AppLock inflexible, but secure

Seat belts save lives, yet a lot of people still refuse to wear them. Airbags may not be as effective, but they have the virtue that drivers don't have to do anything to make them work.

That is apparently the philosophy behind WatchGuard Technologies Inc.'s AppLock/Web. The security program for Microsoft Corp. Windows NT and Windows 2000 Web sites is about as automatic as you can get. Just click on the Lock button in the System Tray, and AppLock/Web will lock down your operating system, Internet information server and your Web sites.

When you lock down, AppLock/Web will automatically check for any new content on the Web site and extend its protection to those pages and/or new sites.

Forgoing the strategy of intrusion-detection programs, which search for signs of hackers after they may have done this mischief, AppLock/Web claims to lock intruders out before they can do any harm. Even if hackers gain access to your administrator account, for example, they will be unable to access and change system files, Web scripts or pages. Nothing can be changed without first unlocking AppLock/Web.

It's also worth noting that AppLock/Web has stricter requirements on passwords than Windows NT and Windows 2000. An AppLock/Web password, for example, must be a minimum of seven characters and must include at least one upper-case character, at least one lower-case character, at least one number, and at least one punctuation mark or special character. And you can't reset the password without booting Windows in safe mode, which means physically accessing the server.

WatchGuard claims, and we have confirmed, that AppLock/Web makes minimal demands on resources. First, the program takes up just 6M of disk space. Secondly, we detected that is has no significant effect on system performance.

But AppLock/Web's high ease of use has a down side: inflexibility. You can't, for example, grant editing privileges to remote administrators. Instead, AppLock/Web must be turned off at the server before anyone can make any changes on the Web sites or in AppLock/Web's configuration. That means to make any changes in your operating system or Web sites you have to, if only for a short time, bring down the whole security wall.

And if you want to change the files protected by AppLock, you're limited to switching on or off the 200-plus file extensions recognized by the program.

In short, if you frequently need to access and make changes to your Web sites or your server configuration, you'll probably want to find a more flexible solution that doesn't require you to suspend security entirely. Otherwise, AppLock/Web is an effective and easy-to-implement solution.



Score: B+

WatchGuard Technologies Inc.
(206) 521-8340

Pricing and availability: $595 per server.

Remarks: AppLock/Web makes it easy to protect your Windows NT and Windows2000 Web servers from hackers. The downside is that you have to temporarilydisable the security wall to make any changes to the server or to Web sites.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.