SMS 2003 R2 Catalog and Software Update Security Validation Dialog
How to decide if you should open potentially harmful files
Systems Management Server (SMS) 2003 R2 includes the Inventory Tool for Custom Updates and the Custom Updates Publishing Tool for use in creating and deploying custom updates using SMS. These tools enable you to accept both catalogs of information about updates and updates themselves from sources outside of your enterprise. Accepting software update catalogs and the software updates is an important decision for you to make as an administrator. You never know when you are going to encounter a file that could potentially harm your system. While the possibility of that happening is relatively low, getting to know some of the security features in SMS 2003 R2 can help keep your computer and your enterprise protected.
On This Page
.gif){kind=icon}
Should I Accept Catalogs or Software Updates from an Outside Source?
What SMS 2003 R2 Does
Should I Accept Catalogs or Software Updates from an Outside Source?
The Custom Updates Publishing Tool, part of the SMS 2003 R2 release, enables users to download and import software update catalogs from a variety of sources. These update catalogs will ultimately determine which updates to scan for and approve for deployment in your enterprise using SMS. In addition, the Distribute Software Updates Wizard in SMS 2003 enables users to download and import software updates defined by the catalogs. It is very important to make an informed decision before accepting either of these types of files.
.gif)
Figure 1: Catalog Validation dialog box.
Accept
By accepting the catalog or software update you confirm that it is from a trusted source. You can use the Name and Publisher information provided in the dialog box to determine that the file is digitally signed and who the signer is. If you choose Ask me every time and then click Accept, the next time the file is requested from that publisher, you will see the same dialog box. If you choose Always accept catalog from "<publisher's name>", then the publisher information is stored and you will not be prompted again to accept the catalog or software update from that publisher.
Don't Accept
If you cannot verify the source of the file, or if the file is not signed, you are highly encouraged to click Don't Accept. Do not import any catalog or software update unless you absolutely trust the source.
What SMS 2003 R2 Does
SMS 2003 R2 verifies that a catalog or update comes from a reliable source. Though SMS 2003 R2 security features cannot guarantee that you will never accept a harmful or malicious file, it does substantially reduce the risk by checking the digital certificate that the software publisher can attach to its catalogs and updates.
Before you import or download, SMS performs a check to ensure that:
The program has a valid certificate.
The identity of the software publisher matches the certificate.
If the software has a valid certificate, SMS 2003 R2 displays certificate information, like the name of the file, the name of the software publisher, and whether the publisher is an individual or a corporation. Based on these facts, you can make an informed decision about whether you want to accept.
If you see a message that tells you that a piece of software does not have a valid certificate, it is also up to you to decide if you trust the publisher enough to accept the catalog or update.
Review carefully the certificate validations, which catalogs are being accepted into SMS, and be sure you trust what you are accepting.