Free and paid tools and services for Windows and Linux
The best patch management software makes managing software updates across your computing devices and IT networks simple and easy.
With new software vulnerabilities and exploits appearing daily, installing Windows and application security patches as soon as they’re released is vital. Unfortunately, that’s not always easy.
The standard approach to patch management lets every app handle its own updates. You must ensure the apps are set up correctly and allow them to run any. However, sometimes software updaters end up disabled to improve computer performance.
A dedicated patch manager replaces this chaos with a single central interface to scan multiple apps for updates, report any missing patches it finds, and (sometimes) automatically rectify the situation.
The simplest of these tools work as little more than PC update reminders. They’ll warn you when new patches appear, and you sort out any updates yourself. Sometimes, that’s a minor hassle, but sometimes, it takes seconds (in Chrome, click Help > About > Update, and the browser sorts out everything else).
The most potent enterprise-level patch managers can scan systems on your network (often across multiple platforms), detect missing patches (third-party apps and operating system updates), remotely install them on your preferred schedule, and even roll back any updates if there are problems.
This technology has risks as well as advantages. If a poorly configured patch manager downloads the wrong update file, it might break your application or even affect your entire PC. Choosing your manager carefully is essential, ensuring you know how to cope if anything goes wrong.
Here, we’ll feature the best patch management software platforms currently available.
The best patch management software of 2023 in full:
1. Avira Software Updater
Quick and easy patch management
TODAY’S BEST DEALS: VISIT SITE
| REASONS TO BUY + | Free option+ Supports 150+ apps+ Automated updates |
| REASONS TO AVOID – | The commercial version is a little expensive |
Avira Software Updater is a simple patch manager that helps you spot the latest updates for over 150 popular applications.
Unfortunately, Avira doesn’t provide a complete list of its supported applications, but it seems to include Chrome, Firefox, Opera, Adobe Reader, Adobe Flash, CCleaner, and more.
Software Updater can also scan for out-of-date drivers, but we wouldn’t recommend that. You’re unlikely to see any major benefits (drivers rarely get significant security patches that Windows won’t handle themselves), and a failed or poorly chosen driver update can seriously mess up your PC. Leave driver updates to Windows, and it’s much safer.
The free version of Software Updater (available standalone, no need to install Avira Antivirus) scans your system on launch, displays missing patches, and – that’s it. There’s no automatic update option, no scheduling, or anything else. Clicking a globe icon should take you to the developer’s product page so you can download it, but even that doesn’t always work as expected.
The Google Chrome download link took us to Google.de, for instance, Google’s German language site. That’s not a big deal – Google automatically translated it for us, and the download would still have worked – but it’s an example of how a software updater may use update links and files that you wouldn’t see usually.
This won’t be an issue for everyone. Arguably, the safest way to use any software updater is to get reminders of any missing patches but then to find and install them yourself. Your software stays current, and you don’t risk problems caused by the updater using the wrong patch or not installing it correctly.
Avira’s Software Updater Pro is available on the annual plan if automatic updates are necessary. It supports Windows updates, too, and includes unlimited customer support via a toll-free number and email.
2. Avast Business Patch Management
Network patch management from a central web console
TODAY’S BEST DEALS: Avast Patch Management 1 device 1 year$29.99
| REASONS TO BUY + | Patch multiple devices from one web console+ Set custom patching rules+ Simple per-device pricing |
| REASONS TO AVOID – | Must be deployed with Avast antivirus product |
Security vendor Avast has interesting software update tools covering three levels of user.
Bargain hunters and beginners can install Avast Free Antivirus to get its basic Software Updater. This scans for missing patches, includes a ‘What’s changed?’ link (where possible) to explain what’s in an update and can download and silently install your chosen updates with a click.
Avast’s Premier and Ultimate security suites add the ability to install updates as they’re detected automatically.
Top of the range, though, is Avast Business Patch Management. Deploy this with one of Avast’s managed antivirus products (Antivirus, Antivirus Pro, Antivirus Pro Plus) across your network. It allows you to check the update status for various Windows apps from 100 top vendors: Adobe, Google, Microsoft (Windows and applications), Mozilla, Piriform, WinZip, and more.
