With Symantec Client Security 2.0, Symantec Corp. extends its desktop-based defenses against blended attacks by offering stalwart anti-virus protection, much-improved firewall and intrusion detection capabilities, and even a handy new ad-blocking engine.
Click here to read the full review of SCS 2.0.
2
With Symantec Client Security 2.0, Symantec Corp. extends its desktop-based defenses against blended attacks by offering stalwart anti-virus protection, much-improved firewall and intrusion detection capabilities, and even a handy new ad-blocking engine.
With SCS 2.0, IT administrators will find deployment and ongoing management of remote clients greatly enhanced, particularly for the firewall component.
A 250-node license for SCS 2.0, which started shipping last month, costs $43.40 per node. Volume discounts are available: A 2,000-node license costs $31.80 per node.
Version 2.0 bundles Symantec AntiVirus Corporate Edition 9.0 with Symantec Client Firewall 7.0 in an integrated solution that can, by and large, be managed and updated from a single central console. However, competing product suites from McAfee also offer spam defenses and support for gateways and e-mail servers.
The Symantec System Console harnesses the MMC (Microsoft Management Console) to group computers, pushes anti-virus and firewall policies, performs signature updates for all defenses, and checks status logs. However, we had to use a separate application, Symantec Client Firewall Administrator, to create the firewall policies before we pushed them out with the System Console.
Symantec taps Microsoft Corp.s Installer file format (.msi) for installation packages, so we deployed the package to our test clients using Active Directory Group Policy. Using .msi decreases the disk footprint of the client software and simplifies client patching.
We liked SCS 2.0s ability to store and forward event data on mobile computers—a feature that was sorely lacking in previous versions. In tests, we generated virus alerts on a laptop at a remote site. When the system reattached to our network, log data was automatically forwarded to the System Console, helping us keep tabs on out-of-network events.
Unlike desktop firewalls from McAfee or F-Secure Corp., SCS firewall engine is now location-aware. Using Network Detector, we defined access policies that differed according to where mobile users connected to the network, creating separate policies for office, home network and WLAN, with stricter rule sets for more vulnerable connections.
Tailoring firewall policies is a little easier now: SCS 2.0s Client Profiling allows the firewall to run in a monitor mode that captures what applications are used to access the network, and reports back to the central console.
SCS 2.0 offers a few features that make it easier to securely open dynamic ports for applications. The new Secure Port feature effectively blocks the operating system from dynamically using any port commonly associated with a Trojan horse application, tightening control over the egress ports opened by applications to initiate network conversations.
The ad-blocking component is highly effective at blocking pop-up ads. To get rid of unwanted banner ads that manage to get through, Symantec offers a simple drag-and-drop interface to stop ads the software doesnt initially catch.
SCS 2.0s real-time e-mail anti-virus scanner effectively detects e-mail-borne threats transmitted via Post Office Protocol 3 and SMTP. Version 2.0 also tightens integration between the anti-virus and firewall modules. For example, when we disabled all real-time anti-virus scan modules and introduced the Sobig.A worm over the network, the firewall detected the threat and reactivated the anti-virus engine, quarantining the payload before it could cause damage.
Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: