Windows IT Pro is the leading independent community for IT professionals deploying Microsoft Windows server and client applications and technologies.
  
  
  Advanced Search 


May 2007

Forefront Client Security

Microsoft goes all out with this technology-heavy product
From the May 2007 Edition
of Windows IT Pro
Jeff Fellinge
Feature
InstantDoc #95504
Windows IT Pro
Email this Article
Printer Friendly
Reader Comments
Digg This
Del.icio.us
RSS
Subscribe to Windows IT Pro | See More Products / Software Articles Here | Reprints | Or get the Monthly Online Pass—only $5.95 a month!

It wasn't until Microsoft's purchase of Giant Software and its Giant AntiSpyware product, and the subsequent release of Windows Defender, Microsoft's spyware scanning and removal tool, that the software giant really got serious about anti-malware. Now Windows Defender is built into Windows Vista and available as a free download for Windows XP. However, Windows Defender lacks centralized administration and alerting, which means it's not a serious anti-malware solution for most businesses. To fill this gap, Microsoft has released Microsoft Forefront Client Security, a client/server application targeted at businesses and designed to identify and block viruses, worms, spyware, rootkits, and other malicious software at the host level for servers and workstations.

Centralized Management Using Enterprise Tools
Although Forefront Client Security is new, the technologies behind it are not. Its pedigree includes the Windows Malicious Software Removal Tool, Windows Server Update Services (WSUS), Microsoft Operations Manager (MOM), Group Policy Objects (GPOs), and Microsoft SQL Server 2005, as well as work done by the Microsoft Product Support Services Security Response team, which is behind the malware definitions used by Windows Defender and Windows Live OneCare.

Forefront Client Security incorporates Windows Defender's real-time protection agents to watch for suspicious activities, such as whether new programs are configured to autostart, and to monitor changes to the Microsoft Internet Explorer configuration. You can also configure Forefront Client Security to participate in the Microsoft SpyNet program, which leverages a community of members to quickly spread the word about new threats.

The success of any antivirus or antispyware application depends on robust, up-to-date, and effective definition files. Forefront Client Security agents use an updated WSUS configuration that checks Microsoft Update hourly for new definitions. Many of the technologies used by Forefront Client Security are also used by Windows Live OneCare, which has been certified by ICSA Labs for antivirus and personal firewall use. Microsoft is seeking similar certification for Forefront Client Security. (For an insider's view of Forefront Client Security, download Karen Forster's interview of Microsoft Senior Product Manager Josue Fontanez at http://www.windowsitpro.com/podcast/Index.cfm?fuseaction=ShowRegistration&PCID=ccee52e8-6fcb-4c1c-aaf6a80563ea25aa.)

Most of the technologies behind Forefront Client Security are proven enterprise solutions, and if you already have Microsoft server product expertise in-house, your IT staff will find Forefront Client Security familiar. However, if you're new to these enterprise technologies, you might find installation, deployment, configuration, and administration daunting on both the server and clients.

Architecture and Installation
Forefront Client Security follows the client/ server application model common to most antivirus and antispyware products. Every managed client needs the Forefront Client Security agent installed. The Forefront Client Security agent isn't the same as the Windows Defender agent included in Vista—you'll actually need to disable the Vista Windows Defender antispyware agent before installing the Forefront Client Security client. The Forefront Client Security agent communicates with the product's server components, which play four roles: management server, collection server, reporting server, and distribution server. Depending on your hardware and the size of your company, you might be able to run all four roles on one system, or you can spread them across computers to scale the deployment. The server components run on Windows Server 2003 Release 2 (R2) or Windows 2003 Service Pack 1 (SP1) with all security updates installed.

The installation of Forefront Client Security might seem massive and complex, especially when compared with other antivirus and antispyware programs. Besides requiring WSUS to deploy antivirus and antispyware definitions as well as new security updates, Forefront Client Security uses the Microsoft anti-malware engine to detect and remove the most common or harmful viruses and worms and leverages MOM for client alert and event management. If your enterprise already has MOM, deploying Forefront Client Security will install a parallel MOM server for Forefront Client Security alone. Forefront Client Security stores all its data in a SQL Server 2005 database and uses SQL Server 2005 Reporting Services (SSRS) to generate reports. Forefront Client Security includes MOM, but you must download and install the other components individually. Note that I tested the public beta of Forefront Client Security, which might differ from the RTM version.

