How Do You Lock A PC?

 
 
By eweek  |  Posted 2001-10-22
 
 
 

The steady swarm of bugs, worms and other gremlins that plague desktop PCs has caused some companies to wave the white flag - and move to locked-down server-based computing systems that are less susceptible to such problems.

The history of the PC in the corporation is a tale of chaos versus control. The industrys vendors, including Microsoft, have continually tried to produce better manageability features to provide secure, stable client machines. But the openness of PCs always seems to leave them exposed to some new threat. For example, notebook PCs are increasingly becoming infected with malicious code when users are connected outside the corporate network, said Bill Kennon, senior software consultant of BMC Software.

Then, "anything that was picked up in the wild gets back on the network," he said. "And port scans and IP-spoofing coming from inside the network is not something you would normally see. Its the soft underbelly thats been neglected."

According to some I-managers, thin client devices from companies like Network Computing Devices and Wyse Technology, and remote application servers such as Citrix Systems MetaFrame are easier to keep secure and virus-free than Windows PCs. Such systems store data on servers rather than on local PCs, so viruses or anything else attacking those clients cant destroy the data. In addition, if an application requires a patch or if antivirus definitions need to be updated, an administrator only has to make the changes on the central group of servers instead of on hundreds of individual desktop PCs.

Mike Pardee, IS communications director of Coventry Health Care, saw his networks PCs get hammered two years ago by the Melissa virus, one of the first rapidly self-propagating viruses that mailed itself to addresses culled from users address books.

"Melissa hit 1,800 users in 45 minutes," he recalled. "Thats when we learned that were never going through the 70 hours it took to clean that up again."

In large part to avoid getting hit by a nasty virus again, Coventry in the spring of 2000 began deploying NCDs thin client stations for its customer service representatives. By the end of this year the managed health care company will have roughly 2,000 units that connect to 70 servers. Pardee said the self-configuring and autoloading NCD clients have been painless to maintain, and even the small detail that they have no floppy disk drive means he doesnt have to worry about users loading software that could cripple them.

"I dont think anything is bulletproof, but I think this is the closest we can get today," Pardee said.

Con-Way Transportation Services, the $2 billion transportation and logistics subsidiary of CNF, has had a similar experience with thin clients. In its 400 U.S. service centers, Con-Way has installed about 3,000 Wyse devices for customer service agents to access a Web-based order tracking system. Jackie Barretta, Con-Ways vice president of information services, said the company selected thin client devices because it needed to be able to keep their configurations stable.

"To protect the client, you need to protect the infrastructure first," said Arvind Krishna, Tivoli Systems vice president for security products.

Rocket Fuel