Review: Client Security Falls Short

To be sure, there are some simple, time-tested best practices: making sure patches are routinely applied and kept up to date; making sure ActiveX is disabled and browser security is ratcheted up; pop-up blockers are turned on and intrusion and spyware prevention technology is deployed on each node within a network—whether that node sits on a desktop or whether it's deployed on a mobile PC.

Unified threat management offerings (which CRNtech examines elsewhere in this issue, see p. 36) are one way to provide a network-based framework for intrusion prevention. But, after taking care to use best practices, what more can be done on the client side?

The CRN Test Center took a look at a client-side application that promises varying degrees of security and intrusion prevention. While not a panacea, Privacyware Inc.'s Privatefirewall 6.0 had some strengths.

Privacyware recently launched Privatefirewall 6.0, depicting it as a "Host Intrusion Prevention System that advances PC security by utilizing an integrated set of unique defense features including inbound/outbound packet filtering, system and application level behavioral monitoring, IP and URL blocking and process monitoring components." The company says the software "evaluates WinAPI calls" and monitors a bunch of system variables. It's supposed to be easy to use. So CRN Test Center reviewers tried it.

The software installs relatively quickly and painlessly (as it should, being client-side software for Windows). The GUI looks relatively idiot-proof: It offers three buttons—green, red and yellow—to allow all Internet traffic through (green); to monitor Internet traffic and halt suspicious traffic (yellow); and to simply shut down all Internet traffic (red). It also provides, within the console, an option to add specific traffic to block or specific traffic to allow, either by URL or IP address. The console allows an option to block all outgoing mail.

When put through some simple testing, via firewall tools at Auditmypc.com, and with Gibson Research Corp.'s LeakTest application that can determine whether a PC is vulnerable to hijacking, Privatefirewall 6.0 passed both tests. But here's where the "idiot" in "idiot-proof" is worth a second consideration: Once the green button is clicked to allow all traffic in and out of a PC, it's game over. No traffic is stopped, in or out. Well, "duh," you might say. But consider the employee within an enterprise who takes a notebook outside the network, disables the firewall and clicks the green button. There's nothing built into the system to save him from himself. Privatefirewall 6.0 is great software if those within an enterprise are serious about security. But it's those who aren't serious about it that cause all the problems, right?

It would likely be best deployed in a small business or workgroup within an enterprise—particularly where employees are mobile. Environments with more stringent regulations—including government, health care or financial services—would most likely want to deploy an intrusion prevention solution with more horsepower and more administrative options.

Privatefirewall 6.0 with antispyware is priced at $39.95 per client, a cost that is negligible for even a small business. That, of course, means margin dollars to the solution provider would be negligible too. But the real financial incentive to the trusted local IT adviser is in combining its deployment and integration as part of an overall security solution.