Written By Dr Al Hartmann And Presented By Chuck Leaver Ziften CEO
There has generally been a lack of visibility on Windows clients of the applications that are running and the resources that are being utilized. There efficient tools out there to monitor the server infrastructure and the network, but the client has actually constantly been the weakest element. This is why vendors such as Ziften have actually pioneered a new class of solutions that are focused on the management of security and the efficiency of clients in the enterprise, and this is referred to as enterprise client management. Speaking from a technical viewpoint, in order to gather the substantial amount of information that is offered within Windows that is needed to provide visibility of the client, there were 2 alternative methods that needed consideration. We could have developed customized driver code or used the standard API’s in Windows.
The development of driver code is thought as a last option since there are some well understood problems:
An in depth understanding of the Windows kernel data structures and coding conventions is required for driver development
Driver incompatibilities can exist even with the smallest of system modifications, for instance with the monthly patch updates from Microsoft
A devastating system crash can occur if there is a driver code error
Third party driver code triggers most of the instabilities in Windows
Any service that uses low level drivers in their agents don’t utilize standard Windows user interfaces and they will “take control” from Windows. This can produce havoc with the operating systems of the desktops that are under management. If a driver stops working then it can crash the system and there is also a heightened security threat as these drivers run at kernel level. “Anything a user can do that triggers a driver to breakdown in such a way that it causes the system to crash or end up being unusable is a security flaw. When most coders are working on their driver, their focus is on getting the driver to work correctly and not whether a destructive intruder will try to make use of holes within the system” stated Microsoft about driver security.
So Ziften took the approach of building our service around basic Windows user interfaces, which has the following benefits:
Higher resilience to Windows updates and changes that are most likely to require driver modifications
Driver conflict vulnerability that can result in system crashes eliminated (Blue Screen of Death).
The likelihood of coding issues that affects system performance through the kernel user interface is reduced.