- By Patrick Marshall
- Aug 06, 2001
Seat belts save lives, yet a lot of people still refuse to wear them. Airbags may not be as effective, but they have the virtue of not requiring drivers to do anything to make them work.
That is apparently the philosophy behind WatchGuard Technologies Inc.'s AppLock/Web. The security program for Microsoft Corp. Windows NT and 2000 Web servers is about as automatic as you can get. Just click on the Lock button in the System Tray, and AppLock/Web will lock down your operating system, Internet information server and your Web sites.
When you lock down, AppLock/Web will automatically check for any new content on the Web site and extend its protection to those pages and new sites.
Forgoing the strategy of intrusion-detection programs, which search for signs of hackers after they may have done their mischief, AppLock/Web claims to lock out intruders before they can do any harm. Even if hackers access your administrator account, for example, they will be unable to access and change system files, Web scripts or pages. Nothing can be changed without first unlocking AppLock/Web.
It's also worth noting that AppLock/Web has stricter requirements on passwords than Windows 2000 and NT. An AppLock/Web password, for example, must be a minimum of seven characters and it must include at least one uppercase character, one lowercase character, one number and one punctuation mark or special character. And you can't reset the password without booting Windows in safe mode, which means physically accessing the server.
WatchGuard claims, and we have confirmed, that AppLock/ Web makes minimal demands on resources. The program takes up only 6M of disk space, and we detected no significant effect on system performance. But AppLock/Web's ease of use has a downside: inflexibility. You cannot, for example, grant editing privileges to remote administrators. Instead, AppLock/Web must be shut off at the server before anyone can make any changes on the Web sites or in AppLock/Web's configuration. So in order to make any changes in your operating system or Web sites you have to bring down the whole security wall, if only for a short time.
And if you want to change the files protected by AppLock/Web, you're limited to switching on or off the 200- plus file extensions recognized by the program.
In short, if you often need to access and change your Web sites or your server configuration, you'll probably want to find a more flexible solution that doesn't require you to entirely suspend security. Otherwise, AppLock/Web is an effective and easy-to-implement solution.