Sun to offer patch management in Solaris 9

Difficulties in determining which security patches should be applied to a system and how to apply them are often cited for the kind of lax security that leads to unpatched vulnerabilities. Those problems may be eliminated for users of Sun Microsystems Inc.’s Solaris 9 operating system when it’s released next month thanks to a feature called Patch Manager.

Patch Manager is a new utility from Sun that will allow users to scan their Solaris 9 systems, both locally and remotely, for patchable vulnerabilities and to download and install those patches automatically, said Derek Maxwell, product line manager for Solaris Systems and Resource Management at Palo Alto, California-based Sun.

The software is designed to provide users with a better, easier way to determine what patches they need and how to apply them, Maxwell said.

Patch Manager is a desktop application written in Java that does its work by comparing the configuration of a Solaris system to a local copy of Sun’s knowledge base which contains, among other things, information about known security vulnerabilities, said Jody Little, senior product manager for Solaris marketing.

The local copy of the knowledge base can be updated as often as a user wants or is updated automatically when a scan is initiated, she said. Sun updates the copy of the knowledge base that resides on its servers daily, she added.

Once the list of needed patches is returned, users are able to download and apply them right away, either automatically or by hand, or schedule a time to do so, Maxwell said. The patches are digitally-signed to prevent unauthorized installations, Little added.

Microsoft Corp. offers a similar service, the Web-based Windows Update, that offers PC scans and patch recommendations. That service has come under fire from some users who have called it unreliable and said it leads to further security problems.

“The comparison is not direct between Windows Update and Patch Manager,” Maxwell said. “Sun’s patches are break-fix remediation packages targeted …. to fix a specific problem,” whereas Microsoft often includes new features in its service packs which can be the root of problems, he said.

Users who don’t upgrade to Solaris 9 won’t be left out of the fun, as Sun will be making a version of Patch Manager available that is compatible with versions 2.6 to 8.0 of the product when Solaris 9 is released, Little said. Those versions will be identical to the Solaris 9 version but will be able to scan only local systems, not remote ones as well, she said.