Written By Dr Al Hartmann And Presented By Charles Leaver Ziften CEO
There has typically been a lack of visibility on Windows clients of the applications that are running and the resources that are being utilized. There efficient tools in existence to monitor the server infrastructure and the network, however the client has actually constantly been the weakest element. This is why suppliers such as Ziften have originated a new class of solutions that are focused on the management of security and the performance of clients in the enterprise, and this is called enterprise client management. Speaking from a technical standpoint, in order to collect the substantial quantity of information that is readily available within Windows that is required to offer visibility of the client, there were 2 alternative approaches that needed consideration. We could have created custom driver code or utilized the basic API’s in Windows.
The development of driver code is thought as a last resort since there are some well understood concerns:
An in depth understanding of the Windows kernel data structures and coding conventions is required for driver development
Driver incompatibilities can exist even with the smallest of system changes, for instance with the regular monthly patch updates from Microsoft
A devastating system crash can happen if there is a driver code error
Third party driver code causes the majority of the instabilities in Windows
Any service that utilizes low level drivers in their agents don’t utilize basic Windows interfaces and they will “take control” from Windows. This can produce mayhem with the os of the desktops that are under management. If a driver stops working then it can crash the system and there is also a heightened security danger as these drivers perform at kernel level. “Anything a user can do that causes a driver to malfunction in such a way that it causes the system to crash or become unusable is a security defect. When most coders are working on their driver, their focus is on getting the driver to work properly and not whether a destructive intruder will attempt to make use of holes within the system” said Microsoft about driver security.
So Ziften took the approach of developing our solution around basic Windows user interfaces, which has the following advantages:
Greater resilience to Windows updates and modifications that are most likely to need driver changes
Driver conflict vulnerability that can result in system crashes eliminated (Blue Screen of Death).
The probability of coding issues that impacts system efficiency through the kernel interface is minimized.