Dynamic Client Provisioning for Software Update Scanning
Original Publication Date: 2005-Dec-14
Included in the Prior Art Database: 2005-Dec-14
ABSTRACT To ensure that a computer system has the necessary versions for a successful security scan, a provisioning tool has been created to check for the current versions. This tool ensures the system meets all prerequisite conditions for successful scanning. Another benefit of the tool is an agent download will only happen if it is necessary. Downloading the Windows Update Agent only when necessary will prevent needless downloads, as well as save time and resources. Within the provisioning tool process, software versions of a client’s machine are verified sufficient based on the software downloaded. If the client’s machine requires software that it is lacking, the provisioning tool installs the needed software. The tool prevents machines that are not ready for a software scan to start the scanning process.
Software updates are required for many reasons, including virus protection and fixing software problems. Performing software update scans often helps to keep a computer working properly. Unnecessary downloads are not only potential security risks but are also time-consuming. For example, an administrator is notified when a security update is available. If the administrator decides to download the software update, but cannot scan the network fully to determine where the update must be applied, computers remain unprotected while manual actions are taken to resolve the scan errors. Such errors may include the computer(s) do not have the minimum requirements for the update, the scan could fail because the user does not have the required version. This is a problem because the scan could fail without the user realizing, leaving the user vulnerable. Furthermore, there is not currently version checking to ensure that the download is not redundant because the software already exists on the client’s machine.
The provisioning process is a component of the Microsoft Baseline Security Analyzer (MBSA 2.0) but it is not only applicable thereto. These operations describe a solution for building customized security analyzers MBSA 2.0 helps correct poorly configured administrator settings on computing systems, checks systems for at-risk security issues, and also checks a computer for well-known at-risk passwords. Previous versions of security analyzers used a user agent engine that was embedded within the software product contents. Since versions of the engine need to be updated, the engine needs to be able to grow. The provisioning feature allows the agent to be extensible because it determines whether the existing agent is current instead of automatically downloading a new agent with every software product download. A benefit of the provisioning tool is an agent download will only happen if it is necessary and is an extensible engine that is completely independent of the detection logic. To ensure that the computer system has the necessary versions for a successful security scan, a provisioning feature has been created to determine whether a client’s machine has the most current software versions. The required software update version is downloaded only if needed. It is important to ensure that scans are successful because, if a client does not realize there has been an error, the original problem the update solves will get worse as would-be hackers develop exploit programs over time.
The Dynamic Client Provisioning feature guarantees that a client machine meets all prerequisite conditions for a successful scan. Within the provisioning operations, software versions on a client’s machine are verified as sufficient based on the software downloaded. If the client’s machine requires supplemental ...