AppLock inflexible, but secure
- By Patrick Marshall
- Aug 01, 2001
Seat belts save lives, yet a lot of people still refuse to wear them. Airbags may not be as effective, but they have the virtue that drivers don't have to do anything to make them work.
That is apparently the philosophy behind WatchGuard Technologies Inc.'s AppLock/Web. The security program for Microsoft Corp. Windows NT and Windows 2000 Web sites is about as automatic as you can get. Just click on the Lock button in the System Tray, and AppLock/Web will lock down your operating system, Internet information server and your Web sites.
When you lock down, AppLock/Web will automatically check for any new content on the Web site and extend its protection to those pages and/or new sites.
Forgoing the strategy of intrusion-detection programs, which search for signs of hackers after they may have done this mischief, AppLock/Web claims to lock intruders out before they can do any harm. Even if hackers gain access to your administrator account, for example, they will be unable to access and change system files, Web scripts or pages. Nothing can be changed without first unlocking AppLock/Web.
It's also worth noting that AppLock/Web has stricter requirements on passwords than Windows NT and Windows 2000. An AppLock/Web password, for example, must be a minimum of seven characters and must include at least one upper-case character, at least one lower-case character, at least one number, and at least one punctuation mark or special character. And you can't reset the password without booting Windows in safe mode, which means physically accessing the server.
WatchGuard claims, and we have confirmed, that AppLock/Web makes minimal demands on resources. First, the program takes up just 6M of disk space. Secondly, we detected that is has no significant effect on system performance.
But AppLock/Web's high ease of use has a down side: inflexibility. You can't, for example, grant editing privileges to remote administrators. Instead, AppLock/Web must be turned off at the server before anyone can make any changes on the Web sites or in AppLock/Web's configuration. That means to make any changes in your operating system or Web sites you have to, if only for a short time, bring down the whole security wall.
And if you want to change the files protected by AppLock, you're limited to switching on or off the 200-plus file extensions recognized by the program.
In short, if you frequently need to access and make changes to your Web sites or your server configuration, you'll probably want to find a more flexible solution that doesn't require you to suspend security entirely. Otherwise, AppLock/Web is an effective and easy-to-implement solution.