I endured a severe culture shock this week. And that was without meeting new people from countries afar, or travelling to distant lands. And it didn’t involve a trip to some foreign eatery (such as our local Indian restaurant or Greek fish ‘n’ chip shop) either. No, all I did was respond to a change in the company security policy by replacing the existing well-known virus protection software with the new Forefront Client Security application. All I need to do now is work out how to configure it.
You see, I’m used to virus scanners (and most other software) that provides oodles of configuration options. I mean, the one we just abandoned has about ten pages of check boxes, option buttons, lists, and text boxes where you can play happily for hours messing up the configuration, then click the Reset button to put it all back to where you started. Ah, the many happy hours spent trying to decide whether to scan zip file contents on disk, or just when the files inside them are opened (and the additional hours spent trying to remember where I found that option the last time).
But, all of a sudden, I’ve got almost no configuration options. Forefront Client is one of those applications where they could have fitted all of the UI into a window about one inch square. It only has one page plus a link to open the Help file. And I thought Windows Defender was extravagant with screen estate. OK, so there is a link you can open to look at all the nasty malware that it captured, and one that has a few options to specify the type of scan to perform and the frequency. They even included some options to specify files, locations, and processes you don’t want to scan. But you can’t help thinking that it all looks a bit sparse, like they have only built half of it so far. I mean, when you flip open one of the tab-bar things, all you get is one line of text telling you that the feature is turned on or off, or is up to date, and no buttons to do anything about it.
And then, after you install it and run it for a while, you discover that it added a new Event Log named Operations Manager with a size of about 15 MB, and is proceeding to fill it up with error messages that it can’t find a management server to connect to (although that may be because I installed our “corporate” version). Obviously the name of the log gives the game away – it’s meant to be administered remotely from some Windows System Server management console. Probably that’s why the interface is so sparse and lacking in stuff to play with. No problem, I thought, I’ll just install the Forefront Server Security Management Console (FSSMC) so there’s something for my local machines that aren’t joined to the corporate big iron to talk to.
Maybe you’ll remember (if you have a habit of wasting your time reading my weekly disconnected ramblings) that I recently went through the Hyper Ventilation experience and upgraded all my server infrastructure to Windows Server 2008 and Hyper-V hosted machine instances. But the FSSMC will only install (at least in the current incarnation) on Windows 2003 32-bit systems. OK, so I’ve got such a box running ISA 2006, but I’m not convinced that’s a prime location for an admin tool that manages internal network security. Especially as you have to allow DCOM through all your internal firewalls. I did find a link to a page named “Forefront Server Security Products Next Generation”, and – since I’m working on Enterprise Library at the moment – it seemed for a while that 2009 might be my Star Trek year. But no such luck, the next generation products don’t yet include a Windows 2008-compatible 64-bit version.
Mind you, there is the Client Security Enterprise Manager, but the reams of installation instructions frightened me off that – at least for the time being. It’s probably overkill for managing six machines anyway. And it looks like it all hooks into System Center Operations Manager in a big way, so I reckon that’s a “wait and see” job. I’d love to have all that working, but I can’t face the effort at the moment. Maybe after I’ve managed to get a life, and there is some spare left over.
Meanwhile, at least it seems to be doing stuff. The Event Log says is did a scan when it should, and that it is happily downloading and installing the new definitions every day from my WSUS server. Interestingly, on Vista, I still have Windows Defender running as well. I removed if from the XP boxes, but as its part of the O/S in Vista I didn’t know whether to remove it (or how to) and the helpful support guy I spoke to said I should just leave it running alongside. I suppose, when I do pick up some malware infection, they’ll have a fight over who gets to quarantine it.
And what’s the best part of all? The Forefront Client UI is plastered all over with the word “Antimalware” which, when you glance at it, always seems to read “Animalware”. Every time I decide to check my security status, I end up with visions of horse blankets, fur coats for dogs, and those photos you see on the Web where people dress up their family moggy in some ridiculous outfit.