Keeping software up to date might not be an administrator’s top priority but it remains an important task that should definitely not be overlooked. It is also a tedious and time-consuming task and we’re all convinced that we have better things to do. Regardless of whether this is true or not, that can leave many of us searching for ways to automate the process.
This is precisely what this post will be about as we explore the ins and outs of updating software but, more importantly, review some of the best tools you can use to assist with this important but too often neglected task.
As we often do, we’ll start off with some general considerations and discuss the necessity of updating software, exploring why it is more important than you might think. We’ll then pause briefly as we discuss the differences—if any—between patching and updating software. Next, we’ll cover the benefits of using software update tools before we have a look at the main features commonly found in them. That will lead us to the core of the matter: our reviews of five of the best tools that you can use to keep software up to date.
The Necessity Of Updating Software
There are several reasons one would want to update software. Some will argue that having all the latest features of the software you use is the most important reason. But while taking advantage of the latest and greatest features may look tempting, there is also a degree of risk associated with it. What if the update breaks something that used to work? Or what if the new version drops a feature that you need? What if the software is so different that users need to be re-trained?
The other major reason for updating software is security-related. Ill intentioned individuals and groups are constantly looking for vulnerabilities in software that they can use to gain access to your systems and data. Software updates and patches typically address and correct those vulnerabilities, thereby making your environment more secure and reducing the risk of attacks.
INTERESTING READ: Best IP Scanners for MAC
Updating and Patching – Any Difference?
It seems like software updating and software patching are two terms that are often confused and used interchangeably. There are, however, a few differences between updating and patching software, at least from our point of view. Updating software typically refers to adding new features or new functionality to software. An update will typically increment the version number of the software. For instance, you’ll go from version 6.1.5 to version 6.7.1.
As for patching software, this is a process that often happens between updates and its primary purpose is fixing bugs or correcting some discovered security vulnerability. As a general rule, patched software keeps the same version number although this is not necessarily the case.
From a software update tool, the two terms can be used interchangeably as most tools can be used to handle either updating or patching software. Some of the tools we’re about to review are advertised as patch management tools while others all themselves deployment or update tools.
The Benefits Of Using Software Update Tools
Updating software is a tedious task. In fact, it’s not the actual update process which poses problem but rather the whole update management process. You need to research what updates and patches are available, evaluate whether you need them, plan their deployment, etc. It can quickly become a daunting endeavour, even more so when you have a number of computers to update.
Gone are the days when updates and patches were scarce. Back then, you could easily omit software updates and wait for the next major version. But with the modern threat scene, this is no longer the case and there are compelling reasons to install each and every update and patch that’s available.
Patch management or software deployment tools can help with keeping all your software up to date. These tools automate multiple tasks within the patch management cycle, making the whole process a much simpler deal. The best ones will even check the web for updates and schedule their deployment with little or no intervention on your part.
ALSO READ: 8 Best Network Discovery Tools and Software
Main Components Software Update Tools
Software update tools vary greatly in their feature sets. While they all share some common functionality and they all have the same general goal: helping you keep your software up to date, some are fully automated and will handle every aspect of software updates and patch management while other are merely deployment tools, leaving you with the task of locating, downloading and testing updates and patches before their deployment. Some of the most common features of software update tools include the following.
A detailed inventory of all installed software and their current updates and patches is performed automatically on all computers. This can help ensure that all software is kept up to date and with all the required patches.
Checking For Available Updates
Software update tools will scan each publisher’s website for available updated versions and patches of all your installed software. This operation is typically based on the results of the software inventory process so that only updates and patches for existing software are considered.
Download Updates And Patches
Once the available updates and patches are identified—either automatically or through a manual process—they can be automatically downloaded from each publisher’s website. This ensures that Internet usage is kept minimal and that files are only downloaded once, even when dealing with hundreds or thousands of computers.
Whether updates and patches were acquired manually or automatically, this process will schedule their deployment according to the organization’s policies. For instance, end-user machines are likely best updated when they are not in use, especially if the update requires a reboot. And on large networks with hundreds—if not thousands—of machines, it might be advisable to deploy updates and patches in smaller batches. The scheduling options of software update tools are usually quite flexible.