Avast says there’s support for thousands of applications, but remember that, as with many competitors, this includes multiple versions. Firefox is counted 72 times, for instance. For a more realistic view of the total, look at this PDF of the complete application list.
You can control how and when the scan and patching process works. Instead of being forced to scan your entire network simultaneously, you can set up special rules for each device or define particular apps or vendors you’d like to exclude. You can choose when to deploy patches (immediately, on a schedule, manually) and decide what should happen afterward (ask the user, request, or even force a reboot).
Comprehensive reports help you see exactly what’s happening across your network, covering everything from the most patched applications to details on patches that haven’t been deployed (important information if the same update is regularly failing across your network).
No minimum number of devices makes the package suitable for any small business or home network. And if any of this sounds interesting, a free trial gives you 30 days to learn more.
3. GFI LanGuard
A patch management powerhouse for demanding businesses
TODAY’S BEST DEALS: VISIT SITE
| REASONS TO BUY + | Scans your entire network Protects desktop and mobile devices Huge number of features |
| REASONS TO AVOID – | Requires a lot of IT and networking expertise |
GFI LanGuard is a comprehensive patch manager for businesses or anyone with ten or more systems to protect.
The tool is designed to cover your entire network and can handle updates for multiple operating systems, including Windows 7-10, Windows Server 2003-2012, and Mac and assorted Linux distros.
If you prefer to leave your OS to handle its own updates, that could be wise, but GFI LanGuard also supports more than 80 third-party apps.
Although we’re primarily interested in patch management, GFI LanGuard includes industrial-strength network auditing and vulnerability scans. Reports might highlight issues with installed applications, security tools, mobile devices connecting to your network, open ports, file shares, and more.
Start to install GFI LanGuard, and it’s immediately evident that this isn’t a product for beginners. It prompted us to install an SQL server, then a web server, and even when it was running, it took us a while to find out how to do as much as run a scan.
However, put in the effort, and you’ll get some awe-inspiring results. Items are organized into lists of missing security updates, non-security updates, and Windows service packs and update rollups. You can also view recently installed updates, a handy way to see that all is well. All updates have descriptions, notes on severity, and even a link to the developer’s website where you can find out more.
You can update some or all missing patches immediately or at a specific time. If you’re deploying patches to another computer on your network, you can choose to warn the user beforehand, as well as what happens afterward (do nothing, shut down, reboot, and so on).
A free 30-day trial provides a risk-free way to explore what’s on offer. Beware, though, that’s not as generous as it sounds: GFI LanGuard comes so crammed with functionality that you’ll probably wish the test period was longer.
4. ManageEngine Patch Manager Plus
Enterprise-level patch management for all
TODAY’S BEST DEALS: VISIT SITE
| REASONS TO BUY + | Free for up to 20 computers, 5 servers Highly configurable Good value commercial plans |
| REASONS TO AVOID – | Can be complex to use |
ManageEngine Patch Manager Plus is a potent tool for deploying patches across Windows, Mac, and Linux systems.
Patch Manager Plus updates operating systems, Microsoft Office, a host of Office components, and a decent list of third-party apps. Although it’s very business-oriented, there’s a good range of apps that any experienced home user might have on their PC: 7Zip, Adobe Reader, CCleaner, Chrome, FileZilla, Firefox, IrfanView, Opera, Recuva, RoboForm, and more (check out the complete list here – 350+ apps are supported in total).
This isn’t some basic software updater where you must manually check for or initiate updates. Everything can be automated, from checking local systems for missing updates to downloading as required, deploying updates, and sending detailed progress reports.
The entire process is highly configurable. You can schedule scanning by time, group, or some custom collection of devices, for instance, then deploy in your preferred time window and with per-device custom actions (display alerts, reboot, and so on).
This flexibility has all kinds of advantages. Suppose you’re managing many devices in a business, for instance. In that case, you can first deploy critical patches to a small test group of PCs and wait for them to be approved as safe (another process you can automate) before rolling them out across the company.
Although Patch Manager Plus isn’t exactly difficult to use, the sheer weight of features means you’ve plenty to learn before you can find your way around. It’s worth looking for demanding users, though, primarily as a Free Edition protects up to 20 computers and five servers.
