Windows IT Pro is the authoritative and independent resource for windows nt, windows 2000, windows 2003, windows xp. Features a collection of resources and magazines for windows IT professionals.
  
  
  Advanced Search 


May 2007

Forefront Client Security

Microsoft goes all out with this technology-heavy product
From the May 2007 Edition
of Windows IT Pro
Jeff Fellinge
Feature
InstantDoc #95504
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Products / Software Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

It wasn't until Microsoft's purchase of Giant Software and its Giant AntiSpyware product, and the subsequent release of Windows Defender, Microsoft's spyware scanning and removal tool, that the software giant really got serious about anti-malware. Now Windows Defender is built into Windows Vista and available as a free download for Windows XP. However, Windows Defender lacks centralized administration and alerting, which means it's not a serious anti-malware solution for most businesses. To fill this gap, Microsoft has released Microsoft Forefront Client Security, a client/server application targeted at businesses and designed to identify and block viruses, worms, spyware, rootkits, and other malicious software at the host level for servers and workstations.

Centralized Management Using Enterprise Tools
Although Forefront Client Security is new, the technologies behind it are not. Its pedigree includes the Windows Malicious Software Removal Tool, Windows Server Update Services (WSUS), Microsoft Operations Manager (MOM), Group Policy Objects (GPOs), and Microsoft SQL Server 2005, as well as work done by the Microsoft Product Support Services Security Response team, which is behind the malware definitions used by Windows Defender and Windows Live OneCare.

Forefront Client Security incorporates Windows Defender's real-time protection agents to watch for suspicious activities, such as whether new programs are configured to autostart, and to monitor changes to the Microsoft Internet Explorer configuration. You can also configure Forefront Client Security to participate in the Microsoft SpyNet program, which leverages a community of members to quickly spread the word about new threats.

The success of any antivirus or antispyware application depends on robust, up-to-date, and effective definition files. Forefront Client Security agents use an updated WSUS configuration that checks Microsoft Update hourly for new definitions. Many of the technologies used by Forefront Client Security are also used by Windows Live OneCare, which has been certified by ICSA Labs for antivirus and personal firewall use. Microsoft is seeking similar certification for Forefront Client Security. (For an insider's view of Forefront Client Security, download Karen Forster's interview of Microsoft Senior Product Manager Josue Fontanez at http://www.windowsitpro.com/podcast/Index.cfm?fuseaction=ShowRegistration&PCID=ccee52e8-6fcb-4c1c-aaf6a80563ea25aa.)

Most of the technologies behind Forefront Client Security are proven enterprise solutions, and if you already have Microsoft server product expertise in-house, your IT staff will find Forefront Client Security familiar. However, if you're new to these enterprise technologies, you might find installation, deployment, configuration, and administration daunting on both the server and clients.

Architecture and Installation
Forefront Client Security follows the client/ server application model common to most antivirus and antispyware products. Every managed client needs the Forefront Client Security agent installed. The Forefront Client Security agent isn't the same as the Windows Defender agent included in Vista—you'll actually need to disable the Vista Windows Defender antispyware agent before installing the Forefront Client Security client. The Forefront Client Security agent communicates with the product's server components, which play four roles: management server, collection server, reporting server, and distribution server. Depending on your hardware and the size of your company, you might be able to run all four roles on one system, or you can spread them across computers to scale the deployment. The server components run on Windows Server 2003 Release 2 (R2) or Windows 2003 Service Pack 1 (SP1) with all security updates installed.

The installation of Forefront Client Security might seem massive and complex, especially when compared with other antivirus and antispyware programs. Besides requiring WSUS to deploy antivirus and antispyware definitions as well as new security updates, Forefront Client Security uses the Microsoft anti-malware engine to detect and remove the most common or harmful viruses and worms and leverages MOM for client alert and event management. If your enterprise already has MOM, deploying Forefront Client Security will install a parallel MOM server for Forefront Client Security alone. Forefront Client Security stores all its data in a SQL Server 2005 database and uses SQL Server 2005 Reporting Services (SSRS) to generate reports. Forefront Client Security includes MOM, but you must download and install the other components individually. Note that I tested the public beta of Forefront Client Security, which might differ from the RTM version.