Prerequisite software. Before you install the server components, you need to make sure you've installed the prerequisite software:

  • Microsoft IIS, ASP.NET, and Microsoft FrontPage Server Extensions
  • SQL Server 2005 Enterprise Edition SP1
  • Group Policy Management Console SP1
  • Microsoft .NET Framework 2.0
  • Microsoft Management Console 3.0
  • WSUS 2.0 SP1

(For step-by-step instructions for installing these products and troubleshooting problems, see http://www.microsoft.com/technet/clientsecurity/default.mspx.) As part of the prerequisite work, you'll also set up a Windows Update GPO in your test environment to point test clients to the WSUS server.

Installing the server software. After you install the prerequisite software, download Forefront Client Security at the Microsoft Web site and run the installer. A wizard does a pretty good job stepping you through the configuration and setup, but you'll want to pay close attention to the dialog boxes and instructions, especially if you're installing the product components across multiple servers. The wizard will prompt you for information required for a basic MOM installation, such as the server name, MOM group name, and database and account information. Make a note of all this information, as you'll be asked for it again later. You'll also configure the reporting server and reporting database. For a single-server installation, the wizard guides you through the configuration of the various Microsoft technologies used to build Forefront Client Security.

   Previous  [1]  2  3  Next 


Learning Path To learn more about Microsoft Forefront Client Security
"Microsoft Security Comes to the Forefront"

"Forefront: Safety Belts for Windows"


Microsoft Resources
"Microsoft Forefront Client Security"

"Microsoft Forefront Client Security Technical Library"
Top Viewed ArticlesView all articles
What You Need to Know About Microsoft's x64 Server Product Plans

What do Longhorn Server, Windows Compute Cluster Server, and Windows Vista have in common? The x64 platform. ...

Anti-Virus Vendors Prepare for War with Microsoft ... Again

When Microsoft announced its Windows Live OneCare security and PC health product over five years (as MSN OneCare), Symantec, McAfee, and the other consumer-oriented security vendors reacted with stunning vigor. ...

Command Prompt Tricks

One reader shares his tip for setting up the command prompt to reflect a remote path. ...
Related Articles Microsoft Forefront Security for Exchange Server
Security Whitepapers Sustainable Compliance: How to reconnect compliance, security and business goals

The Impact of Messaging and Web Threats

Why SaaS is the Right Solution for Log Management
Related Events WinConnections and Microsoft® Exchange Connections

Security Summit

Top 10 Email Security Challenges and Solutions

Check out our list of Free Email Newsletters!
Security eBooks Spam Fighting and Email Security for the 21st Century

Understanding and Leveraging Code Signing Technologies

A Guide to Windows Certification and Public Keys
Related Security Resources Introducing Left-Brain.com, the online IT bookstore
Looking for books, CDs, toolkits, eBooks? Prime your mind at Left-Brain.com

Discover Windows IT Pro eLearning Series!
Clear & detailed technical information and helpful how-to's, all in our trademark no-nonsense format

Test Drive IT Solutions and Get Free Music Downloads
Solve your toughest IT problems with these free downloads and receive 5 free music downloads!


ADS BY GOOGLE

Job Openings in IT SPONSORED LINKS FEATURED LINKS
Get Microsoft Microsoft Certified With Train Signal Computer Training
Train Signal’s computer training software videos will teach you the skills you need to get certified and gain experience in areas like Windows Server 2008, Exchange Server, SharePoint Server, and more.
Get Mark Minasi’s Windows Server 2008 Audio CDs
"Windows expert, consultant and best-selling author Mark Minasi shows you if 2008 is right for you and, if so, how to get the most out of it!

Desktop Management is a Never-Ending Job for Administrators
Get a complete desktop management solution to centralize the management of thousands of desktops that will help you keep up with increased demand with limited manpower.

Integrate Fax Servers into Your Unified Communications Plan
In this fundamentals eBook you will learn how you can implement a solution that is easy to support, secure, and integrate.

Take Control of Your Email
Optimize your email storage – Download this white paper to learn key how-to’s in email storage management.

Get Windows IT Pro To Go!
The Windows IT Pro Magazine Master CD is a powerful combination of content and convenience.   Order now, and save up to 25%--plus you’ll get online access to new articles each and every month!  Subscribe today!
Windows IT Pro Home Register FAQ for Windows WinInfo News
Europe Edition About Us Contact Us/Customer Service Media Kit Affiliates / Licensing  
SQL Server Magazine Office & SharePoint Pro DevProConnections IT Job Hound ITTV
IT Library Technology Resource Directory Connected Home asp.netPRO Windows SuperSite 
 
 Windows IT Pro is a Division of Penton Media Inc.
 © 2009 Penton Media, Inc. Terms of Use | Privacy Statement | Reprints and Licensing