<note tip> Note: As of February 1, 2011, BigFix became part of IBM. BigFix has been rebranded as IBM Tivoli Endpoint Manager (built on BigFix technology). </note>

Internet-based attacks upon individual desktop and laptop computers are a world-wide problem. New vulnerabilities are continually discovered. This emphasizes the importance of keeping systems up-to-date by installing security patches as soon as they become available. Failure to keep all systems patched can place everyone on the network at risk.

The School uses a patch management system called BigFix Enterprise Suite (BES). It is administered by the School's computer support group. This patch management system allows us to install critical security patches on computers as soon as they're made available by the software supplier and tested here.

After installing the small Bigfix software package on your computer, it will communicate with the School's Bigfix server to determine its patch status. The server will automatically apply appropriate updates once they have been released. Release of patches occurs after testing and follows a rigorous, but rapid, procedure.

The Bigfix client software is required by the School's network security policy for Windows and Macintosh computers connected to the School network.

Certain basic inventory information about the computer - such as IP address, operating system, some hardware data, and the presence or absence of critical security updates - is collected.

Updates applied by Bigfix will be limited to the following actions

• critical OS updates from Microsoft or Apple
• updates to the following applications: Adobe Acrobat, Flash, Apple Quicktime, Sun (Oracle) Java, Firefox.
• reporting on presence or absence of antivirus software

If an update requires a system restart, a 24-hour warning will generally be given although we reserve the right to shorten that time in exceptional circumstances.

• Download and install instructions for the BigFix client software: Windows | Macintosh
• We also strongly encourage you to run either Windows Update or Mac OS Update shortly after installing Bigfix, to get your computer as updated as possible. This will reduce the number of updates Bigfix has to install, and may avoid some additional computer restarts.

Our goal is to keep computers securely patched with the minimum possible inconvenience to their owners. If you experience any unexpected behaviour or have any other questions regarding the patch management system, please send in a Help request.

• My computer runs some equipment in our lab and cannot be rebooted automatically. What should I do?
  • Contact us to discuss moving your machine to a private lan with access only to required services (and not the internet)
• What if our group runs a server which should not be rebooted automatically?
  • Some servers may be exempt if they are actively managed by a professional systems administrator. Contact us with details.
• I went to install Bigfix and found that my computer's OS is too old to meet requirements
  • If you are able to update your OS to a supported version, that is the simplest solution
  • Otherwise, contact us so we can discuss the options.
• Keeping a machine secure and compliant is a lot of work!
  • Consider taking advantage of our fully managed Windows AD or Linux cluster installs, rather than setting everything up yourself. Our systems are deployed centrally, store user data securely over the network to our server room, and include tons of already-installed software.