Update program application decision support device, update program application decision support method, update program application decision support system, and program

The update program application decision support system addresses the challenge of efficiently selecting software updates for SMEs by using user application and system configuration data to provide priority information, reducing verification man-hours and minimizing operational risks.

JP7881939B2Active Publication Date: 2026-06-30NEC CORP

Patent Information

Authority / Receiving Office
JP · JP
Patent Type
Patents
Current Assignee / Owner
NEC CORP
Filing Date
2022-03-16
Publication Date
2026-06-30

Smart Images

  • Figure 0007881939000001
    Figure 0007881939000001
  • Figure 0007881939000002
    Figure 0007881939000002
  • Figure 0007881939000003
    Figure 0007881939000003
Patent Text Reader

Abstract

To support application determination of an update program to a computer by a system manager.SOLUTION: An update program application determination support device stores user application information indicating whether an update program is applied to a computer and system configuration information of the computer, registers system environment information of the computer, and generates determination support information on whether the update program is applied to the computer on the basis of the user application information, the system configuration information, and the system environment information.SELECTED DRAWING: Figure 1
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] The present invention relates to an update program application determination support device, an update program application determination support method, an update program application determination support system, and a program for an update program of software installed in a computer system.

Background Art

[0002] Currently, many computers have been introduced into companies, and there is a need to centrally manage software. In addition, update programs are regularly distributed for software installed in a computer system for the purpose of ensuring security and improving functions, and it is necessary to determine whether to apply the software to individual computers. Various technologies have been developed for software installation suitability and software updates in a computer system.

[0003] Patent Document 1 discloses a method for verifying and operating correction patches for computer systems. Software vendors release correction patches to fix security vulnerabilities in operating systems and application programs. For example, Microsoft provides WSUS (Windows® Server Update Services) as a method for applying correction patches. If personal computers (PCs) within a company simultaneously access Microsoft's updater server to download and install updates, it generates excessive traffic. To solve this, by installing a WSUS server within the company and distributing updates to individual PCs, external communication is limited to the WSUS server, and multiple PCs can be grouped together to adjust distribution schedules, or unnecessary updates can be prevented from being distributed. Patent Document 1 aims to shorten the time it takes for client computers to check the patch catalog for necessary patches based on the correction patch information registered in the patch catalog file. Specifically, in a computer system where a security server and client computers are connected via a network, the security server calculates a first eigenvalue unique to the metadata in which information on correction patches for modifying program code is registered. If the second eigenvalue, calculated using a similar method to the first eigenvalue, does not match the first eigenvalue, the client computer retrieves the metadata from the security server.

[0004] Patent Document 2 discloses a security operation support system for reducing the testing load required to verify applications to which security patches are applied as countermeasures against vulnerabilities in operating systems (security flaws caused by application program defects or design errors). Patent Document 2 reduces overall verification costs by accumulating verification results when application maintenance is performed at the time of patch release and deciding whether or not to perform new verification on similar applications based on the verification results. Specifically, using impact scope information that shows the relationship between the patch program and the application, the system determines whether or not a pre-verification test is necessary when the similarity between a first application affected by the patch program and a second application that depends on its functionality meets predetermined conditions.

[0005] Patent Document 3 describes a system that, if the software installed on a predetermined terminal is successfully updated, the system considers the possibility of successfully updating the software installed on another terminal. When the management server determines that it has successfully applied the configuration change to the verification environment endpoint, it calculates the similarity between the configuration of the verification environment endpoint and the configuration of the managed endpoint and instructs the system to apply the configuration change to the managed endpoint. Patent Document 4 discloses a program installation support method that notifies the system that a program update is necessary if the version information included in the device information of the device to which the program is installed does not match the version information corresponding to the combination of the program type to be installed and the program type installed on the device. Patent Document 5 discloses a program distribution system that distributes program distribution to clients to reduce network load and receives and updates programs from a server without stopping the client's business processing. [Prior art documents] [Patent Documents]

[0006] [Patent Document 1] Patent No. 4991668 [Patent Document 2] Japanese Patent Publication No. 2021-18446 [Patent Document 3] Japanese Patent Publication No. 2016-35708 [Patent Document 4] Japanese Patent Publication No. 2014-6933 [Patent Document 5] Japanese Patent Publication No. 2004-206260 [Overview of the project] [Problems that the invention aims to solve]

