Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Windows Update vs. HFNetChkPro Limited Edition vs. Pedestals' webscan

Nov 17, 2003 3:28AM PST

In the old c|net forums, I mentioned the service of Pedestals' Security Expression Webscan when LarryD posted a question if there are other ways to find out for missing security patches. I'm glad that LarryD finally Wink spend some of his time in trying Pedestals' webscan and shared the useful service by posting it.

Today, I downloaded and installed a program called HFNetChkPro Limited Edition. It is a free patch management utility. Once installed, it will scan your system for missing patches and install missing patches (you'll hit download button) if any missing security patches were detected. It is free Grin

Pedestal SecurityExpression vs HFNetChkLT

Pedestal SecurityExpression is a web-scan (means a browser and internet connection is needed). It will scan your system for missing patches and will provide a detailed report for missing patches, installed patches or errors. It will not install the patches. However a link to missing security patch is provided.

HFNetChkPro Limited Edition as I mentioned earlier, is a patch management utility. Once installed, it will scan the system(s) for missing security patches. If a security patch is missing, users will see the patch details (a download link then HFNetChkPro will automatically install the patches for you. No need to visit MS site to download the file Happy. It allows you to scan an unlimited number of machines as well as to perform unlimited patch deployments to ten (10) machines and one (1) server. As per their site, the author of the popular Microsoft Network Security Hotfix Checker (HFNetChk.exe) of Microsoft is designed by the author of HFNetChkPro (Shavlik)

Difference of HFNetChkPro and Pedestal webscan from Windows Update - I have no idea Sad but as per HFNetChkLT help file:

1. Windows Update focuses only on Critical security updates and does not typically cover Low, Moderate, or Important security updates from Microsoft. (Aha! Got 'em LOL) HFNetChkPro solutions cover all security updates, regardless of criticality rating.

2. More products - HFNetChkPro solutions cover SQL Server (and MSDE), Exchange, ISA, NT4, and Office detection. Windows Update does not.

3. Non-security updates and drivers - Windows Update includes Microsoft non-security updates and drivers. Shavlik?s solutions cover security updates only.

4. Agents - Shavlik's HFNetChkPro solutions do not require that an agent be installed on target machines, but Windows Update does. Agentless patch management means simplified rollout and increased awareness of rogue machines on your network.

Please note that HFNetChkPro and Pedestals' SecurityExpression requires Windows 2000, XP and 2003.

Just sharing,
Donna Wink

Discussion is locked

- Collapse -
{nt}I move very slowly, but eventually I listen to ALL of your suggestions!
Nov 17, 2003 3:58AM PST

.

- Collapse -
Re:Windows Update vs. HFNetChkPro Limited Edition vs. Pedestals' webscan
Nov 17, 2003 5:11AM PST

In your travels have you per chance come across one of these scanners that function with w98?

- Collapse -
Re:Re:Windows Update vs. HFNetChkPro Limited Edition vs. Pedestals' webscan
Nov 17, 2003 12:51PM PST
In your travels have you per chance come across one of these scanners that function with w98?

Yes Happy (I mentioned this program in the old forums too. You missed it Wink ) but I have not try it with my Win98 so I can't confirm if it's a-ok for Win95, Win98, Win98SE or WinME. I did try it into my Windows 2000 system and I like it too. Few weeks ago, it updated the program to check for MSBlaster worm (Update is too fast - wasn't able to check whether it will check for MSBlaster worm vulnerability or will look if MSBlaster worm is in the system).

Go to GFI then download the freeware copy of GFI LANguard Network Security Scanner.

Note: If you will download the free version, you are downloading a 30 day trial version but don't worry because after 30 days, you can still use it (with limitation as per their site)

GFI LANguard Network Security Scanner (LNSS) will scans entire networks from a 'hacker's' perspective, and analyses machines for open ports, shares, security alerts/vulnerabilities, service pack level, installed hotfixes and other NETBIOS information such as hostname, logged on user name, users etc. It does OS detection, password strength testing and detects registry issues.

"Scan reports are customizable, outputted in HTML, and can be compared to previous scans, allowing you to easily see changes in your network. LNSS also features a script engine to automate security scanning, as well as a security hotfix installer. This allows you to keep your entire windows network up to date on Microsoft security hotfixes.

What is the difference between GFI LANguard Network Security Scanner (N.S.S.) and Microsoft Baseline Security Analyser (MBSA)?

1. Target computers - MBSA only scans Windows NT + computers
GFI LANguard N.S.S. scans Windows 9X (Windows 95, 98, SE, Me) & NT+ computers. GFI LANguard N.S.S. also scans Unix machines & network devices (such as routers, switches, network printers, ...)

2. Port scanning - MBSA does not do port scanning
GFI LANguard N.S.S. does TCP & UDP port scanning

3. Operating system identification - MBSA identifies only Windows NT, 2k, XP computers
GFI LANguard N.S.S. determines all Windows variants (9x, NT, 2k, XP), most Unixes and many network devices (switches, routers, printers, ...)

4. Information gathering - GFI LANguard N.S.S. gathers much more information compared to MBSA, such as : users, shares, services, running processes, security policies, snmp information, open ports, and more.

5. Deploy missing patches - MBSA only discovers missing patches
GFI LANguard N.S.S. discovers missing patches AND deploys missing patches on remote computers.

6. CGI scanning - MBSA does not do CGI scanning
GFI LANguard N.S.S. searches for known vulnerable CGIs on websites

7. SNMP scanning and auditing - MBSA does not do SNMP
GFI LANguard N.S.S. allows scanning/auditing of SNMP devices

8. Result comparison & Scheduled scanning - MBSA does not support result comparison, neither scheduled scanning
GFI LANguard N.S.S. allows comparison of scanning results with previous results for discovering new security problems. This can be done automatically using Scheduled scans feature.

9. Alerts database - MBSA does not allow new security alerts to be added
GFI LANguard N.S.S. allows easy addition of new security alerts. Also, GFI LANguard N.S.S. includes LANS (LANguard Scripting) for defining custom security scripts.

10. Update security alerts - MBSA does not allow security alerts to be updated.
With GFI LANguard N.S.S., the user is be up-to-date with the latest security problems.

11. Customize reports - MBSA does not allow for customisation of reports
GFI LANguard N.S.S. allows customization of generated reports, selecting only necessary/wanted information

Again, I cannot confirm if GFI LANguard will work with Win98. Give it a try Wink it's free Happy

Hope the above helps,

Donna
- Collapse -
Thanks for the info.
Nov 17, 2003 11:07PM PST

.

- Collapse -
(NT) You're welcome Bob :)
Nov 18, 2003 2:40AM PST

:

- Collapse -
Error message when trying to start program
Nov 18, 2003 7:22AM PST

I get this error message even though I downloaded the installation programe twice "Automation error The specified procedure could not be found" (the title bar reads stHFT Tools)

...and, yes, I had all green checkmarks so my computer didn't need to download anything

- Collapse -
Re:Error message when trying to start program
Nov 18, 2003 11:08AM PST

Their FAQ doesn't include that kind of error. You should contact their support team or send a message in their newsgroup (can be access using a browser - no need a newsreader program) - http://news.shavlik.com/

- Collapse -
There are 2 versions available
Nov 18, 2003 11:12AM PST

1. HFNetChkPro version 4.0.77.1 (15 meg)
release date: October 23, 2003

2. HFNetChkPro version 4.0.77.3 Release Candidate 1 (15 meg)
release date: November 18, 2003

Which one did you download? Not sure if it matters but what I downloaded is the version 4.0.77.2 Release Candidate 1 which isnow replaced by 4.0.77.3 RC1

Happy

- Collapse -
Re:Error message when trying to start program
Nov 18, 2003 7:00PM PST

Larry, I took the initiative to post your problem in their newsgroup. I provided the link of this thread in case they need it. Hope to hear from them and I hope you'll have patience Wink

Hugs,
Donna

- Collapse -
LarryD, An answer (Fast support from them ;) )
Nov 19, 2003 4:56AM PST

Here's the response from them (from their newsgroup):
Subject: Re: Error message when trying to start program
Date: Wed, 19 Nov 2003 11:20:01 -0600
From: "Eric Schultze [Shavlik]"
Newsgroups: shavlik.hfnetchklt

There's usually another bit of data with those error msgs - an error number that can be helpful to track this down.

Sometimes these errors are due to incorrect versions of MDAC on the machine. other times, closing the app and doing 'apprunonce.exe -u', then apprunonce.exe will correctly re-register everything.

If you can get the error.log file we can better determine what to do - the support team (support@shavlik.com) can answer this one pretty easily once they can see the error number.


http://news.shavlik.com/

Please send them the error.log Happy
U should see it in its own directory - C:\Program Files\Shavlik Technologies\HFNetChkPro4