Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


May 2007

Forefront Client Security

Microsoft goes all out with this technology-heavy product
From the May 2007 Edition
of Windows IT Pro
Jeff Fellinge
Feature
InstantDoc #95504
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Products / Software Articles Here | Reprints
Or get the Monthly Online Pass—only $5.95 a month!

It wasn't until Microsoft's purchase of Giant Software and its Giant AntiSpyware product, and the subsequent release of Windows Defender, Microsoft's spyware scanning and removal tool, that the software giant really got serious about anti-malware. Now Windows Defender is built into Windows Vista and available as a free download for Windows XP. However, Windows Defender lacks centralized administration and alerting, which means it's not a serious anti-malware solution for most businesses. To fill this gap, Microsoft has released Microsoft Forefront Client Security, a client/server application targeted at businesses and designed to identify and block viruses, worms, spyware, rootkits, and other malicious software at the host level for servers and workstations.

Centralized Management Using Enterprise Tools
Although Forefront Client Security is new, the technologies behind it are not. Its pedigree includes the Windows Malicious Software Removal Tool, Windows Server Update Services (WSUS), Microsoft Operations Manager (MOM), Group Policy Objects (GPOs), and Microsoft SQL Server 2005, as well as work done by the Microsoft Product Support Services Security Response team, which is behind the malware definitions used by Windows Defender and Windows Live OneCare.

Forefront Client Security incorporates Windows Defender's real-time protection agents to watch for suspicious activities, such as whether new programs are configured to autostart, and to monitor changes to the Microsoft Internet Explorer configuration. You can also configure Forefront Client Security to participate in the Microsoft SpyNet program, which leverages a community of members to quickly spread the word about new threats.

The success of any antivirus or antispyware application depends on robust, up-to-date, and effective definition files. Forefront Client Security agents use an updated WSUS configuration that checks Microsoft Update hourly for new definitions. Many of the technologies used by Forefront Client Security are also used by Windows Live OneCare, which has been certified by ICSA Labs for antivirus and personal firewall use. Microsoft is seeking similar certification for Forefront Client Security. (For an insider's view of Forefront Client Security, download Karen Forster's interview of Microsoft Senior Product Manager Josue Fontanez at http://www.windowsitpro.com/podcast/Index.cfm?fuseaction=ShowRegistration&PCID=ccee52e8-6fcb-4c1c-aaf6a80563ea25aa.)

Most of the technologies behind Forefront Client Security are proven enterprise solutions, and if you already have Microsoft server product expertise in-house, your IT staff will find Forefront Client Security familiar. However, if you're new to these enterprise technologies, you might find installation, deployment, configuration, and administration daunting on both the server and clients.

Architecture and Installation
Forefront Client Security follows the client/ server application model common to most antivirus and antispyware products. Every managed client needs the Forefront Client Security agent installed. The Forefront Client Security agent isn't the same as the Windows Defender agent included in Vista—you'll actually need to disable the Vista Windows Defender antispyware agent before installing the Forefront Client Security client. The Forefront Client Security agent communicates with the product's server components, which play four roles: management server, collection server, reporting server, and distribution server. Depending on your hardware and the size of your company, you might be able to run all four roles on one system, or you can spread them across computers to scale the deployment. The server components run on Windows Server 2003 Release 2 (R2) or Windows 2003 Service Pack 1 (SP1) with all security updates installed.

The installation of Forefront Client Security might seem massive and complex, especially when compared with other antivirus and antispyware programs. Besides requiring WSUS to deploy antivirus and antispyware definitions as well as new security updates, Forefront Client Security uses the Microsoft anti-malware engine to detect and remove the most common or harmful viruses and worms and leverages MOM for client alert and event management. If your enterprise already has MOM, deploying Forefront Client Security will install a parallel MOM server for Forefront Client Security alone. Forefront Client Security stores all its data in a SQL Server 2005 database and uses SQL Server 2005 Reporting Services (SSRS) to generate reports. Forefront Client Security includes MOM, but you must download and install the other components individually. Note that I tested the public beta of Forefront Client Security, which might differ from the RTM version.