[0007] Previously, software vendors providing program products would publish update programs online. System administrators would then use WSUS or the vendor's asset management software to obtain a list of distributed updates. After applying the updates to a client group consisting of several computers and verifying their operation, they would decide whether to approve or reject the updates. These updates would then be applied to all other client groups within the company's department. Update programs were categorized into security patches, bug fixes, and feature additions. System administrators individually verified updates regularly distributed by software vendors and decided whether to apply them to multiple clients connected to the computer system. However, if problems were not detected in the update verification environment, problematic updates could be applied to client PCs in the production environment, potentially impacting business operations. Furthermore, in addition to regularly provided updates, there were also irregularly provided emergency patches, requiring significant effort to verify. While large corporations could adequately verify updates, small and medium-sized enterprises (SMEs) found it difficult to properly apply updates due to the time and effort required for verification.

[0008] As mentioned above, there was a need to provide information to small and medium-sized enterprises and system departments that lack sufficient personnel to adequately evaluate whether or not to apply update patches, as well as to system administrators who are unsure whether or not to apply patches from update programs, in order to help them select which patches to apply to client PCs from update programs. If system administrators can see the results of how users at other companies with system configurations similar to their own have decided whether or not to apply update patches distributed by software providers, it will be helpful when they decide whether or not to apply update patches to their own environment.

[0009] Patent Document 1 shortens the time required to check for patches that need to be applied to client PCs from a patch catalog, but it does not provide information for selecting updates to apply to client PCs for WSUS or asset management software. Patent Document 2 stores evaluation items related to a specific application, but it does not store information on updates applied to computer systems by multiple users, nor does it provide information for selecting updates that need to be verified from among the updates released by software vendors. Patent Document 3 teaches a software application support method that calculates similarity from the difference between configuration information obtained from an endpoint terminal agent and configuration information of a verification environment, and determines the terminal to which the program should be applied next. Patent Document 4 notifies that a program update is necessary when the version information included in the device information of the device to which the program is installed does not match the version information of the program type to be installed, and Patent Document 5 teaches how to determine the terminal to which the update should be applied by determining the priority based on the frequency of use of the client PC itself that is the target of the update. However, Patent Documents 3 to 5 do not provide information for selecting updates to be applied to client PCs.

[0010] The present invention aims to provide a device for supporting the application of an update program, a method for supporting the application of an update program, a system for supporting the application of an update program, and a program that solve the above-mentioned problems. [Means for solving the problem]

[0011] A first aspect of the present invention is an update program application decision support device comprising: an information storage unit that stores user application information indicating whether or not an update program is applied to a computer; system configuration information of a computer; a system environment information registration unit that registers system environment information of a computer; and an information determination unit that generates decision support information on whether or not to apply an update program to a computer based on the user application information, system configuration information, and system environment information.

[0012] A second aspect of the present invention is an update program application decision support method that obtains user application information indicating whether or not an update program has been applied to a computer, obtains system configuration information of the computer, obtains system environment information of the computer, and generates decision support information for whether or not to apply the update program to the computer based on the user application information, system configuration information and system environment information.

[0013] A third aspect of the present invention is an update application decision support system comprising a management server and a service provision server. When the management server receives an update application to be applied to a computer, it obtains user application information indicating whether or not the update application should be applied, and system configuration information of the computer to which the update application should be applied. The service provision server stores the user application information and system configuration information provided by the management server, registers the computer's system environment information, and generates decision support information on whether or not to apply the update application to the computer based on the user application information, system configuration information, and system environment information.

[0014] A fourth aspect of the present invention is a program that acquires user application information indicating whether or not an update program has been applied to a computer, acquires system configuration information of the computer, acquires system environment information of the computer, and generates information to support the decision of whether or not to apply an update program to the computer based on the user application information, system configuration information, and system environment information. [Effects of the Invention]

[0015] According to the present invention, when deciding whether or not to apply a software update to a computer, it is possible to provide decision-making support information based on system environment information and user application status, in addition to the importance of the update. [Brief explanation of the drawing]

