IT departments need to lock down their users' PC configurations, Gartner research vice-president Brian Gammage...
"We tend to allow users too much liberty," he told Computer Weekly. But there are emerging technologies to help IT managers improve PC security.
Gammage highlighted Trusted Platform module technology, a hardware chip that sits on a PC motherboard. "It does not yet have operating system support, but the Trusted Platform module can create safe keys, provide [a mechanism] to identify a device on the network, or even identify components on the network. But the Trusted Platform module has always been expensive to implement," he said.
IBM has been shipping Trusted Platform modules, but only one in four is in use. Critics claim that this is because they are hard to operate as they are not supported by Microsoft Windows and require additional management tools to implement.
Microsoft Windows XP Service Pack 2 will also feature in the Gartner symposium discussions, in particular its data execution prevention technology. This is a software feature that works with a chip from Intel and AMD.
"It can shut out worms and hardware cannot be hacked or circumnavigated with software," Gammage said.
He added that Intel's La Grande technology, which may be available next year, will offer hardware encryption on the PC's processor to help combat Trojan horse attacks.
Microsoft's next generation secure computing base, a feature of Longhorn, the next generation Microsoft operating system, creates a protected execution environment so that code can run without being attacked. Gammage looked forward to its introduction but added, "but we do not know when it is going to be on the table," said Gammage.
Gartner's advice for IT managers is to introduce PC lockdown as soon as possible and to use hardware lockdown features. "You need to get all that under control, otherwise what is the point of having more secure devices if the least secure are out of control?" said Gammage.