- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
Microsoft is working with anti-virus vendors to ensure that in the future its software will be able to verify a user's desktop is secure and updated anti-virus signatures are in place before granting access to corporate resources.
With its forthcoming security-policy compliance strategy, that's expected to be announced in the next few weeks, Microsoft is looking to make sure its patches are in place before a user is allowed onto a network. This will be accomplished by allowing for a period of "isolation" while security updates are downloaded to the user, sources say.
The capability to restrict network access based on a security check of a computer, whether an internal employee or trading partner, is increasingly viewed as desirable, particularly when unpatched Microsoft software-based machines introduce crippling worms such as the recent Sasser into corporate networks.
Microsoft's plan appears similar to Cisco's Network Admission Control initiative announced last November with the three leading anti-virus vendors: Network Associates, Symantec and Trend Micro. In that plan the anti-virus companies work with Cisco to ensure that Cisco's trust agent desktop software, which will share policy-compliance data it collects with Cisco routers and management equipment, also can share information with anti-virus software and management consoles.
Cisco wants the three anti-virus vendors to integrate the trust agent into desktop anti-virus and management software. The trust agent software is now in beta and is expected to be released next month.
Microsoft has "the same thing from a quantitative point of view" for security policy compliance, says John Maddison, director of product management at Trend Micro, which is working closely with Microsoft. Microsoft and Cisco have the same goal: Keep computer users from the network until anti-virus updates or patches are added, and make it easy for them to do that.
Instead of focusing on routers and switches, as Cisco has, Microsoft's approach to policy compliance will depend on making desktop and server software, Active Directory and DNS servers accomplish the task in coordination with anti-virus software, Maddison says. Other anti-virus software vendors are involved in the effort, but Microsoft said it was "too early" to talk about vendor participation and declined to provide details.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment