I have learned that, yes, there is something worse than having all the users on your network download their own anti-spyware applications. Its that the users start running the software, whether they really need to or not.
This “sometimes the cure is worse than the disease” observation came from an IT manager at a university whose name youd probably recognize.
Her argument was that the downloading of anti-spyware software, well use Microsofts freeware as an example, plus the automatic downloading of updates, creates as much or more network traffic and disruption as the spyware itself. Stir 2,000 PC clients into the mix and the scale of the problem looms large.
This story came up during a phone call with Dave Taylor, marketing boss at LANDesk in Salt Lake City. His company started as LAN Systems in 1985, was bought by Intel in 1991 and spun out in 2002, though the independent company still has strong Intel ties.
Taylor and I were discussing a forthcoming update to his companys LANDesk Security Suite, a collection of software apps intended to sit between traditional LAN management and newer security management products. LANDesks approach allows customers to manage security issues using the same tools they use for other network management tasks.
I like this approach because it emphasizes that security features are as much a part of the network as users, computers, VPN connections and other resources. Security should not exist in a vacuum, and LANDesk is working to make sure it doesnt.
One of the features of the updated Security Suite is networked anti-spyware, intended to keep malware off the network in the first place. LANDesk developed its anti-spyware application, as well as the ongoing updates, at a lab in China. Anti-spyware features include automatic detection and removal of Trojans, malware, trackers, keyloggers, hijackers, dialers and cookies. The suite will also manage third-party anti-virus software.
Other features include patch management, a security threat analyzer, an application blocker, user-defined vulnerabilities, and a connection control manager. These features will work independently or in conjunction with LANDesks systems management suite.
Another feature of the update, now being beta tested, is a quarantine feature necessary to prevent clients from bringing malware with them when they reconnect to the corporate network.
Cisco is already offering a similar technology, which quarantines a returning client (typically a notebook PC thats been on the road) until it can be checked to ensure compliance with security policies. Customers with all-Cisco networks, provided they are using fairly current models, already have this feature as part of their networking hardware.
LANDesk is implementing this type of protection in software, Taylor told me. In most cases, the quarantine and release will be a quick process, as notebooks that havent changed configuration and have been connected to a high-speed VPN connection probably already have the most current security definitions and patches. If theyve missed any, Taylor said the new version of LANDesk Security Suite will update the system before its allowed to connect to the corporate network.
However, a computer that has moved from domain to domain or domain to workgroup and back, as happens when Taylor uses his work PC at home and returns to the office, will get a more thorough check before being allowed back on the corporate network.
While not as important to overall protection as anti-virus or anti-spyware, this new feature should help improve protection available to corporate networks. The update is due for release later this summer.
I am impressed by LANDesks approach to security and network management and have been recommending it to friends. Theyve been impressed, as well, so it seemed time to write a column. Tell me what you think.
Contributing editor David Coursey has spent two decades writing about hardware, software and communications for business customers. He can be reached at [email protected]