PATCHING

The majority of security exploits today are executed via old, unpatched software. This is the soft underbelly of the modern computing environment ever since Windows PCs began significantly hardening and locking down the core operating system against malware, viruses, and other security exploits. (Is your Windows up to date though?) Updating software blocks up to 85% of web attack angles. Really! Enterprise customers have long had the ability to patch their outdated software via dedicated services, servers, and IT teams giving their size and scale a distinct advantage until now. With the wide adoption and distribution of Open Source & Cloud Computing platforms, free and low cost alternatives that can be employed by small businesses and individuals with little or no technical knowledge have evened the scales and allowed small firms and home users to scale advanced solutions to protect their environments. Among them are Patch My PC, PDQ Deploy, Ninite, Heimdal, and ManageEngine Desktop Central.

In order to keep the small business office environment secure, Tech MacGyver employs a few solutions that works out well in distributed, work-anywhere organizations that are typical of entrepreneurs and many businesses in Sarasota, Manatee, and Charlotte counties. Software is kept up to date by automating a program that is perfectly suited toward the SOHO office environment called Patch My PC. It runs on individual machines but also provides enterprises of all sizes administered solutions for third-party patch management via an enterprise SCUP Catalog. That means third-party application updates and hotfixes can be deployed to endpoints using Microsoft System Center Configuration Manager without additional agents or unwieldy additional server deployments.

In a SOHO environment run once a day, Patch My PC will update 95% of the software small businesses typically employ. Couple that with what’s automatically patched by Microsoft and you’ve gone a long way toward securing your environment and reducing your attack surface.

Ninite is another great solution for the small office. It isn’t actually installed, it just runs as an “.exe” file. Choose to run it on one machine in remote mode and manage updates from there or set it up to run on each endpoint as a scheduled task or as part of a startup script. Tech MacGyver has run this solution on a multi-million dollar media company, so the product scales well and is reliable.

Heimdal has a free product that patches over 20 common software apps which are also top targets that cyber criminals seek to exploit. Heimdal scans your computer every 2 hours to see if any updates are available to this high vulnerability set of software and downloads updates in an unobtrusive fashion. After initial configuration, it’s designed to work even on limited user accounts, so no need to let those untrusted users have admin rights!

PDQ Deploy is a deployment program to install new software and/or patches on endpoints of an organization. It supports MSI and EXE files, silently installing them on the device targets. They provide a range of applications ready to be deployed with the ability to define targets from Active Directory groups. The initial setup is time consuming and the free version has limitations. Sound complex? Again, hire a pro or use something simple like Patch My PC or Ninite. Otherwise, be prepared to test, test, and test again as you set up this system without official support when using the free product.

ManageEngine Desktop Central is available as a free patching solution for small businesses with up to 25 computers and 25 mobile devices. If you want to keep an eye on your mobile devices, this is an excellent solution. That “phone” in your hands is really a mini-computer with more processing power than NASA had at its disposal for the moon landing! So not just patching, but ManageEngine Desktop Central allows you to manage mobile devices such as iOS, Android and Windows smartphones and tablets to deploy profiles and policies, configure devices for WiFi, VPNs, email accounts, apply restrictions using the camera and, browser, and enforce security with passwords, remote lock/wipe, and more.

ANTIVIRUS

ClamWin Free Antivirus – From their site: “ClamWin Free Antivirus is used by more than 600,000 users worldwide on a daily basis. It comes with an easy installer and open source code. You may download and use it absolutely free of charge. It features:

“High detection rates for viruses and spyware; Scanning Scheduler;
Automatic downloads of regularly updated Virus Database. Standalone virus scanner and right-click menu integration to Microsoft Windows Explorer; Addin to Microsoft Outlook to remove virus-infected attachments automatically.

“The latest version of Clamwin Free Antivirus is 0.99.4. Please note that ClamWin Free Antivirus does not include an on-access real-time scanner. You need to manually scan a file in order to detect a virus or spyware.
ClamWin Free Antivirus is based on ClamAV engine.”

BitDefender Antivirus Free Edition – While no specifically targeting businesses, we haven’t run into a prohibition either. For Mac, Windows, and Android. From their site:

“Powerful antivirus protection for Windows, the light way. Award-winning protection against existing or new e-threats. Quick to install and light on computer resources. The only free antivirus that you’ll ever need.”

Windows Defender – It’s built in and it’s free! The latest versions of Windows include Defender Antivirus which helps guard your PC against malware/ransomware/viruses and other noxious software. Free real-time protection for your home or small business Windows PCs.

Give one or more a try and discover how easy it is to keep your computing environment safe. Paid alternatives offer great utility when scaling a business since they include robust reporting and notification tools allowing business owners to monitor operations independent of location.

Overwhelmed? Work with your IT Department, improve your skills, or contract with outside help, but whatever you do, lock it down and protect your assets, businesses, and homes.

Have you read our blog about Ransomware? Check it out at the link.

Note, Comodo ONE Patch Management, previously reviewed by us was free but as of 2020, “The initial list price will be $1.25 per endpoint per month” https://community.spiceworks.com/topic/2227650-comodo-itarian-is-not-free-forever. It has some nice bells and whistles but no longer belongs in our free review.