Updating software poses a certain risk. This is particularly true with critical software such as operating systems or other major services like email or databases. Applying updates or patches is always accompanied by a risk that something that used to work will stop working. For that reason, it is often advisable to go through a staging phase before any large-scale deployment. A group of carefully selected machines can be updated and then thoroughly tested before the general deployment is scheduled.
But despite all the testing and all the staging that is put in place, there will be situations when you might have no choice but to roll back installed updates or patches. The best tools, of course, will have that functionality built right into them.
Using Software Publishers’ Built-in Tools
Some of the larger software publishers—one can think of companies such as Microsoft or Adobe, for instance—do include some form of patch management or self-updating feature built right into their software or they offer a proprietary patch management tool. While using them could be tempting, it is far from perfect. For starters, if you manage software from multiple vendors, you could end up having to deal with several patch management systems, each with its learning curve.
The Best Software Update Tools
We’ve searched the market for the best software update tools we could find and we’re glad to introduce our findings. Some of these tools will integrate with tools from the big software publishers such as WSUS and SCCM from Microsoft. Others, on the other hand, are totally stand-alone. Some tools are better suited for smaller environments and some will scale up to installations of almost any size. Let’s have a look at the best features of each tool.
Most network administrators are familiar with SolarWinds and its many excellent products. After all, the company has been making some of the best network and system management tools for about 20 years. Its flagship product, the SolarWinds Network Performance Monitor is recognized as one of the best SNMP network monitoring tools. And the company is also famous for its free tools, each addressing a specific need of network administrators. Some of these tools include a free TFTP server or a free subnet calculator.
But when it comes to patch management, the SolarWinds Patch Manager is what you need. This is another excellent product with an impressive feature list. Featuring an intuitive web interface, the tool will let you view the latest available patches, the top 10 missing patches in your environment, and the general health overview of your environment based on which required patches have been deployed.
The SolarWinds Patch Manager’s reporting engine is another strength of the product. It offers easy-to-use and powerful reporting which can provide information on the status of patches. Reports can also be used to demonstrate to auditors that systems are patched and compliant and help find those that are not.
- FREE TRIAL: SolarWinds Patch Manager
- Official Download Link: https://www.solarwinds.com/patch-manager/registration
The SolarWinds Patch Manager features centralized patching of Microsoft servers and third-party applications. As such, you can use it to deploy and manage both 3rd-party applications and Microsoft patches. This tool can simplify your patch management process. It will handle patch research, scheduling, deployment, and reporting. Using it can save you a lot of time. In fact, the more servers and computers you have, the more time you’ll save. All that while assured that all needed patches are applied. Who could ask for more?
And it gets even better. The SolarWinds Patch Manager works with your Microsoft SCCM and WSUS installations, adding to the of these tools. Furthermore, its Custom Package Wizard will let you easily build custom packages for any application. All that without having to resort to the use of SCUP or any complicated scripting. These custom packages can be used to deploy any MSI, MSP or EXE via Microsoft WSUS or SCCM. And these are only some of the tool’s best features. It has much more to offer.
Prices for the SolarWinds Patch Manager start at $3 690 and varies according to the number of nodes you need to manage, from 250 to 60 000. If you prefer to try the tool before committing to its purchase, a free 30-day fully-functional evaluation version is available for download.
For more info, read our full review on the Patch Manager from SolarWinds.
2. PDQ Deploy
Next on our list is a systems management solution for the Small and Medium Business (SMB) market called PDQ Deploy. You might have guessed it from its name, this is a software deployment system, not just an updating or patching tool. Of course, you can use it to manage and deploy updates and patches but it will do much more. With this tool, system administrators can silently install almost any application, update or patch to multiple Windows computers simultaneously.
PDQ Deploy comes with over 200 ready to deploy, pre-built packages for some of the most common applications. You can also create custom, multi-step deployments that can include running local commands or scripts using PowerShell, VB or batch language. The tool can also interact with Active Directory, Spiceworks, and PDQ Inventory, the publisher’s own hardware and software inventory solution. As for update and patch management, the system will automatically download, schedule, and deploy updates and patches.
