Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

Safeguard Invisible Endpoints

Created: 26 Feb 2009 • Updated: 10 Apr 2009 | 1 comment
Language Translations
Hear4U's picture
+1 1 Vote
Login to vote

Does your company use any of the following: thin clients, point of sale (POS) devices found in retail stores, medical devices, self-service kiosks, or automatic teller machines (ATMs)?

If so, it's important to know that these devices are as vulnerable to malware as desktops and laptops. Although they aren't computers and don't receive email, they are still connected to other devices, to networks, and to the Internet. It's easy to forget that these devices are another, "invisible" set of endpoints that can be crippled by intrusions or malicious code-and that they need just as much protection as other endpoints do.

Many of these devices run on Windows XP Embedded or Windows Embedded for Point of Service, both modified versions of Windows XP Professional made especially for specialized devices. If you have any of these devices using these specialized operating systems, here are some questions to ask when selecting a protection product:

1.  Was it designed specifically for Windows XP Embedded or Windows Embedded for Point of Service? You may be able to load security software written for Windows XP onto Windows XP Embedded or Windows Embedded for Point of Service devices-but that could hinder performance. These specialized devices often have limited processing power and storage space, so an embedded-specific solution that takes up fewer resources will keep your device running more smoothly. Symantec Endpoint Protection for Windows XP Embedded was created specifically for Windows XP Embedded and Windows Embedded for Point of Service, and therefore the Symantec solution naturally has a smaller footprint than desktop solutions.

2. Will it work with Enhanced Write Filter? Most Windows XP Embedded devices have little storage space-many operate on Flash-so Windows XP Embedded has a feature called Enhanced Write Filter to protect that storage volume. Enhanced Write Filter (EWF) provides a means for protecting the limited available storage space from too many writes on the specialized devices. All files saved to an EWF-protected volume are redirected to a virtual disk, i.e. RAM disk. These files are cached in the virtual disk which gives the appearance that the storage device is writeable.

If the system is rebooted all the cached files and edits will disappear, restoring the system back to its original state. Security software needs to store virus definition files and security policies on the storage device. Because of this, some security products require disabling Enhanced Write Filter (EWF)-which means the software will work, but your storage device is no longer protected from overload. Additionally, Flash memory has a limited life span based on the number of writes performed on it. Disabling EWF could lead to multiple unnecessary writes by the user, the operating system, or some other application, thereby reducing the life of your device. Symantec Endpoint Protection for Windows XP Embedded has proprietary technology that works with Enhanced Write Filter so that policies and antivirus signatures are saved directly to the storage device, without disabling EWF.

3. Will it integrate with Target Designer? Target Designer is a Microsoft tool that allows IT staff to create a graphical image of configurations and applications to load on a Windows XP Embedded device. Making sure your device works with Target Designer is important as this gives you the ability to create a Windows XP embedded image. This image can then be transferable, which is critical if you're deploying POS devices throughout a large store, medical devices throughout a hospital, or provisioning thin clients for a large group of users.

Whatever embedded devices your company uses, chances are they are just as mission-critical as its traditional endpoints, such as desktops, laptops, and servers. Symantec is committed to providing protection for traditional endpoints with Symantec Endpoint Protection 11.0, but also committed to providing security with non-traditional endpoints such as Thin Clients, POS devices, ATMs, medical devices, etc that run on Windows XP Embedded or Windows Embedded Point of Service. So it's just as important to give these devices the same level of protection-with a product designed especially for them.

Comments 1 CommentJump to latest comment

Satyam Pujari's picture

Nice...keep it up mate ..good one !

Inviting good karma to CPU...beep

Login to vote