[0016] [Figure 1] This is a block diagram of the update program application decision support system according to the first embodiment of the present invention. [Figure 2] This is a flowchart showing the system information acquisition process for the update program application decision support method according to the first embodiment of the present invention. [Figure 3] This is a flowchart showing the user application determination provision process for the update program application determination support method according to the first embodiment of the present invention. [Figure 4] This is a list showing an example of system environment information registered on the service provision server that implements the update application support function in the update application decision support system according to one embodiment of the present invention. [Figure 5] This is a table showing an example of system configuration information obtained from a computer system in a system for supporting the application of update programs according to one embodiment of the present invention. [Figure 6] This is a table showing an example of the aggregated results of application priority and user application rate for update programs whose application necessity has been determined in the update program application decision support system related to one embodiment of the present invention. [Figure 7]It is a block diagram showing the minimum configuration of an update program application judgment support system according to the present invention. [Figure 8] It is a block diagram showing the minimum configuration of an update program application judgment support device according to the present invention. [Figure 9] It is a flowchart showing the processing process of a program for implementing an update program application judgment support method according to the present invention.

Embodiment for Carrying Out the Invention

[0017] In view of the fact that update programs for operating systems are regularly released from software providers such as Microsoft, etc., the present invention provides useful information for selecting update programs to be applied to client PCs for system operators such as companies from among a large number of update programs. That is, it provides information linking the ratio of the update program application status obtained from other users with the system configuration for the update programs distributed from the software distribution source to the system administrators within the company. Regarding the application or non-application status of the update program, the program correction content provided by the software distribution source, the impact on the computer system, information regarding what software is installed and what update programs with what configuration should be applied, and by checking the situation of others regarding whether to defer the application of the update program, the system administrator can make a judgment as to whether to apply the update program to the company's own system, and the evaluation man-hours related to the verification of the update program can be reduced. The present invention collects the operation status of a plurality of users regarding the update programs distributed from the software distribution source, calculates data for making a selection of the update programs, and provides this data as the priority information for the update program operation, thereby supporting the work of the system administrator.

[0018] An update application decision support system and an update application decision support method according to one embodiment of the present invention will be described in detail with reference to the attached drawings. Figure 1 is a block diagram of an update application decision support system 1 according to one embodiment of the present invention. The components of this embodiment are broadly divided into a management server 30 on a user network 20 that receives updates from an update provider 10 and a service provision server 60 that provides services using the functions of this embodiment. The management server 30 on the user network 20 is home to WSUS (Windows Server Update Services) or asset management software 40 to which updates are distributed, and is equipped with an application information acquisition unit 101 that acquires user application information indicating the application status of updates on the user side, and a system configuration information acquisition unit 102 that acquires information related to the user's system configuration (system configuration information). The system configuration information acquisition unit 102 is connected to a computer system (hereinafter referred to as "computer") 50 such as a client PC or network device, and acquires the user's system configuration information from the computer 50.

[0019] The service provision server 60 comprises an information storage unit 103 that stores user application information from the application information acquisition unit 101 of the management server 30 on the user network 20 and system configuration information from the system configuration information acquisition unit 102; a system environment information registration unit 104 where system environment information is registered by the user; and an information determination unit 105 that performs information determination based on the information stored in the information storage unit 103 and the system environment information in the system environment information registration unit 104 to calculate the application priority for the update program. The registration of system environment information by the user and the transmission of the application priority to the user are performed via the Web interface 106.

[0020] Next, a method for supporting the decision on whether to apply an update program according to one embodiment of the present invention will be described with reference to the flowcharts shown in Figures 2 and 3. The method for supporting the decision on whether to apply an update program is a processing procedure performed by a service provision server 60 that is connected to a management server 30. Figure 2 shows a system information acquisition process (steps S201 to S203) that acquires system information of the computer 50 as a preparatory procedure for determining whether an update program is necessary to apply. Figure 3 shows a user application determination process (steps S301 to S307) that calculates the decision on whether an update program is necessary to apply from an aggregate of user application information and information about the update program itself, and provides it to the user when the update program is distributed.

[0021] The system information acquisition process shown in Figure 2 is executed when a new system is introduced or when the system configuration is changed (S201). The system administrator registers the purpose of use and the usage environment of the system as system environment information in the system environment information registration unit 104 via the web interface 106 (S202). Here, information on the production environment actually operated by the user and information on the verification environment used for evaluating the application of update programs are registered as system environment information. Figure 4 shows the details of the system environment information, showing the relationship between the registered information and the impact of the security characteristics required of the system (purpose of use, confidentiality, safety, availability, target environment). "The business content performed by the system" is registered as the purpose of use, "whether confidential information and important files can be accessed" is registered as confidentiality, "whether information can be tampered with" is registered as safety, "whether system downtime or delays to business operations will occur" is registered as availability, and "the target devices of the production environment / verification environment" is registered as the target environment. In addition, the impact of confidentiality, safety, and availability is indicated as "high / low / none".

