Kevin Tolly: ‘Always on’ programs pose an ‘always on’ threat

Try as they might to secure the enterprise – using firewalls, VPNs, intrusion detection and content filters – network managers are being defeated in droves…by their co-workers.

The dramatic surge in “always on” third-party programs running on corporate desktops has set the stage for unknown havoc. The programs range from distinctly non-business peer-to-peer programs such as Kazaa BV’s KaZaA – a Napster follow-on – to corporate remote access services such as ExpertCity Inc.’s GoToMyPC.

These are not Trojan horses; they are legitimate services. Users download and install the client because they want the service. For network managers, though, such programs can create network performance headaches and set the stage for serious security breaches.

The KaZaA Media Desktop transforms a corporate desktop into a file server accessible worldwide. The default installation sets you up with a shared folder for the world to see.

While the primary content is MP3 audio, files are files. Should corporate files get into that folder, they are now available to the world. Users can assign any folder to which they have access to be indexed into the KaZaA system and thus free to the world. Imagine what a disgruntled employee could do “by mistake.”

Even if the data is harmless, your corporate Internet link will get chewed up as users around the world grab files from that desktop. KaZaA is built to seek out the fastest machines and highest-speed connections as the preferred sources for downloads.

And what about the files your users bring in via KaZaA? So prevalent, apparently, are Trojans, viruses and SpyWare that the KaZaA home page advertises a recommended third-party utility, BullGuard, to defend your desktop. Scary.

KaZaA says its desktop software has been downloaded more than 119 million times. Chances are, it is already in your network. Time to start looking for it.

GoToMyPC, on the other hand, serves a legitimate corporate need: remote desktop access. It is built around a service provider model. And its architecture lets users bypass corporate firewalls. Typically, firewalls are configured to look outside for trouble and assume that anything initiated from the inside is fine.

With GoToMyPC, an always-on client program residing on the desktop stays in constant contact with a GoToMyPC server. While the traffic load is not significant, there is a constant “heartbeat” between each client and the server. My network analyzer tells me so.

When the remote user wishes to access his desktop, he contacts the GoToMyPC service. After clearing two levels of password authentication, the target desktop appears.

From a system perspective, the session appears to be initiated from the unattended target PC so firewall authentication is not an issue.

The software works, I tried it. Because of the three-way nature of the architecture, benchmarking the speed was not possible.

While there is clearly no evil intention on the part of ExpertCity, I find it unsettling to have scads of corporate desktops in constant communication with a third-party service that, through its “mole,” can determine how often your PC is busy, when you’re in the office and so forth.

While the company offers packaged enterprise services, they don’t offer an “opt out” for companies that don’t want to let desktops in their domain use the service.

Network managers have to look within and start understanding the security and the performance implications of always-on code running on their desktops.

Tolly is president of The Tolly Group, a strategic consulting and independent testing company in Manasquan, N.J. He can be reached at