Recently, we have seen a lot of inquiries from organizations about controlling portable applications. Portable applications have been around for many years, but are becoming more prevalent and represent a new level of risk to customers that want to maintain the integrity of their operating environment. The good news is that there are methods to contain these applications – let’s take a look.
Portable applications are simply applications that are a self-contained executable that can be run from a USB drive, a network drive or a cloud drive (see Wikipedia: Portable Applications for more details). In the past, most Windows applications would install the main executable as well as a number of DLLs and resource files. In addition to file changes, most applications would use the registry to store settings. Portable applications have grown with the increased prevalence of USB drives and the desire to be access data and the applications that use that data from any computer. There are websites such as www.portableapps.com, www.pendriveapps.com, and www.portablefreeware.com that provide many of these applications for download.
The risk with portable applications is twofold: security and system integrity. The security concern is clear in that these applications don’t require any installation so they can run as a traditionally installed application and have the ability to modify the system and more importantly access data that an organization may not want to be portable or accessible by unapproved software. Secondly, organizations may not want to have their operating environment impacted by portable software. While they aren’t on the hard drive, they still access memory, have the potential to change the operating environment and present supportability costs.
There is a clear answer to the question around portable applications as many of these are legitimate, productivity boosting applications. Arellia sees a few best practices and considerations around portable applications and how to control them using our Application Control Solution:
· Determine If Portable Applications Are Allowed: Some organizations may not like the risk and simple ban them altogether. Whether allowed or not, users should be educated to prevent the introduction of malware and the loss of sensitive data.
· Standard Users Are Good, But Not Enough: Many organizations are moving their end users from an administrator account to the standard user to limit the software that is installed on their desktops. This is a good practice, but the standard user can run software from USB, network, or cloud drives just the same.
· Enforce Policies for Removable Drives: If you don’t want portable applications in your environment, deny execution from any removable or remote source such as a cloud drive. Be aware that these applications can simply be copied or e-mailed so see the next recommendation.
· Intelligent Whitelisting: Policies could be created to block removable storage drives altogether, but there is still the issue around e-mail or web applications. A solid approach to controlling portable applications would be to whitelist known-good applications and apply a restrictive policy on anything else.
· Orangelisting Unknown Software: Arellia Application Control Solution’s Orangelist polices could apply to anything not in a whitelist and restrict file access, reduce privileges, isolate in a virtual layer, or simply report usage. Of course blocking is always an option, but better to limit impact than outright deny a potentially productive application.
As with many things in IT security, there is no right answer to how to deal with portable applications. As a simple framework: determine the risk, educate end users, and enforce policies to protect the organization. With ever-increasing mobility, portable applications are just another consideration IT organizations need to consider.
About Arellia: Arellia provides solutions for securing local administrator accounts, application control, and compliance remediation. Arellia products are integrated with the Symantec Management Platform and sold exclusively through Symantec.
Want to learn more about Arellia products, join one of the weekly Arellia Webcasts