Microsoft Forefront Client Security Benchmark
I was doing an evaluation of the Microsoft Forefront Client Security in Windows 2003 server and the verdict of the spycar test are:-
Spycar Scoring
HKCU_Run : Spycar change allowed
HKCU_RunOnce : Spycar change allowed
HKCU_RunOnceEx : Spycar change allowed
HKLM_Run : Spycar change allowed
HKLM_RunOnce : Spycar change allowed
HKLM_RunOnceEx : Spycar test not performed
IE-HomePageLock : Spycar change allowed
IE-KillAdvancedTab : Spycar change allowed
IE-KillConnectionsTab : Spycar change allowed
IE-KillContentTab : Spycar change allowed
IE-KillGeneralTab : Spycar change allowed
IE-KillPrivacyTab : Spycar change allowed
IE-KillProgramsTab : Spycar change allowed
IE-KillSecurityTab : Spycar change allowed
IE-SetHomePage : Spycar change allowed
IE-SetSearchPage : Spycar change allowed
AlterHostsFile : Spycar change allowed
WTF!! It means simple spyware also cannot block!
The installation itself is very crappy. A single server installation require the following configuration. The resource needed to manage a bunch of AV clients increased because it require you to install WSUS , MOM and the SQL2005 with the SQL 2005 reporting server as well.
And another issue with forefront client is even i update the pattern from the internet but the screen shot still shows the old version. However the dialog box say no new update available.. so which is which?
Spycar Scoring
HKCU_Run : Spycar change allowed
HKCU_RunOnce : Spycar change allowed
HKCU_RunOnceEx : Spycar change allowed
HKLM_Run : Spycar change allowed
HKLM_RunOnce : Spycar change allowed
HKLM_RunOnceEx : Spycar test not performed
IE-HomePageLock : Spycar change allowed
IE-KillAdvancedTab : Spycar change allowed
IE-KillConnectionsTab : Spycar change allowed
IE-KillContentTab : Spycar change allowed
IE-KillGeneralTab : Spycar change allowed
IE-KillPrivacyTab : Spycar change allowed
IE-KillProgramsTab : Spycar change allowed
IE-KillSecurityTab : Spycar change allowed
IE-SetHomePage : Spycar change allowed
IE-SetSearchPage : Spycar change allowed
AlterHostsFile : Spycar change allowed
WTF!! It means simple spyware also cannot block!
The installation itself is very crappy. A single server installation require the following configuration. The resource needed to manage a bunch of AV clients increased because it require you to install WSUS , MOM and the SQL2005 with the SQL 2005 reporting server as well.
And another issue with forefront client is even i update the pattern from the internet but the screen shot still shows the old version. However the dialog box say no new update available.. so which is which?
Comments