“The features offered in R2 are welcome enhancements, but one of the biggest features touted is the patch management–if SBS did not have all of the security issues associated with it, the patch management would not be such a big deal. The Linux distros include patch management and update services also, but are those are less important than they are in SBS. Linux tends to be more secure (mostly because the virus and malware authors don’t see it as a target) and stable. “
SBS did not have all the security issues associated with it? Dude do you know where most of the security issues COME from? The desktops .. and THAT’s where we’re not patching. That Linux disto includes patch management …but only for Linux… so that Nitix includes a patch management solution that patches the Windows desktops? Really? YAST or whatever distro is under Nitix will patch Windows machines… this I got to see.
No sir, it is not the security issues of the server that the Patch management is mostly controlling …it’s the workstations, Frank. It’s step one in getting control over those workstations, taking back admin rights, and sir, if you don’t understand that the security of any network is the sum total of all of it’s parts and not just the server, then you may need to get a bit of security education like all of those small businesses will need before they learn the lesson the hard way.
Security isn’t just about my Server, Mr. Ohlhorst, and if we just think that my security is only about my server we’re doomed to forever be in break/fix mode.
Right now it’s my desktops that are introducing the most risk. And that Nitix’s patch management isn’t helping that one bit.
Granted there are some small businesses getting cost conscious…but the real cost of a network is not the server OS… in reality it’s the labor of maintenance.. and if that var/vap has no tools like active directory and group policy to better control those workstations, the long term costs will bite you in the long term.
As a business owner I moved from Novell to Microsoft for my server OS when I saw that the var/vaps supporting Novell were far and few between. To me, it’s about support and ‘critical mass’. Nitix isn’t there yet.
But as far as Patch Managment is concerned.. it’s soooooo NOT about the server these days it’s not funny…. and Linux as a business OS for the desktop really isn’t there for my needs.
P.S. Show me a screwed up SBS box that’s been nailed by malware and I’ll show you a server that got nailed by stupid users doing stupid things or bad configurations. At the present time to the best of my Friday brain, I cannot think of a single vulnerability that if the SBS box is properly set up, with only the minimal ports open, with proper passwords, that it wouldn’t still be chugging even without patching. (yeah I know …strike me dead for making that anti-patching statement ‘eh?)
Granted if it was RTM software it would be spewing out tons of emails each time it was part of a bcc thread, but it would not be owned. The threats on my network come from my users. I patch because it’s the right thing to do and it ensures that I am abiding by California law AB1950 and taking measures to ensure my clients’ data is protected. But to not recognize that patch managment is about the entire fabric of the network is not recognizing how we are all a part of security. And we need to educate our small business owners on that point, that you can’t just slap in technology and assume that it will be the magic pill… that security is about each part of the network (INCLUDING THE USERS) doing their part …otherwise we are doomed to constantly be chasing the tail of security.
My best tools for ensuring the protection of my network are my end users who ask me, who are educated, and who stop and think. My second best tools are doing what I can as a network admin to tuck those workstations behind my server and protect them as best as I can. Patch management is just one part of that protection… one that as far as I can tell, Nitix can’t do for my workstations.