Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
There has actually generally been an absence of visibility on Windows clients of the applications that are running and the resources that are being utilized. There are good tools in existence to monitor the server infrastructure and the network, but the client has actually always been the weakest element. This is why vendors such as Ziften have originated a brand-new class of solutions that are targeted at the management of security and the efficiency of clients in the enterprise, and this is called enterprise client management. Speaking from a technical standpoint, in order to collect the huge amount of info that is available within Windows that is required to supply visibility of the client, there were two alternative approaches that needed consideration. We could have developed custom driver code or utilized the standard API’s in Windows.
The development of driver code is thought as a last option because there are some well known issues:
An in depth understanding of the Windows kernel data structures and coding conventions is needed for driver development
Driver incompatibilities can exist even with the tiniest of system changes, for example with the month-to-month patch updates from Microsoft
A disastrous system crash can take place if there is a driver code issue
3rd party driver code triggers most of the instabilities in Windows
Any service that utilizes low level drivers in their agents don’t use standard Windows interfaces and they will “take control” from Windows. This can produce chaos with the os of the desktops that are under management. If a driver stops working then it can crash the system and there is likewise an increased security risk as these drivers run at kernel level. “Anything a user can do that causes a driver to malfunction in such a way that it causes the system to crash or become unusable is a security defect. When most coders are working on their driver, their focus is on getting the driver to work properly and not whether a harmful intruder will try to make use of holes within the system” said Microsoft about driver security.
So Ziften took the approach of developing our solution around basic Windows user interfaces, which has the following benefits:
Higher resilience to Windows updates and changes that are most likely to need driver modifications
Driver conflict vulnerability that can lead to system crashes eliminated (Blue Screen of Death).
The possibility of coding errors that impacts system performance through the kernel interface is minimized.