AppLocker and App-V

Interesting article on brianmadden.com regarding using applocker as a licence enforcement mechanism.

http://www.brianmadden.com/blogs/timmangan/archive/2009/10/29/AppV-and-AppLocker.aspx

App-v and other technologies like it create breakage. The question is how much breakage and how easy it is to fix. The answers to those questions determines whether it is a dev tool for developers, something that consulting houses can do or an IT admin can do.

What has this got to do with security you ask? Well the answer to that question determines how much lockdown you can do with applocker.

If there is a lot of downstream cusatomization, it becomesd hard to use app-locker. The challenge in whitelisting is not the enforcement mechanism, but the configuration of the white-list: its coverage and maintenance.

Over the years the wrapping of apps by app-v has improved. There is betterr handling of things like winzip (which broke because it registered a shell extension) or apps which required a service. But still in general apps which have multiple processes communicating with each other and/or a service are very challenging.

Citrix has had this problem for a long time also. So if you are a developer of the app you can fix this, but to do it in the field and for complex applications not only is tough but also complex. Then to make a whitelist for it is challenging.

Another difference between whitelisting for security versus licencing is that for security the whiterlisting need to be complete. Imagine you missed some drivers from the whitelist, your machine won’t even boot.

But for licensing you are using the WL as an access control mechanism, very different. For example you can say that WL is applicable only to app-v apps, that’s not security but licensing.

We should keep the two separate.

VMW vs MSFT

 

Over the years people have learnt that there are some battles you can’t fight and win against Microsoft. You may look at the list below and say, “huh” that might have been true of others, but Vmware is different. I won’t argue with you, some companies like Apple have beaten Microsoft on these points, but the odds are low and it’s a difficult play to pull off.

 

• Features: you can’t win by having more features
• Slick UI: Microsoft will design the best UIs ultimately (Apple being the only exception to this rule)
• Desktop Oriented Software: MS had demonstrated uncanny ability to assimilate any features that came out on the desktop
• Speed: Lotus 123 vs Microsoft Excel, they eventually got it right and beat the speed
• Integrated Developer Systems: MS has a lock on this, they will integrate virtualization into visual studio, debuggers etc, making there solution the best
• Price: you can’t undercut Microsoft on price and sustain the business model

 

So if you are Vmware what do you do?  Vmware is in  hyper growth mode and in such a phase people are so busy trying to deal with the day to day operations that most thinking becomes incremental, not because the people are not smart, they are incredibly smart: but there is no time to stop and ponder. Incremental thinking usually results in product roadmaps and directions which will fall in one of the six buckets above.

 

If you are VMW how can you beat MSFT: hypervisor, Virtual Infrastructure or Management & Automation or something else? MSFT, Xen (Citrix) and others pose a thread to the “hypervisor”. NTAP, EMC and other storage/networking vendors pose a threat to the Virtual Infrastructure Layer. Management & Automation is already a crowded market. So how does VMW find a blue ocean to expand into?