Re: Patching iTunes and Firefox

[Joe Artz <joeartz () UMN EDU>]

For 3rd party application patching we use Microsoft System Center
Configuration Manager.  It works very well and has great compliance
reporting.  There's a big push at our University to verify patching and have
reports that managers can look at and roll up.  It's also as easy to
patch/update 10000 machines as it is one.  We also have a policy waiting in
the wings that will require most machines to be patched within 10 days of a
release of and update/patch, leveraging ConfigMgr we'll be able to meet with
reports to prove it.



I agree that Appdeploy is a great site for guidance in installing apps.  We
also have some units that use Secunia for scanning, but ConfigMgr can also
look for any piece of software you tell it to, report on it and update it
(or remove).



Thanks!



Joe



From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin Kelly
Sent: Tuesday, February 09, 2010 11:22 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Patching iTunes and Firefox



Hi Lori,

I agree with you that patching 3rd party applications is a challenging and
time consuming part of our jobs.  That being said, it's not impossible if
you have the right set of tools.

To patch the two applications that you asked about, I use the psexec tool
that is part of PSTOOLS.  It's a free download from Microsoft.  The basic
syntax is as follows:

iTunes:

psexec \\hostname_to_update -s msiexec /qn /norestart /i
"\\servername\sharename\iTunes\iTunes.msi"

Assuming all goes well, you will receive an error code of 0

Firefox

psexec \\hostname_to_update -s "\\servername\sharename\Firefox\Firefox Setup
3.5.7.exe" -ms

Again, assuming all goes well, you will receive an error code of 0.

Two good resources to look at for silent installers are:

AppDeploy - http://www.appdeploy.com/
WPKG - http://wpkg.org/Category:Silent_Installers

We use Secunia here to help us identify insecure applications on our client
workstations.  It has proven to be an extremely valuable tool for us and I
would highly recommend it to anyone that is responsible for maintain
software applications on a Windows-based OS.  They are now beta testing a
patching tool that is supposed to interface a WSUS server.  Looks
interesting.

Feel free to contact me offline if you have any additional questions about
the applications that I routinely patch and how I do it.

Good luck!

Kevin Kelly
Institute for Advanced Study
Princeton, NJ
USA



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv on behalf of
Christianson, Lorrayne K.
Sent: Tue 2/9/2010 10:59 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Patching iTunes and Firefox

We are reviewing the products we place on our "standard image" and, as in
years past, are faced with more and more products which our clients want,
but are hard to patch and keep secure. So we are looking for feedback on how
others are dealing with patching products such as iTunes and Firefox.


Lori Christianson
Associate Director-Client Services
Information Resources & Technologies
University of St. Thomas
2115 Summit Ave
Mail 5051
St. Paul, MN 55105
(651) 962-6286
lori_c () stthomas edu<mailto:lori_c () stthomas edu>

[cid:image001.png@01CAA9C6.B2721480]

Don't take the bait!  IRT will never ask you for your username and password
via email. Phishing e-mails attempt to deceive the recipient into giving up
private information in a response to a message or by leading the recipient
to a fraudulent Web site.  Learn more about phishing
here<blocked::http://www.stthomas.edu/irt/support/email/phishing.html>.