[0022] Next, the system configuration information acquisition unit 102 acquires the system information of the client PC and network configuration information (S203). In other words, the system configuration information acquisition unit 102 acquires the system information of the client PC connected as computer 50 and the hardware information of the network equipment. Figure 5 shows the details of the system information, and the acquired information includes the operating system (OS) of the client PC, software, and connected hardware. It also includes the version of the operating system of the client PC, the type and version of the software used on the client PC, the type of printer and network equipment connected to the user network, hardware product information, and the firmware version applied to the hardware.

[0023] Next, the user application determination process will be explained with reference to Figure 3. The software product vendor, which is the update provider 10, distributes a list of update programs via WSUS or asset management software 40 (S301), and the user's system receives the update programs. When the system administrator applies the update programs to client PCs, etc., they evaluate the updates by applying them to an environment that has been set up as a verification environment in advance when registering system environment information with the service provision server 60. As a result of the evaluation performed by the system administrator, there is a possibility that the application of the update programs to other users (other client PCs, etc.) will be postponed, so if the update programs are distributed to the production environment, the application information of the update programs is obtained (S302). When the system administrator applies the update programs to the production environment, the application information acquisition unit 101 obtains information on the update programs that have been permitted to be applied from the list of update programs and sends it to the information storage unit 103 (S303). Specifically, it obtains information on which updates have been approved and which have been rejected (patches) from the update programs applied to the production environment.

[0024] In the service provision server 60, the information determination unit 105, based on the application status of the update programs acquired as described above for each user, aggregates the percentage of actually applied (patches) by linking whether the update programs were applied to the actual user environment (production environment) or rejected without being applied, with the system environment information acquired in advance (S304). In other words, it aggregates the percentage of application results for each client PC version and hardware (HW) configuration. The importance and vulnerability severity of the update programs are set by the software product vendor, and the information set in the update programs is quantified in terms of importance and vulnerability to set the importance score of the update program itself. In addition, an environment information score is set from the system environment information (Figure 4) that has been registered in advance by the user. A numerical value combining the importance score of the update program and the environment information score is calculated, and the application priority for applying the update program is set (S305). Even if the importance set for the update program is low, if the impact is high in the environment information such as confidentiality set by the user, the application priority is set high. The various information calculated as described above is sent to the web interface 106.

[0025] Figure 6 shows an example of the application priority for individual patches in an update program and the aggregated application rate in other user environments. For example, patch a, "Functional fix for XX," has a low application priority, resulting in a user application rate of 30%, while patch b, "Resolves remote code execution vulnerability in XX," has a high application priority, resulting in a user application rate of 90%. The web interface 106 displays the aggregated application priority and user application rate for individual patches in the update program, as shown in Figure 6. Since the above aggregated results are provided to the web interface 106, the user refers to the web interface 106 to determine whether or not to apply the update program (S306). Subsequently, the software product vendor determines whether there is any additional program defect information or new vulnerabilities (S307). In other words, if a new defect is reported by the software product vendor after the update program is distributed, or if a problem caused by the update program itself applied by the user is reported, the service provider updates the information related to the update program stored in the information storage unit 103 and updates the application priority and other information provided to the user (S307). In other words, if additional bug information or new vulnerabilities are discovered, return to step S305 and recalculate the application priority.

[0026] In the above-described embodiment, a mechanism is employed to obtain information on the application of update programs to client PCs and calculate the percentage of users who have applied them, but the embodiment is not limited to this. By utilizing a similar mechanism on the server, the man-hours required for selecting update programs to apply to the server, as well as for verifying and evaluating the updates, can be reduced. Furthermore, in the above-described embodiment, an information storage unit 103, a system environment information registration unit 104, and an information determination unit 105 are constructed within the service provision server 60, but these components may also be constructed in a cloud computing system. That is, the functions of the service provision server 60, which is realized by collecting system configuration information and user application information related to computers 50 such as client PCs, may be implemented by an edge computing system located in close proximity to the management server 30 on the user network 20, or by a cloud computing system using a data center located remotely.

