Updating vulnerable software is an important, but tedious part of computer ownership. We all share in the responsibility to ensure that our campus is a secure, safe and productive environment for research, instruction and learning. Identifying and updating vulnerable software is a part of this security process; we feel most will appreciate the ability to automate the process of detecting and deploying critically-needed computer security updates.
Most computer users are aware of the importance of keeping their computers up-to-date to protect against software security vulnerabilities. Microsoft Update and Apple Update are common methods used to notify an individual that their computer needs one or more updates to fix software vulnerabilities. What you may not be aware of is this: many other software applications and utilities installed on your computer do not receive auto-updates from the Microsoft or Apple Update process. These applications such as Adobe Acrobat®, Adobe Flash®, Java®, and Apple QuickTime® are commonly found on your computer and frequently need updates because of security vulnerabilities.
The Marshall University Office of Information Technology understands that detecting and patching these software applications can be a tedious and time consuming process for a computer user. We also expect that you have many tasks – both important and enjoyable – which you would rather do besides deal with software updates. This usually means that patch updates are a task left for another time, or to be taken care of by someone else.
Marshall University has licensed a system to automate and expedite the process of software updates. This system is called the KACE K1000 Management Appliance (or KBOX for short) by Dell/KACE®. University-owned computers will have a small software client pre-installed as part of the default software image.
The KBOX Client software client will periodically remind the computer user when critical software updates are needed and ask for permission before downloading and installing those updates.
Restarting Your Computer
Some critical updates require that your computer be rebooted in order to complete their installation. In those cases, you will receive another KBOX Alert which will notify you that while the patch is installed, a reboot is needed to complete its installation. When you click ‘Yes’, the KBOX client will reboot your computer. You can click ‘No’ if rebooting would interrupt an important task and you will be reminded in 30 minutes. This is similar to ‘Snooze’.
Dell KACE FAQ
- Q: What is the KACE Agent or KBox?
A: KACE K1000 Management Appliance (or KBOX for short) by Dell/KACE® is a hardware and software inventory management tool employed campus-wide at Marshall University, primarily to automate and expedite the process of software updates. More information on this appliance can be found at: http://www.kace.com/products/systems-management-appliance/.
- Q: Why is KACE needed?
A: KACE provides numerous benefits such as automated and expedited process of software updates, license management, software management/distribution, inventory management, remote support, better enforced security.
- Q: Does my machine have the KACE client installed?
A: All university-owned computers will have KACE client pre-installed as part of the default software image. The KBOX client is NOT licensed for use on personally-owned computers.
- Q: What benefits will I see as a user?
A: Faster support, more efficient patch management, remote support, fewer OS support related issues.
- Q: What types of information does the KACE client collect?
A: The KACE Management system assists in the collection of the following types of information for University-owned computers:
- Computer Hardware Inventory
- Make, model, serial/service tag number
- Physical specifications such CPU, RAM memory, Hard disk size
- Network configuration such as Ethernet MAC address, IP address
- Computer Software Inventory
- Operating system version and patch level
- Install programs and versions as listed in ‘Add/Remove Programs’
- Software license compliance (i.e. metering for per-seat and concurrent-use license agreements)
- Computer Security Inventory
- Last logged on user
- Security patches applied/missing
- Change management information (i.e. dates/times when hardware/software changes were reported by the KACE client).
- Computer Hardware Inventory
- Q: Will I notice the KACE client on my machine?
A: No, the client does not use many resources and runs in the background. The KBOX Client software client will periodically notify you when critical operating system or application updates needed and ask for permission before downloading and installing those updates.
- Q: How will I know when something is being done on my system?
A: The KACE client is configured to not begin the patch download/update process without your approval. You will see KBOX Alert pop-up window informing you that critical updates needed.
If you are in the middle of an important task and do not wish to be interrupted, you may click the ‘Snooze’ or ‘Cancel’ buttons.
Snooze works similar to an alarm clock; it gives you just a little more time to finish a task, and then KBOX Alert will pop-up again in 30 minutes, to remind you that critical patches are needed.
Cancel will clear the KBOX Alert for the day. You will be reminded during the next scheduled run – generally the next day – that critical updates are needed.
- Q: What is the KBox client updating?
A: The KBOX Alert will notify you of two types of updates:
- Critical Operating System (Windows or Mac) Updates
- Critical Application Updates (i.e. Acrobat, Flash, Java, QuickTime, etc.).
- Q: Why do I see the KBox client pop-up again so quickly?
A: When your computer first becomes enrolled in the patch management process, there may be quite a number of updates which need to be applied. As a result, do not be surprised if you see the KBOX Alert pop-up several times on that first day. This is normal as some patches require a reboot and some patches need to be applied prior (as a prerequisite) to other patches.
Once your computer has installed all the necessary critical updates, then you should not receive any further alerts until the next time a new security update is released.
- Q: Can I still apply patches myself?
A: Yes. The KACE client does not prevent you from applying patches yourself. However, if you do not apply these updates prior to receiving a KACE Alert, KACE will download and install the update for you.
- Q: Will KACE updates automatically reboot my computer without my permission?
A: No. Some critical updates require that your computer be rebooted in order to complete their installation. In those cases, you will receive a second KBOX Alert which will notify you that while the patch is installed, a reboot is needed to complete its installation. When you click ‘YES’, the KBOX client will reboot your computer. You can click ‘No’ if rebooting would interrupt an important task and you will be reminded in 30 minutes. This is similar to ‘snooze’.
The KBOX Client will not reboot the computer until you click ‘Yes’.
- Q: Will KACE security patches upgrade my applications to new versions?
A: No. Security updates and application upgrades are separate processes. For example, KACE may apply a security update to your Microsoft Internet Explorer (IE) browser to take you from version 7.00 to 7.01 – or upgrade Adobe Acrobat Professional from version 220.127.116.11 to 18.104.22.168; but it will not automatically upgrade you from major versions – IE 7.01 to IE 9.0 or Acrobat 8.x to 10.x. NOTE: In cases where a major application upgrade is needed – e.g. to address major security issues or to support institutional application compatibility – a separate campus upgrade notification will be sent.
- Q: What if I have mission-critical applications which are sensitive to patch upgrades?
A: The KACE Management system provides a great deal of flexibility and does not force us to use a ‘one-size-fits-all’ approach. If you have mission-critical applications (for the institution, department, or yourself) which you believe will not respond well to an automatic update process, please contact the IT Service Desk and open a support request. The IT Service Desk will work with you either a) address the application sensitivity, or b) provide a ‘smart label’ which will include your computer in a patch exception group.
- Q: Who do I call if there is a problem or question regarding KACE?
A: If you have questions, concerns or comments, please contact the Marshall University IT Service Desk:
- 304) 696 -3200 Huntington calling area
- (304) 746-1969 Charleston calling area
- (877) 689-6838 Toll free, outside the Huntington/ Charleston.