Affordable IT • Introduction • Desktop Management • Desktop Security • Patch Management • Storage • Whiteboxes & Used Gear • E-Mail

And consider industrial sabotage--intruders and disgruntled employees can take advantage of poor internal protection. The least obvious but most common security breach over the desktop is the innocent user downloading dangerous code.

You'd be negligent if you didn't protect your systems with proper host-based security. That's what makes a comprehensive desktop-centric security suite essential, even for the most cost-conscious companies.

Luckily, you don't need to spend wads of cash for decent desktop security. Plenty of tools are available for free or low cost. Spending a little on security software can save you untold dollars in the long run.

Our comprehensive desktop-security plan is four-pronged, consisting of software firewalls, encrypted channels, antivirus tools and user education. In fact, before you buy a single security item, you must have a user-education program and a system to enforce and maintain it.

The Always-On Alternative

Applications or drivers that run on the end user's PC--software firewalls--usually act as a kernel shim. The software intercepts the data being passed between the kernel and network card drivers, inspecting all network traffic passed through it.

There are two major types of software firewalls: port blockers and application blockers. Port blockers, which include the built-in Windows 2000/XP firewall and the IPtables on Linux, work just like gateway or Internet firewalls and can block communications only to or from specific TCP/UDP ports.

Regrettably, port blockers are useless on the desktop. For one thing, you'd have to open a wide range of ports for a user to take advantage of his or her most common applications. What's more, these firewalls can't distinguish between Internet Explorer and a hostile program sending traffic over Port 80.

Features Click to Enlarge

Windows XP SP2 includes bug fixes, safeguards against hostile Web downloads and improved default settings. These may make your XP desktops safer, but they're not enough to keep users from making poor security decisions. And SP2 will do nothing to enhance security for Windows 2000. A low-end PC with Linux and IPtables loaded on it makes an excellent free gateway firewall for perimeter security. But for the desktop, we strongly recommend using an application-blocking firewall, such as ZoneAlarm or Sygate Personal Firewall Pro. For less than $50 a seat, these products offer excellent value.

Unfortunately, these firewalls ask on-screen if a particular application may have permission to access the Internet. Uneducated users tend to click "OK," leaving your system vulnerable to hostile code. On the upside, application blockers can detect some Trojan horse applications, protect themselves from being terminated by rogue programs, perform limited intrusion detection and shun the IP address of an attacker while performing privacy data scrubbing.