[0027] In conventional update application methods, system administrators determine whether to apply an update by first checking the risk level according to the vulnerability level of the update and then assessing the impact on the system. Depending on the system configuration, there may be cases where updates are applied too quickly due to the handling of personal information, or where the system configuration is complex and thorough verification is required to consider the impact of the update, which may result in differences in the timing of update application for each user. Furthermore, even if an update is applied in advance, if any system problems occur, it is conceivable that the database where the updates were sequentially registered may be rolled back to restore the program state before the update. In this embodiment, by understanding the user application status of updates and accumulating user application information, users who do not apply updates immediately can check the application status of other users who have applied updates in advance, and users who have applied updates in advance can check whether there are any problems in the system environment after the update has been applied or whether any new defects have occurred. This allows system administrators to reduce the man-hours required when verifying and evaluating updates.

[0028] Next, the minimum configuration of the update application decision support system according to the present invention will be described. Figure 7 is a block diagram showing the minimum configuration of the update application decision support system 2. The update application decision support system 2 consists of a management server 230 that manages update programs applied to a computer 250 such as a client PC, and a service provision server 260 that provides services to support the decision on whether to apply the update program. The management server 230 incorporates asset management software 240 that manages various computing resources and stores user application information 231 indicating whether the user has applied the update program and system configuration information 232 obtained from the computer 250. The service provision server 260 stores system environment information 261. The service provision server 260 executes information determination processing 262 based on the user application information 231, system configuration information 232, and system environment information 261 to provide the user with update application decision support information 270, for example, as shown in Figure 6.

[0029] Next, the minimum configuration of the update application decision support device according to the present invention will be described. The update application decision support device corresponds to the service provision server 60 shown in Figure 1. The service provision server 60 is connected to the management server 30, but the update application decision support device is defined as a separate device that performs the functions of the service provision server 60. Figure 8 is a block diagram showing the minimum configuration of the update application decision support device 400. The update application decision support device 400 acquires user application information 301 related to the application status of the update and calculates the user application rate 401. For example, if a WSUS server in the user network monitors the application status of the update for 10 computers, and only 3 computers have applied the update, the user application rate will be 30%. When the update application decision support device 400 acquires the importance score 302 of the update and the environment information score 303 of the system environment information, it combines the importance score 302 and the environment information score 303 to calculate the application priority 402. The application priority 402 can be quantified, but as shown in Figure 6, it can also be represented as "high" or "low." Even if the importance of an update is low, if its impact is high in the environment information set by the user, the application priority should be increased. The user considers the system configuration information 304 of the computer to which the update will be applied, and takes into account the user application rate 401 and application priority 402 to decide whether or not to apply the update to the computer and when to apply the update.

[0030] Next, the processing steps of a program implementing the update application decision support method according to the present invention will be described. Figure 9 is a flowchart of the program's processing steps (S401 to S407). First, user application information indicating the application status of the update is acquired and aggregated (S401), and the user application rate is calculated (S402). In addition, the importance score of the update (S403) and the environment information score of the system environment information are acquired (S404), and the application priority is calculated by combining the importance score and the environment information score (S405). Taking into account the system configuration information of the computer to which the update is to be applied (S406), the user application rate and application priority are referred to to determine whether or not the update is to be applied (S407).

[0031] The aforementioned management servers 30, 230, computers 50, 250, service provision servers 60, 260, and update application decision support device 400 are equipped with a computer system (hardware and software), and the above-mentioned processing steps (Figures 2, 3, and 9) are stored in program format on a computer-readable storage medium, and the above-mentioned processing steps are implemented when the computer reads and executes the program. Furthermore, in addition to a central processing unit (CPU), a GPU or the like may be used to perform computational processing as the processor embedded in the computer. Moreover, it is possible to use various programs such as embedded programs and network programs.

[0032] The present invention supports the work of system administrators by collecting the update application status of multiple users (for example, multiple computers connected to a user network whose software installation status is centrally managed) for software updates distributed by software product vendors, etc., and providing decision-making support information for selecting which updates to apply to a specific user's computer. However, the decision-making support information is not limited to the application priority and user application rate shown in Figure 6, and may also be displayed as a map such as a two-dimensional chart showing the update application status by multiple users, or warning information may be sent to users who have not applied the updates. Alternatively, if the user application rate is also high for an update with a high application priority, the system administrator may be provided with a list identifying users who have not yet applied the updates.

