Monday, January 25, 2010

Microsoft Forefront Client Security Benchmark

I was doing an evaluation of the Microsoft Forefront Client Security in Windows 2003 server and the verdict of the spycar test are:-

Spycar Scoring
HKCU_Run : Spycar change allowed
HKCU_RunOnce : Spycar change allowed
HKCU_RunOnceEx : Spycar change allowed
HKLM_Run : Spycar change allowed
HKLM_RunOnce : Spycar change allowed
HKLM_RunOnceEx : Spycar test not performed
IE-HomePageLock : Spycar change allowed
IE-KillAdvancedTab : Spycar change allowed
IE-KillConnectionsTab : Spycar change allowed
IE-KillContentTab : Spycar change allowed
IE-KillGeneralTab : Spycar change allowed
IE-KillPrivacyTab : Spycar change allowed
IE-KillProgramsTab : Spycar change allowed
IE-KillSecurityTab : Spycar change allowed
IE-SetHomePage : Spycar change allowed
IE-SetSearchPage : Spycar change allowed
AlterHostsFile : Spycar change allowed

WTF!! It means simple spyware also cannot block!

The installation itself is very crappy. A single server installation require the following configuration. The resource needed to manage a bunch of AV clients increased because it require you to install WSUS , MOM and the SQL2005 with the SQL 2005 reporting server as well.



And another issue with forefront client is even i update the pattern from the internet but the screen shot still shows the old version. However the dialog box say no new update available.. so which is which?

No comments: