Returning? Has anyone out there noticed an increase in a Code-Red patterned virus? I know about the Microsoft bug that came out yesterday/last night. But I am seeing the same symptoms as Code Red, 800+ hits in the last 12 hours, from the same Class A network I am on. The amount is increasing per hour.. It started with 50 the first hour and now it just about 150 an hour... Thoughts? thanks, Jim