[0033] Finally, the present invention is not limited to the embodiments described above, but also encompasses various modifications and design changes that fall within the technical scope defined in the claims. [Explanation of symbols]

[0034] 10 Update providers 20 User Network 30,230 Management Servers 40,240 Asset Management Software 50,250 computers 60,260 service provider servers 101 Applicable information acquisition section 102 System Configuration Information Acquisition Unit 103 Information Storage Unit 104 System Environment Information Registration Department 105 Information Judgment Department 106 Web Interface

Claims

1. An information storage unit that stores user application information indicating whether or not an update program has been applied to the computer, and system configuration information of the computer, A system environment information registration unit for registering the system environment information of the aforementioned computer, An information determination unit generates information to support the determination of whether or not to apply the update program to the computer, based on the user application information, the system configuration information, and the system environment information. It is equipped with, The aforementioned system environment information is set based on at least one of the following: the confidentiality of the computer, its availability, and the target environment. The confidentiality refers to whether the computer can access confidential information or important files. The aforementioned availability indicates whether, when the update program is applied to the computer, the system including the computer will stop, or whether delays will occur in the work of users using the computer. The aforementioned target environment indicates whether the computer is included in a production environment or a testing environment that has been previously registered by the user. Update program application decision support device.

2. The information determination unit aggregates the user application information to calculate a user application rate indicating the proportion of users who have applied the update program, calculates the priority for applying the update program to the computer based on the importance score of the update program and the environmental information score of the system environment information, and generates the decision support information relating to the combination of the user application rate and the application priority, as described in claim 1.

3. The information determination unit increases the application priority of the update program if, regardless of the importance score of the update program, the impact of the update program is high in light of the system environment information. This is the update program application determination support device according to claim 2.

4. The aforementioned system environment information is further set based on the intended use or security of the computer, The aforementioned purpose of use indicates the business operations performed by the system, including the computer, The aforementioned security indicates whether or not the information contained in the computer can be tampered with. The update program application determination support device according to claim 1.

5. Obtain user application information indicating whether or not updates have been applied to the computer. The system configuration information of the aforementioned computer is obtained, The system environment information of the aforementioned computer is obtained, Based on the user application information, the system configuration information, and the system environment information, information is generated to help determine whether or not to apply the update program to the computer. The aforementioned system environment information is set based on at least one of the following: the confidentiality of the computer, its availability, and the target environment. The confidentiality refers to whether the computer can access confidential information or important files. The aforementioned availability indicates whether, when the update program is applied to the computer, the system including the computer will stop, or whether delays will occur in the work of users using the computer. The aforementioned target environment indicates whether the computer is included in a production environment or a testing environment that has been previously registered by the user. A method for supporting decisions regarding the application of update programs.

6. When an update program to be applied to a computer is received, the management server obtains user application information indicating whether the update program has been applied and system configuration information of the computer to which the update program is applied. The system comprises a service provision server that stores the user application information and system configuration information provided by the management server, registers the system environment information of the computer, and generates information to help determine whether or not to apply the update program to the computer based on the user application information, the system configuration information, and the system environment information, The aforementioned system environment information is set based on at least one of the following: the confidentiality of the computer, its availability, and the target environment. The confidentiality refers to whether the computer can access confidential information or important files. The aforementioned availability indicates whether, when the update program is applied to the computer, the system including the computer will stop, or whether delays will occur in the work of users using the computer. The aforementioned target environment indicates whether the computer is included in a production environment or a testing environment that has been previously registered by the user. Update application decision support system.

7. Obtain user application information indicating whether or not updates have been applied to the computer. The system configuration information of the aforementioned computer is obtained, The system environment information of the aforementioned computer is obtained, Based on the user application information, the system configuration information, and the system environment information, information is generated to help determine whether or not to apply the update program to the computer. The aforementioned system environment information is set based on at least one of the following: the confidentiality of the computer, its availability, and the target environment. The confidentiality refers to whether the computer can access confidential information or important files. The aforementioned availability indicates whether, when the update program is applied to the computer, the system including the computer will stop, or whether delays will occur in the work of users using the computer. The aforementioned target environment indicates whether the computer is included in a production environment or a testing environment that has been previously registered by the user. program.