If that’s not enough, commercial plans are reasonably priced. For example, Patch Manager Plus supports up to 50 computers. It adds extras like support for a distribution server to serve patches from your local network (so there is no need for every device to download them separately).
5. Chocolatey
Command line package management for experts
TODAY’S BEST DEALS: VISIT SITE
| REASONS TO BUY + | Supports more than 7,000 packages+ Very customizable+ Capable free version |
| REASONS TO AVOID – | The command line approach isn’t for newbies |
Chocolatey is a comprehensive package manager for Windows that can automate installing, updating, and uninstalling all your software.
This isn’t a tool for newbies. Chocolatey uses PowerShell heavily and runs from the command line rather than a graphical interface, so you’ll need some knowledge and experience to get the most from the product. But if you’re willing to spend some time learning the basics, don’t necessarily let that put you off.
There’s nothing complicated about Chocolatey’s basic commands, for instance. Here are three examples:
- choco install firefox
- choco upgrade firefox
- choco uninstall firefox
It’s self-evident what they’re going to do, and now you’ve got the basic idea, you can probably figure out how to do the same with a host of other apps (for example, replace ‘firefox’ with ‘google chrome’, ‘adobereader’ or whatever other app you need).
Chocolatey works its magic with ‘packages’, and PowerShell files, which automate the install, upgrade, and uninstall tasks for each app. Users can create packages for their own use or share them with others, and as a result of this flexibility, Chocolatey now supports more than 7,000 apps.
Although Chocolatey doesn’t have the built-in automation options of specialist patch management tools, you can get a lot done with some straightforward scripts. The single command ‘choco upgrade all’ will upgrade all installed apps, for instance; just run that when your device boots, maybe as a scheduled task, and the system will automatically keep itself updated.
Chocolatey is available for free in its competent open-source form. Commercial plans add handy package-building options, reporting features, and other enhancements specifically for business use.
6. Ninite
Quick and easy app installs and updates
TODAY’S BEST DEALS: VISIT SITE
| REASONS TO BUY + | Easy to use Online interface |
| REASONS TO AVOID – | Limited app support There are few management features in the free build |
Ninite is a simple tool for installing and updating many Windows apps simultaneously.
The service stands out for its streamlined, web-based interface and automated installers. If you decide you need to install or update Chrome, Firefox, and Opera on a PC, for instance, this is all you need to do: go to Ninite.com, check the box for each browser, click Download to download a custom installer, and run it to install or update the browsers.
That’s it. It’s that simple. There is no need to register, create an account, or hand over your email address – there aren’t even any ads. You’ll be done in 30 seconds, maybe less.
It’s not all good news. Although Ninite supports 90+ apps, and some big names among them – the main browsers, Skype, various free antivirus (Avast, AVG, Avira), iTunes, .NET, Java, Google Earth, and Steam – it’s mostly focused on open source and freeware projects. For instance, if you’re looking for a PDF viewer, there’s no Adobe Reader; instead, you get Foxit Reader, maybe SumatraPDF or CutePDF.
The free Ninite only has the most basic features, too. Once you have your installer, you can share it with others, then run it to install your chosen apps or update any missing patches. But there’s no automation, scheduling, reports, or anything else.
Ninite probably works best as an easy way to install your favorite apps on a new PC. You can equip your new hardware with Chrome, Steam, 7-Zip, IrfanView, Paint.NET, Google Earth, and more in a fraction of the time it would take to install them manually.
Ninite’s simple updating is also worth a try; businesses needing more can check out Ninite Pro. Install the Pro agent on each system, and they show up on your web management interface with all their installed app details. You can update them manually or automatically with a range of configuration options.
Ninite Pro still can’t match the vast power of tools like GFI LanGuard, but that’s reflected in the price.
Best free patch management tools
7. Patch My PC Home Updater
Powerful, portable, and free
TODAY’S BEST DEALS: VISIT SITE
| REASONS TO BUY + | Feature-packed free version Portable, can run from a USB key Highly configurable |
| REASONS TO AVOID – | Cluttered interface |
Patch My PC Home Updater is a free Windows program that can help you monitor over 300 popular apps, automatically detecting any updates and (optionally) silently downloading and installing any patches it finds.
