Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO
There has actually generally been an absence of visibility on Windows clients of the applications that are running and the resources that are being utilized. There are good tools out there to monitor the server infrastructure and the network, however the client has constantly been the weakest aspect. This is why vendors such as Ziften have actually originated a new class of solutions that are targeted at the management of security and the performance of clients in the enterprise, and this is known as enterprise client management. Speaking from a technical standpoint, in order to collect the substantial quantity of info that is readily available within Windows that is needed to supply visibility of the client, there were 2 alternative methods that required consideration. We could have created custom driver code or made use of the standard API’s in Windows.
The development of driver code is considered as a last option since there are some well known problems:
An in depth understanding of the Windows kernel data structures and coding conventions is needed for driver development
Driver incompatibilities can exist even with the tiniest of system modifications, for example with the regular monthly patch updates from Microsoft
A devastating system crash can occur if there is a driver code issue
3rd party driver code causes most of the instabilities in Windows
Any service that utilizes low level drivers in their agents don’t use standard Windows interfaces and they will “take control” from Windows. This can produce havoc with the os of the desktops that are under management. If a driver malfunctions then it can crash the system and there is likewise an increased security threat as these drivers run at kernel level. “Anything a user can do that triggers a driver to malfunction in such a way that it triggers the system to crash or become unusable is a security defect. When most coders are working on their driver, their focus is on getting the driver to work correctly and not whether a harmful hacker will try to make use of holes within the system” said Microsoft about driver security.
So Ziften took the approach of developing our service around standard Windows user interfaces, which has the following benefits:
Greater resilience to Windows updates and modifications that are most likely to need driver changes
Driver conflict vulnerability that can lead to system crashes eliminated (Blue Screen of Death).
The possibility of coding issues that impacts system performance through the kernel user interface is decreased.