New Versions of Microsoft's Free Hotfix Management Utility On Tap
Microsoft Corp. is expected to make available for download Thursday an enhanced version 3.3 release of its popular HFNetChk hotfix management tool.
At the same time, the software giant disclosed plans to introduce a substantially revamped version 4.0 release of HFNetChk, which will include new support for Internet Acceleration Server (ISA), Exchange and Office, among other platforms, sometime later this year.
According to Eric Schultze, a senior technologist with Microsoft’s trustworthy computing initiative, the software giant has sought to enhance both the reach and the capabilities of HFNetChk since it was first introduced in August.
"We started with the key things that were most valuable, which were the operating system and the Web server," he says. "But we’d like to move into the things that were the next most requested. We’ve had a lot of requests for Exchange, a handful for ISA server, and a lot of requests for Office."
Although HFNetChk 3.3 boasts a number of new features, support for Exchange, ISA and Office aren’t among them. Rather, Schultze explains, HFNetChk 3.3 chiefly consolidates a number of bug fixes, introduces several usability enhancements, and provides support for the unreleased Windows .NET Server and for IIS 6.0.
New in HFNetChk 3.0 is a command line switch that lets an administrator specify a username and password for the purposes of authentication. "Currently, you have to already be authenticated to the remote machine, so if you’re scanning something in a different domain, it does the complete challenge/response so the passwords aren’t going in clear-text," Schultze says.
HFNetChk 3.3 also provides a new facility for saving the results of a scan directly to an output file. In addition, the newest version of HFNetChk lets administrators disable the "Server" service on their Windows NT 4.0 and Windows 2000 systems, a recommended practice in Microsoft’s IIS hardening guide. HFNetChk previously required that the "Server" service be enabled in order to run correctly, but – as Schultze points out – HFNetChk 3.3 will now function properly when executed locally on an IIS machine on which this service has been disabled.
Another new feature in HFNetChk 3.3 is the ability to specify the name of a master file that contains a list of all the machines slated to be scanned. Previous versions of HFNetChk required that an administrator manually specify the names of the machines to be scanned. "Instead of individually spelling out all of the machines you want to scan, you can specify up to 255," Schultze concludes.
For Windows NT 4.0 users, HFNetChk 3.3 now supports IP address scans. Previous versions of HFNetChk supported NetBIOS computer name-only scans on NT 4.0.
According to Schultze, HFNetChk 4.0 will be a "radically different" version of the tool, boasting –- in addition to broader application support –- multilingual support, beefed up security and an enhanced reporting facility.
One security enhancement will be to end the practice of checking only the digital signature of a file.
"For [HFNetChk] 4, we want to actually check details of all of the files for every language. That radically changes what we do, because the XML file becomes much larger. I also want to check the MD5 hash of the file and the SHA-1 hash of the file, because those are more cryptographically secure checks, so [HFNetChk] 4 ... will do more cryptographically secure file checks, and it will do them for every language," Schultze says.
HFNetChk 4.0’s reporting facility will also support Microsoft’s security bulletin rating system, as well, Schultze anticipates.
Also, Microsoft expects to unveil a public newsgroup to offer support for HFNetChk sometime within the next few weeks.
Microsoft's Knowledge Base page for the HFNetChk tool is located here, but still contained a link to version 3.2 of the tool on Thursday morning.
Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.