The 300 apps figure is boosted a little by the inclusion of products that are obscure, obsolete, or both (Bitdefender Anti-Ransomware, Imgburn, Microsoft EMET – the complete list is here). But it’s still better than many competitors, especially for a free product, and geeks will appreciate some of the more technical apps it supports: Angry IP Scanner, Atom, Brackets, GIMP, Sysinternals Suite, and more.
Unusually, Patch My PC doesn’t require installation or ask you to hand over your email address or other personal details. Launch it, and the program detects your installed apps (and portable versions) and displays up-to-date products in green or any missing patches in red.
Patch My PC’s interface is cluttered and doesn’t always work as expected. Its scan report doesn’t give you a table of results you can work with individually, for instance (update these two immediately, ignore that for now, don’t check these apps in the future, say). The results are plain text only; you can’t do anything but look at them.
The program works well if you’re more interested in speed and automation. For example, you can have it install all missing patches with a click. A well-designed scheduler enables automatically checking for updates at your preferred time and frequency, with the option to run it again later if a check is missed (because your PC was turned off).
Patch My PC also works well as a simple application manager. It’s easy to create a custom list of your ten favorite apps and have the program set them all up for you on a new PC. And a built-in Uninstaller lets you remove multiple apps in a single operation.
An exciting range of bonus options includes caching updates in a local folder. For instance, running Patch My PC on a USB key will save new updates to a local folder. Plug the key into other PCs, and if they need the same update, they’ll use the cached copy rather than download it again.
8. SUMo
Comprehensive software support, but it doesn’t do everything for you
TODAY’S BEST DEALS: VISIT SITE
| REASONS TO BUY | No automatic download, install The pro version is expensive for what you get |
| REASONS TO AVOID | No automatic download, install Pro version is expensive for what you get |
KC Software’s SUMo (Software Update Monitor) is a veteran patch manager who has been helping PC owners update their systems for many years.
This experience brings some immediate and undeniable benefits. While Patch My PC supported 29 applications on our test PC, SUMo recognized 70. It counted some of these twice – BlueStacks, PaintShop Pro – so this was a little misleading, but even so, the package still found more applications and updates than anything else we’ve tried.
We want to tell you exactly how many apps SUMo supports, but unfortunately, the website doesn’t say, and the company didn’t give us a figure, either. It works with most products you’d expect – browsers, Adobe Reader, Flash, and more.
SUMo’s free users won’t necessarily be pleased to hear about its broad software support because there’s no support for automatic updates. All you get is a web page to launch searches for the package on Google and popular download sites. For every update it spots, you must find the correct site, the page, and the download all by yourself.
Upgrading to SUMo Pro improves the situation a little, getting you a direct link to the product page for your app. There’s still no automatic download and installation, though, and it’s expensive for what you get.
9. Heimdal Free
Hassle-free automatic updates
TODAY’S BEST DEALS: VISIT SITE
| REASONS TO BUY + | Free Automatically detects and installs patches Respected developer |
| REASONS TO AVOID – | Limited app support |
Heimdal Free is the software updating module from Heimdal Security’s commercial range of security suites. As the name would suggest, it’s free to download and use.
Heimdal Free has the same interface as Heimdal’s full-strength suites, making it a little bulkier than most competitors. Our opening screen had four greyed-out areas with ‘Upgrade’ messages, for instance, and one button leading to the actual updating module, which Thor calls ‘X-Ploit Resilience.’
The package supports updating around 100 apps (or around 60 if we exclude those with multiple versions). The complete list is available on the website.
Even the main Heimdal Free module isn’t as straightforward as usual. There’s no Scan button, and we had to check a ‘Monitor’ option before Heimdal Free looked for updates. And once you get the report, you can tell Heimdal Free to automatically update that package in the future or leave it up to you.
There’s not a lot of power or configurability here, but the few features you get seem to work very well. Once we checked our chosen apps’ Monitor and AutoUpdate boxes, Heimdal Free automatically detected updates, downloaded them, and silently installed them in the background without hassling us.
10. Npackd
A popular open-source app store for the PC
TODAY’S BEST DEALS: VISIT SITE
| REASONS TO BUY + | Loads of apps+ Add support for custom apps |
| REASONS TO AVOID – | Small usability and technical issues Few management or automation features |
Npackd is an attractive open-source application store for Windows that can help you find, install, update, and uninstall a host of popular apps.
The package supports an impressive 1,469 apps at the time of writing. That’s not quite as good as it sounds because many apps count at least twice for 32-bit and 64-bit downloads, plus many are low-level runtimes rather than applications you want to install (13 downloads support ‘WinRT Intellisense’, for instance). Still, even if we ruled out all of those, there’s a lot more here than you’ll see with most of the competition.
Launch Npackd, and its entire catalog appears in a simple table, along with the current version of all apps and whatever version you have installed. It’s a very long list, but fortunately, you can filter it by category (Music, Productivity, Security, and so on) or by entering part of an app name in the Search box.
Select one or more apps, and you can have Npackd silently install (or uninstall) them all in a couple of clicks. Choose the ‘Updateable’ category, and Npackd displays every supported app you’ve installed with a missing patch. Again, select them all, tap Install, and Npackd will quickly run its update tasks.
We noticed some technical and interface oddities. Npackd didn’t seem able to detect the currently available version for quite a few apps, for instance, which presumably will make it impossible to update them safely. Some apps didn’t correctly install for us, although the package provides at least a few ways to address this. (For instance, you can look at the commands used during the installation or open the app website directly to check version numbers.)
The interface doesn’t directly enable automating, scheduling, or managing your updates. Although there’s a lot you can do – add support for custom apps, for instance, or manage tasks from the command line or scripts – you’ll need some Windows experience to get the most out of the system.
Still, overall, it’s a capable product and well worth a look for more demanding users.
11. RuckZuck
Automatic PC updates don’t get much easier than this
TODAY’S BEST DEALS: VISIT SITE
| REASONS TO BUY + | Very easy to use No-strings-attached free GUI and command line versions |
| REASONS TO AVOID – | Doesn’t have the support or dev resources of the top rivals |
RuckZuck is a free and very easy-to-use software package manager for Windows. And it is straightforward to get to grips with. For instance, you don’t have to install or create an account. Download and run the portable version, and you’re ready.
The interface is straightforward. Launch RuckZuck, and after a few seconds, it tells you how many updates, if any, are available for your installed apps. Click that button, and RuckZuck lists them all, highlighting the current and latest version numbers. Clicking Update All silently updates everything on the list, or you can select one or more apps and update only those.
You’d be correct if you think that sounds basic, but RuckZuck offers more. For instance, a command line tool enables automating updates from your own scripts. Installing RuckZuck’s OneGet Provider gives you custom software updating PowerShell commands, and enterprise users can even get integration with Microsoft’s System Center Configuration Manager.
RuckZuck’s software catalog looks impressive, too, with hundreds of apps supported: 540 at the latest count. It’s not quite as good as it seems – there are a lot of open source and freeware projects you may not even recognize, let alone use – but you’ll find plenty of popular apps, too: 7-Zip, .NET, Adobe Reader, Chrome, CCleaner, FileZilla, Firefox, IrfanView, iTunes and more.
Our central reservation is that RuckZuck is a small project – and entirely free to use – so it doesn’t have the people or resources behind it that you’ll see with the more prominent names. That’s not a criticism – it’s a considerable achievement that RuckZuck does so well – but inevitably means it can’t possibly have as much testing or updates as the well-funded competition. Although the developer is very responsive, generally identifying and fixing problems within a day or two, he can’t possibly replace the professional support team you’d get with a commercial service.
Experienced users should check out RuckZuck, as it’s a likable tool with much to offer. But if you’re a business user looking for maximum reliability and guaranteed speedy support if anything goes wrong, you’ll probably be better off elsewhere.
Additionally, we’ve featured the best network monitoring tools.
Which patch management software is best for you?
When deciding which patch management software to use, first consider what your actual needs are, as budget software may only provide basic options, so if you need to use advanced tools, you may find a more expensive platform is much more worthwhile. Additionally, higher-end software can usually cater to every need, so ensure you have a good idea of which features you think you may require from your patch management software.
How we tested the best patch management software
To test for the best patch management software, we first set up an account with the relevant software platform, and then we tested the service to see how the software could be used for different purposes and in different situations across various devices and operating systems. The aim was to push each patch management software platform to see how useful its essential tools were and also how easy it was to get to grips with any more advanced tools.