Prerequisite software. Before you install the server components, you need to make sure you've installed the prerequisite software:

  • Microsoft IIS, ASP.NET, and Microsoft FrontPage Server Extensions
  • SQL Server 2005 Enterprise Edition SP1
  • Group Policy Management Console SP1
  • Microsoft .NET Framework 2.0
  • Microsoft Management Console 3.0
  • WSUS 2.0 SP1

(For step-by-step instructions for installing these products and troubleshooting problems, see http://www.microsoft.com/technet/clientsecurity/default.mspx.) As part of the prerequisite work, you'll also set up a Windows Update GPO in your test environment to point test clients to the WSUS server.

Installing the server software. After you install the prerequisite software, download Forefront Client Security at the Microsoft Web site and run the installer. A wizard does a pretty good job stepping you through the configuration and setup, but you'll want to pay close attention to the dialog boxes and instructions, especially if you're installing the product components across multiple servers. The wizard will prompt you for information required for a basic MOM installation, such as the server name, MOM group name, and database and account information. Make a note of all this information, as you'll be asked for it again later. You'll also configure the reporting server and reporting database. For a single-server installation, the wizard guides you through the configuration of the various Microsoft technologies used to build Forefront Client Security.

   Previous  [1]  2  3  Next 


Reader Comments

You must log on before posting a comment.

If you don't have a username & password, please register now.




Learning Path To learn more about Microsoft Forefront Client Security
"Microsoft Security Comes to the Forefront"

"Forefront: Safety Belts for Windows"


Microsoft Resources
"Microsoft Forefront Client Security"

"Microsoft Forefront Client Security Technical Library"
Top Viewed ArticlesView all articles
The Memory-Optimization Hoax

Don't believe the hype. At best, RAM optimizers have no effect. At worst, they seriously degrade performance. ...

VMware and the Future of Virtualization

What's next for virtualization and business IT? Windows IT Pro senior editor Jeff James speaks with VMware President and CEO Diane Greene on the future of virtualization technology. ...

What service packs and fixes are available?

...
Related Articles Microsoft Forefront Security for Exchange Server
Security Whitepapers Anti-Virus Is Dead: The Advent of the Graylist Approach to Computer Protection

Getting the Job Done: Comparing Approaches for Desktop Software Lockdown

Instant Messaging, VoIP, P2P, and games in the workplace: How to take back control
Related Events Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.


ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Critical Challenges of ESI & Email Retention
Are you storing too much electronic information? Get expert legal advice and better understanding of what you are required to do as an IT professional.

Become a fan of Windows IT Pro on Facebook!
Join us on Facebook and be a fan of Windows IT Pro!

Sustainable Compliance: Are You Having a Resource Crisis?
Read this white paper to examine trends in compliance and security management and review approaches to reducing the cost and operational burden of compliance.

Rev Up Your IT Know-How with Our Recharged Magazine!
The improved Windows IT Pro provides trusted IT content with an enhanced new look and functionality! Get comprehensive coverage of industry topics, expert advice, and real-world solutions—PLUS access to over 10,000 articles online. Order today!

Get It All with Windows IT Pro VIP
Stock your IT toolbox with every solution ever printed in Windows IT Pro and SQL Server Magazine plus bonus Web-exclusive content on hot topics. Subscribe to receive the VIP CD and a subscription to your choice of Windows IT Pro or SQL Server Magazine!



Order Your Fundamentals CD Today!
Gain an introduction to Exchange, learn server security requirements, and understand how unified communications can play a role in your messaging strategies with this free Exchange CD.
Windows IT Pro Home Register About Us Affiliates / Licensing Media Kit Contact Us/Customer Service  
SQL Connected Home IT Library SuperSite FAQ Wininfo News
Europe Edition Office & SharePoint Pro Windows Dev Pro Windows Excavator 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing