By Andrew Garcia  |  Posted 2004-04-26 Print this article Print

With Symantec Client Security 2.0, Symantec Corp. extends its desktop-based defenses against blended attacks by offering stalwart anti-virus protection, much-improved firewall and intrusion detection capabilities, and even a handy new ad-blocking engine.

With SCS 2.0, IT administrators will find deployment and ongoing management of remote clients greatly enhanced, particularly for the firewall component.

A 250-node license for SCS 2.0, which started shipping last month, costs $43.40 per node. Volume discounts are available: A 2,000-node license costs $31.80 per node.

Version 2.0 bundles Symantec AntiVirus Corporate Edition 9.0 with Symantec Client Firewall 7.0 in an integrated solution that can, by and large, be managed and updated from a single central console. However, competing product suites from McAfee also offer spam defenses and support for gateways and e-mail servers.

The Symantec System Console harnesses the MMC (Microsoft Management Console) to group computers, pushes anti-virus and firewall policies, performs signature updates for all defenses, and checks status logs. However, we had to use a separate application, Symantec Client Firewall Administrator, to create the firewall policies before we pushed them out with the System Console.

Symantec taps Microsoft Corp.s Installer file format (.msi) for installation packages, so we deployed the package to our test clients using Active Directory Group Policy. Using .msi decreases the disk footprint of the client software and simplifies client patching.

We liked SCS 2.0s ability to store and forward event data on mobile computers—a feature that was sorely lacking in previous versions. In tests, we generated virus alerts on a laptop at a remote site. When the system reattached to our network, log data was automatically forwarded to the System Console, helping us keep tabs on out-of-network events.

Unlike desktop firewalls from McAfee or F-Secure Corp., SCS firewall engine is now location-aware. Using Network Detector, we defined access policies that differed according to where mobile users connected to the network, creating separate policies for office, home network and WLAN, with stricter rule sets for more vulnerable connections.

Tailoring firewall policies is a little easier now: SCS 2.0s Client Profiling allows the firewall to run in a monitor mode that captures what applications are used to access the network, and reports back to the central console.

SCS 2.0 offers a few features that make it easier to securely open dynamic ports for applications. The new Secure Port feature effectively blocks the operating system from dynamically using any port commonly associated with a Trojan horse application, tightening control over the egress ports opened by applications to initiate network conversations.

The ad-blocking component is highly effective at blocking pop-up ads. To get rid of unwanted banner ads that manage to get through, Symantec offers a simple drag-and-drop interface to stop ads the software doesnt initially catch.

SCS 2.0s real-time e-mail anti-virus scanner effectively detects e-mail-borne threats transmitted via Post Office Protocol 3 and SMTP. Version 2.0 also tightens integration between the anti-virus and firewall modules. For example, when we disabled all real-time anti-virus scan modules and introduced the Sobig.A worm over the network, the firewall detected the threat and reactivated the anti-virus engine, quarantining the payload before it could cause damage.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:  

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel