May 10, 2006, 2:27 PM — Listen to the column "Security Note 2: Execution Exclusion", or last week's Security Note 1: Laptop Cops. Visit our podcast center to hear more by James Gaskin.
While I certainly enjoy the "personal" part of my personal computer, too many companies fight a constant battle against personal spyware, personal viruses, and personal spam zombies. Movies with zombies are fun, but PCs as zombies aren't.
User desires to choose their own NASCAR screensavers notwithstanding, corporate PCs are not personal property. Many companies continue to tighten the screws on which applications are allowed on PCs, struggling to lock out user changes that leave security gaps. And, of course, blocking Solitaire, the productivity blackhole rivaling the Web for employee hours wasted.
Enter Faronics.com and their Anti-Executable products. The name says it all: you can specify in a whitelist the applications that can run on a particular PC. If Solitaire.exe isn't in the whitelist, the virtual cards remain unshuffled.
Spyware that sneaks into a PC will be blocked, because the executable file isn't authorized. Spam zombies are stopped. Even rootkits from criminally negligent corporations like Sony will be blocked. The rootkit files may be able to hide from the operating system, but any executable program must be in the whitelist to run.
Faronics claims to control over 80 different executable file types, ranging from EXE and COM to SCR and DLL and VXD and 75 more. Suspect drivers from USB devices brought in by users? Blocked. During installation, Anti-Executable creates a database of applications on the PC and blocks out any new ones added afterwards.
Maintenance, anti-virus software updates, and the like can be scheduled and controlled with the enterprise edition. This edition includes consoles with multiple password levels for multiple administration functions. You can manage remote PCs over your local and wide area networks. The standard edition works for installations small enough you can go from PC to PC, but that gets old quickly.
Anti-Executable developed from Faronics' earlier program, DeepFreeze, that resets PCs (and now Macs) to a pre-set configuration upon rebooting. DeepFreeze came out in 1999, and Anti-Executable became the official name for the whitelist product in early 2005.
As you might expect, Faronics plays well in the education market. While Anti-Executable won't stop students from downloading new and inappropriate browser plugins, it will stop those plugins from running.
Pricing starts at $30 and drops way down with volume. Check out their trial version, and frustrate your least-favorite Solitaire player as a test.