Prerequisite software. Before you install the server components, you need to make sure you've installed the prerequisite software:

  • Microsoft IIS, ASP.NET, and Microsoft FrontPage Server Extensions
  • SQL Server 2005 Enterprise Edition SP1
  • Group Policy Management Console SP1
  • Microsoft .NET Framework 2.0
  • Microsoft Management Console 3.0
  • WSUS 2.0 SP1

(For step-by-step instructions for installing these products and troubleshooting problems, see http://www.microsoft.com/technet/clientsecurity/default.mspx.) As part of the prerequisite work, you'll also set up a Windows Update GPO in your test environment to point test clients to the WSUS server.

Installing the server software. After you install the prerequisite software, download Forefront Client Security at the Microsoft Web site and run the installer. A wizard does a pretty good job stepping you through the configuration and setup, but you'll want to pay close attention to the dialog boxes and instructions, especially if you're installing the product components across multiple servers. The wizard will prompt you for information required for a basic MOM installation, such as the server name, MOM group name, and database and account information. Make a note of all this information, as you'll be asked for it again later. You'll also configure the reporting server and reporting database. For a single-server installation, the wizard guides you through the configuration of the various Microsoft technologies used to build Forefront Client Security.

   Previous  [1]  2  3  Next 


Reader Comments

You must log on before posting a comment.

If you don't have a username & password, please register now.




Learning Path To learn more about Microsoft Forefront Client Security
"Microsoft Security Comes to the Forefront"

"Forefront: Safety Belts for Windows"


Microsoft Resources
"Microsoft Forefront Client Security"

"Microsoft Forefront Client Security Technical Library"
Top Viewed ArticlesView all articles
Friday at PASS Europe 2006

Kevin talks about the closing day of the event and shares a funny Microsoft film. ...

More fun TechEd 2005 Resources

Kevin points out some more TechEd resources ...

What service packs and fixes are available?

...
Related Articles Microsoft Forefront Security for Exchange Server
Security Whitepapers Protecting (You and) Your Data with Exchange Server 2007

Extended Validation SSL Certificates

Unauthorized applications: Taking back control
Related Events Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Become a VIP member of the Windows IT Pro community!
Get it all with the VIP CD and VIP access. A $500+ value for only $279!

Subscribe to Windows IT Pro!
Solve your toughest technical problems with our experts and access 10,000 + articles online. 30% off

Monthly Online Pass - Only $5.95!
Get instant access to 10,000+ articles from Windows IT Pro Magazine!

TechNet Virtual Labs
Evaluate and test Microsoft's newest products.

Job Openings in IT

ADS BY GOOGLE SPONSORED LINKS FEATURED LINKS

Microsoft Exchange & Windows Connections event returns to Las Vegas Nov 10 - 13
Connections returns to Las Vegas for this exciting event where each attendee will receive SQL Server 2008 standard with 1 CAL. Co-located with Microsoft ASP.NET, SQL Server, and SharePoint Connections with over 250 in-depth sessions.

Free Online Event! Virtualization:Get the Facts!
Register now and attend this free, live in-depth online conference on November 13 and 20, 2008, produced by Windows IT Pro. All registrants are eligible to receive a complimentary one-year digital subscription to Windows IT Pro (a $49.95 value)!

Check Out Hyper-V Video on ITTV
Watch Karen Forster's interview on Hyper-V's performance on ITTV.net.

Ease Your Scripting Pains with the Flexibility of PowerShell!
Join MVP Paul Robichaux on December 11, 2008 at 11:00 AM EDT as he equips you with PowerShell basics in 3 introductory lessons, each followed by a live Q&A session—all on your own computer!

PASS Community Summit 2008 in Seattle on Nov 18-21
The don’t-miss event for Microsoft SQL Server Professionals. Register now and you’ll enjoy top-notch Microsoft and Community speakers and more.



Speed Up Your PC!
Try Diskeeper 2008 with InvisiTasking Free Now!

Get Protected -- Data Protection Manager 2007
Protect your virtualized environment with Data Protection Manager

Agent-less Remote Backup Service, Free 30 Day Trial
Award winning remote backup service at a competitive price with no min GB/month. Sign up Now!

ScriptLogic Cartoon Caption Contest
Submit your caption and you will be entered to win $198.42

List Your Products in Our Technology Resource Directory
Don't miss the chance to post your free listing in this comprehensive directory for IT and developer professionals, powered by Windows IT Pro. But hurry! Deadline ends Oct. 9.
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro Windows Dev Pro IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home Windows Excavator Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 Copyright © 2008 Penton Media, Inc., All rights reserved. Terms and Use | Privacy Statement | Reprints and Licensing