Schools, libraries, corporations and government agencies have their picks of programs that restrict user access to networks, impose usage privileges, and prohibit time-hogging distractions such as games, instant messaging and peer-to-peer file-sharing applications.
In that category, Faronics’ Anti-Executable 3.0, which allows a computer to run approved applications only, is one of the most comprehensive ways available to improve worker and student productivity.
Anti-Executable disables all unwanted, unlicensed or unnecessary applications; it simply blocks them from executing.
As a parental control for a home computer, Faronics’ approach may be overkill — but the standard version is totally effective, just the same. In small business environments, classrooms and public computer settings, it is an effective worry-reducer. The enterprise version gives IT managers the ability to set-it-and-forget-it.
Anti-Executable also adds a useful layer of protection against malware intrusion. If the malicious adware or spyware executable is not on the white list, you can forget about it.
This latest version adds the ability to automatically create a workstation white list. Network admins can create their own list of all the applications permitted to run on any machine — but the scan feature compiles a list of all executable files on a hard drive, letting the sys admin allow or disallow everything on that list.
The Scan feature searches the selected location, and its subdirectories for files containing the extensions .scr, .jar, .bat, .com or .exe. Any attempted launch of an unauthorized executable displays an alert that is recorded in the Anti-Executable log file. Administrators can specify the content of the alert displayed.
New features include the ability to centrally deploy the white list. Related new features allow support for multiple white lists with import and export options, as well as customizable white list enforcement based on user levels.
Anti-Executable 3.0 supports Windows XP SP2 and up, Vista, and Server 2003. It comes in four flavors.
The Standard version is for local computers loaded with a non-server operating system. The Server Standard version is for local computers loaded with server operating systems. The Enterprise version works on remote computers loaded with a non-server operating system. The Server Enterprise version works with remote computers loaded with server operating systems.
Download the program of choice here. A fully functional 30-day working version is available for the standard 32-bit and the standard 64-bit Windows versions. To install the downloaded version, you have to unzip the package and click on the MSI (Microsoft Installation file) of the version desired.
After you click on it, the installer wizard begins the normal Windows installation process. This requires entering user information and advancing through the steps by clicking the next button. The purchased CD-ROM, however, begins the installation wizard via the autorun feature on the CD.
Making It Work
You cannot use this product out of the box. You have to configure it first. For instance, only authorized users, known as the Anti-Executable Administrator and the Trusted Users with assigned passwords, can access the program to install other executables. They do this by holding down the Shift key and double-clicking the Anti-Executable icon in the Windows System Tray.
The administrative user must configure and apply an Active White List. Once the protection setting has been set to On, approved users can launch authorized executables specified in the Active White List.
Executables not in the Active White List cannot be opened by unspecified users (external users). A White List generated on one machine can be applied to another machine.
Anti-Executable records in a log file all actions and events occurring on each machine. An Anti-Executable administrator can specify the content of the Alert messages displayed when a user attempts to open an unauthorized executable. Both settings can be configured on the Notifications tab.
Anti-Executable Standard starts at $45 per workstation.
The Enterprise version starts at $66 per workstation. Both are eligible for volume discount pricing.
Both versions include maintenance, with access to program updates and support during the contract period. Maintenance renewal is 20 percent of the purchase price.
Anti-Executable is not the type of program non-business users have a pressing need to use. However, for those who want a higher degree of assurance that unapproved applications or users will not harm their computers, this program is rock solid.
Setting up the options for first-time users will be a time-consuming chore. Network managers and company officials looking for a way to prevent user abuses won’t have to look any further than the user manual for Anti-Executable.
The program runs in the background and requires no user interaction once it is operating. With the option to hide the tray icon selected, no trace of the program is evident. The only clue to its existence is the unchangeable fact that unapproved programs simply don’t work. Unauthorized users cannot install new programs — or reinstall those blocked by the white list — to get around the protections.