Embodiments of the present invention relate generally to the distribution of software and more particularly to distributing software packages to one or more clients from one or more servers based on information about the package and the client.
Distribution of software such as updates, patches, fixes, upgrades, etc., is a problem for by almost every software company in the world. This problem is usually addressed by using one or a combination of methods. For example, software updates can be distributed via removable media such as Compact Disks (CDs), Digital Video Disks (DVDs), tapes, diskettes, etc. In other cases, software, updates, etc. can be published on a software company's systems accessible from the Internet (e.g., on web servers, FTP servers, etc.) that allows users to download the software by using regular web clients (e.g., web browsers, ftp clients, etc.). In yet other cases, a custom software in a client-server architecture can be used to automatically download updates or other software from a software company's servers, via the Internet or other media.
However, all of these methods have some significant drawbacks. For example, distributing software via a removable media is slow and expensive, especially because of the costs of media and the costs of delivery. Downloading updates from World Wide Web (WWW) or File Transfer Protocol (FTP) sites is currently inconvenient to use, mainly because users need to manually visit multiple web or FTP servers from time to time to check if updates are released. This method is also time consuming, especially when the user has many software packages installed from multiple vendors. Custom software that checks for updates via the Internet or other media can be inconvenient to configure and manage. In this method, every installed software needs to have its own component for updating, which is problematic when the network configuration changes. If this happens, all update components may need to be configured as well. Furthermore, problems occur in passing through firewalls because such solutions may use proprietary network protocols, which may be not understandable by proxies or firewalls. Additionally, in this kind of solution, the updates are usually not accessible from regular web browsers. So, if there are any problems with the client software, users are not able to download the updates at all.
Security of all above solutions may also raise a lot of doubts. End users that use the software and download/install updates may have no way to verify if the software updates are not tampered with by third parties and do not contain viruses, worms, Trojans, spyware, etc. Although, at the moment, some software companies use hash sums and PGP-like signatures, these solutions still do not solve the problem. Single hash algorithms like (Message Digest 5 (MD5) and Secure Hash Algorithm (SHA) do not include electronic signatures of the software company. On the other hand, PGP-like signatures seem to be difficult and time-consuming to use and they do not seem to be popular among users. Therefore, end users may have no way to verify the origins of updates or other software.
Furthermore, existing solutions are not compatible with each other, which makes the process of distributing software updates in the corporate environment very difficult to perform in practice. For example, keeping all software on employees' computers up to date etc can be extremely time consuming and difficult. It is also not an easy task to verify on which hosts the updates were successfully installed and on which they were not. As a consequence, end users may use software with known security vulnerabilities that allow intruders or malware software to take control over their machines, leak sensitive or private information to intruders, attack other machines, disturb them in performing their work etc.
Hence, there is a need for methods and systems that allow for secure, automatic downloads of software via a variety of media in a manner that is usable by different software, potentially provided by different entities.