PDQ Deploy is available in two versions: a Free version and an Enterprise version. The two products mostly differ in their respective feature sets with many of the more advanced features only available with the Enterprise version. Patch and update management is one of those advanced features that require the Enterprise version. This software differs from its competitors in that it’s not priced based on the number of managed nodes but instead on the number of administrators using it. And at $500 per admin, it is more than reasonably priced. And like its competitors, a free trial version is available if you want to give the product a try.
3. ManageEngine Patch Manager Plus
ManageEngine is another familiar name in the field of network management. The company’s software update tool is simply called the ManageEngine Patch Manager Plus. Why Plus? Simply because the tool offers more than just patch management. The tool is simple to set up and use, and it will keep Linux, Mac, and Windows systems updated. Furthermore, this tool can handle updates and patches for over 250 third-party applications, including most of the popular ones.
The ManageEngine Patch Manager Plus can help you ensure patch compliance, thereby helping you with regulatory issues. Real-time audits and reports are also available. Testing is one of the product’s strong suits and updates and patches can be tested and approved—or declined—depending on severity and priority. Test groups of computers can easily be set up, letting administrators measure the impacts of any patch before its wide-scale deployment.
The ManageEngine Patch Manager Plus is available in several editions. There’s the Free Edition which is limited to 25 devices. Next, you have the Professional Edition starting at $245 and the Enterprise Edition starting at $345. Compared to the Enterprise Edition, the Professional Edition lacks a few features such as the ability to update virus definitions on target machines, the automated testing and approval of patches, and the possibility to use distribution servers.
4. GFI Languard
It’s no accident that GFI Languard’s name doesn’t seem to reveal that this is a software update tool; it’s not. GFI Software, the tool’s publisher, claims that it is “The ultimate IT security solution for business”. This tool is clearly way more than just a software update tool. It will scan networks for vulnerabilities, automate patching, and help achieve compliance. You can think of it as a cross between software updates, patch management, and vulnerability scanning.
One thing that sets this software apart from the others is that it doesn’t only support desktop and server operating systems. It works just as well with Android or iOS. GFI Languard routinely performs some sixty thousand vulnerability tests and ensures your devices are all kept up-to-date with the latest patches and updates.
The intuitive reporting dashboard of GFI Languard is definitely worth mentioning. And so is its virus definition update management which works with all major antivirus vendors. As for the tool’s patch management abilities, it will not only patch operating systems but also web browsers and many third-party applications.
As for the vulnerability assessment features of GFI Languard, these too go well beyond the desktops and servers. They’re available for a wide range of networked devices such as switches, routers, access points, and printers. This tool will also let you view some security issues within your networks such as rogue USB Drives, phones, and tablets.
GFI Languard has a rather complex pricing structure. It is a subscription-based service and its subscription must be renewed annually. Prices are calculated per node and the cost per node lowers as one adds more nodes. To make things even more complex, you have one price for the original subscription, one for each node that you add during the subscription term, one for the subscription renewal and one for upgrades. For users who prefer to try tools before buying them, a free trial version is available.
5. Kaseya VSA
Although our last entry is not a software update tool per se, we felt it deserved a spot on this list. At its core, Kaseya VSA is a remote support platform but it excels at automating various tasks, such as updating software. The tool features a remote control module that allows you to implement bulk updates as well as to remotely connect to and administer any end device. The tool also provides automated network monitoring with built-in alerts, patch management, and service auditing, making it a very complete remote monitoring and management solution.
Feature-wise, Kaseya VSA has everything you’d expect. It has remote control, patch and vulnerability monitoring, audit and inventory, network monitoring, virus protection, unified backups and compliance management. The tool also features AssetIQ, a contextual documentation management system made to ease the task of managed service providers. It can, for example, be structured as a script for Help Desk agents to work through an incident and eventually direct problems to back-office staff.
And when it comes to updating software, the tool will let you set up policies to automate your patching processes. These can include software deployment, patch management, and issue troubleshooting. Kaseya VSA also includes real-time visibility that shows you the patch status of all the software you’re monitoring and to keep an eye on which network devices are on or off. This product can be rather useful should you choose to manage patches as part of a larger remote monitoring effort and ensure that all your network devices are performing correctly, that they are being used appropriately, and that their software is kept up-to-date.
Pricing for the product is not readily available but it can be easily obtained by contacting Kaseya. Furthermore, both a demo and a 14-day free trial version are available so you can see for yourself what how the product fits your specific needs.