Bit9 Parity 3.5
REVIEWED BY GREG BALAZE
Price: $35 per desktop
Bit9's Parity 3.5 is designed to give you control over what users can do on company computers, and prevent executables from unauthorized or malicious apps from running on your desktops.
Bit9 Parity Server was easy to install and didn't have much to configure. A step-by-step screen walks you through setting everything from IP addresses and ports to selecting the creation of a self-signed or previously generated certificate. It automatically installs SQL Server 2005 and Apache Web Server, which is used for remote administration.
Small client agents for Windows XP/2000 (Vista is coming) are generated or updated automatically when a policy is created or modified for a group. The agents can also be downloaded off the Web, or distributed by application deployment software such as SMS. The agent and server communicate via a SSL tunnel.
Policies are applied based on groups set up within Parity Server that specify the file types it will block. Security condition levels, set by group, determine what happens when a file violates policy--various combinations of allowing or prohibiting file execution with or without notification. For policy enforcement, you can identify executables by name, or hash the file. Although malware can use an altered name to pose as a legitimate app, Parity will report on renamed programs. We recommend using hashes, though this means additional administrative overhead before deploying software.
Programs can be authorized to run from trusted individuals, trusted directories or trusted deployment applications, eliminating the need to manually add to the policy for each software deployment.
Recognizing the problems posed by mobile workforces, Bit9 allows for different security conditions when attached to the local network, and when disconnected.
Parity is effective at stopping programs from executing, as the agent goes through a lengthy process of inventorying the host workstation and reporting executable files to the Parity Server. This can take a while, especially in large enterprises with many clients.
Parity Server uses a combination of blacklisted applications and Bit9's signature database of known malware. The latter prevents the rapid spread of viruses and spyware from host to host by identifying the offending program and preventing its subsequent execution on other protected systems.
The Parity agent allowed executables to run according to policy, and quickly caught changes we made to a file. For example, we renamed Kazaa, a prohibited app, but still couldn't run it.
Bit9 has some work to do to beef up reporting capabilities. While several canned reports give quick access to important information, the sparse main reports page gives limited statistics on important file activities. We were disappointed that there's no way to graph the statistics, which would be especially useful for trending reports. There's no syslog support, nor can reports be exported to another format.
Bit9 Parity 3.5 does a good job of preventing unwanted programs from running, although we didn't see any new methodologies or technologies that make it stand out from established competitors.
Testing methodology: We installed Parity Server on a Windows 2003 SP1 machine to manage several fully patched XP and Windows 2000 VMware clients. We used a variety of applications, such as Skype, Kazaa and µTorrent, to test executable blocking.