Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO
There has traditionally been a lack of visibility on Windows clients of the applications that are running and the resources that are being utilized. There are good tools around to monitor the server infrastructure and the network, however the client has actually always been the weakest component. This is why suppliers such as Ziften have actually originated a brand-new class of solutions that are aimed at the management of security and the performance of clients in the enterprise, and this is called enterprise client management. Speaking from a technical viewpoint, in order to gather the big quantity of info that is readily available within Windows that is required to supply visibility of the client, there were 2 alternative approaches that required consideration. We might have created custom driver code or made use of the basic API’s in Windows.
The development of driver code is considered as a last resort due to the fact that there are some well understood issues:
An in depth understanding of the Windows kernel data structures and coding conventions is needed for driver development
Driver incompatibilities can exist even with the tiniest of system modifications, for example with the month-to-month patch updates from Microsoft
A devastating system crash can happen if there is a driver code error
3rd party driver code causes most of the instabilities in Windows
Any service that uses low level drivers in their agents do not utilize standard Windows user interfaces and they will “take control” from Windows. This can produce chaos with the os of the desktops that are under management. If a driver stops working then it can crash the system and there is also an increased security danger as these drivers perform at kernel level. “Anything a user can do that causes a driver to malfunction in such a way that it causes the system to crash or end up being unusable is a security flaw. When most developers are working on their driver, their focus is on getting the driver to work correctly and not whether a destructive hacker will try to exploit holes within the system” stated Microsoft about driver security.
So Ziften took the approach of building our service around basic Windows interfaces, which has the following benefits:
Greater resilience to Windows updates and modifications that are most likely to need driver changes
Driver conflict vulnerability that can result in system crashes eliminated (Blue Screen of Death).
The probability of coding errors that affects system performance through the kernel user interface is decreased.