Shavlik and the mound of FUD

I would like to nominate Mary Landesman and Shavlik for the "Quality FUD" award, for their paper entitled Security Patch Management: Breaking New Ground. The subtitle is "A discussion of agent and agentless technology", although how this relates to the title is beyond me.

In this eight page paper with precisely five references (of which one, while using the word 'agent' is clearly referring to autonomous semantic-web based agents and not client/server architecture agents) she manages to make a plethora of unsubstantiated claims plainly meant to sell Shavlik's agentless technology. Her main ploy is to make it sound like installing agents to every machine is hard work, and so having to do that every time there is a patch emergency would be bad. Of course you only need to install them once, but lets not confuse 'facts' with the truth. She doesn't seem to realise that if her Shavlik software can deploy executable patch content it could probably deploy agents too, *sssh* don't tell.

This isn't a bash at Shavlik software or an endorsement of agent based solutions. She even quotes her CEO as saying he thinks the whole debate is a "red herring", I prefer the term "a load of crap". If you are logging into a box remotely with administrator rights, then you aren't doing much different from an agent, the code just happens to be transmitted every time instead of stored locally.

I wonder how many morons they fool with this faux-academic ninja-marketing technique?

Sunday, January 22. 2006
Posted by Dominic White in Masters
Comment (1) | Trackbacks (0)

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

#1 Ed Daniel wrote (Link) (Reply)
Posted on Thursday, March 2. 2006

One of the common things people get confused about when talking about 'agentless' technology is that 'agentless' technology IS dependent on 'agents'. The dependency is obvious when one looks at how agentless solutions interrogate and interact with their targets - often they are relying on locally installed agents such as SNMP or WMI or... One of the benefits of agentless technology is the zero-deployment of extra software - legacy help desk solutions got caught out with this problem as until a device had a proprietary agent deployed it meant they were unable to monitor/manage/remediate that device. In an ever-changing IT ecosystem the agentless approach can, if sufficiently powerful i.e. fast, provide a superior approach to agent-based solutions and requires less management overhead than deploying an agent-based solution across the enterprise. I guess the jury is still out but all sorts of people are starting to sing the praises of agentless technology without realising (or perhaps hiding) the point I made at the beginning - agentless does not mean without use of agents, just yet anyway.

Add Comment

Name
Email
Homepage
In reply to
Comment
	Remember Information? Subscribe to this entry