FortiClient software - has anyone use this?
FortiClient software - has anyone use this?
(OP)
Up until today, I've been able to work remotely from home or a hotel by using a VPN to access the company network and log into my desk computer workstation. This system worked well enough, though it was often clunky for heavy applications like CAD and FEA. The VPN connected with software from Checkpoint and AFAIK it only did the typical VPN encryption task but includes some malware scanning.
Now they want to change to a different software, and this one seems much more intrusive:
https://forticlient.com/
Forticlient is designed to interrogate my OS to determine it has all patches and updates installed, confirm that my firewall and antivirus are completely up to date, scan other applications that are in memory, and collect statistics about my usage and activity. Woah. This is like installing spyware on my computer... on purpose.
Has anybody used this? Or something like it? Is it as bad as I think it is?
I'm giving serious thought to buying a "burner" laptop that I can install this, and only this, software on. My company is not likely to give me a laptop of their own for me to keep at home for this purpose.
Now they want to change to a different software, and this one seems much more intrusive:
https://forticlient.com/
Forticlient is designed to interrogate my OS to determine it has all patches and updates installed, confirm that my firewall and antivirus are completely up to date, scan other applications that are in memory, and collect statistics about my usage and activity. Woah. This is like installing spyware on my computer... on purpose.
Has anybody used this? Or something like it? Is it as bad as I think it is?
I'm giving serious thought to buying a "burner" laptop that I can install this, and only this, software on. My company is not likely to give me a laptop of their own for me to keep at home for this purpose.
STF
RE: FortiClient software - has anyone use this?
RE: FortiClient software - has anyone use this?
RE: FortiClient software - has anyone use this?
RE: FortiClient software - has anyone use this?
Good question, but the workstation at my office desk is already well "tended to" by the IT department, no need for extra scrutiny on that one. The Forticlient is pretty obviously going to be scanning applications on MY home computer. When using the VPN, I have access to everything on my workstation, just like I'm sitting at my office desk. I don't need applications on a "burner laptop" because I have access to many more at work.
Jmec87,
That's interesting. The documentation I read so far didn't give me that impression at all. The demonstration from my IT manager didn't bring that up, either. I will look again, of course. What is downloaded from the website is a single installer that will, by default, install everything. Having an option to disable/remove some parts may become apparent, but I would have to install it to find out!
Many people from the office are talking about doing what SWC says.
STF
RE: FortiClient software - has anyone use this?
Looking at the website, I also thought at first that everything came as a single package, but I definitely don't have some of the components installed. Their Technical Specifications page also shows which components are compatible with which OS: https://forticlient.com/techspec
The admin guide is available from https://docs.fortinet.com/forticlient/admin-guides . If I'm understanding it correctly, the minimum installation is the "Security Fabric Agent", which includes the Compliance and Vulnerability Scan components, and then other components (such as Remote Access/VPN and Web Filtering) are optional. However, depending on your set-up, the Compliance component/function can be set to "Not participating", which means it is disabled, even while you're able to use the Remote Access component.
RE: FortiClient software - has anyone use this?
I'll give it a go... in the sandbox first... and see if I can make this thing harmless.
STF
RE: FortiClient software - has anyone use this?
"Sandbox detection for FortiClient (Windows)"
I didn't realize I was using terminology that typically refers to something else. What I meant was using an old laptop as a "sandbox" - to see what modules I can avoid installing to just get it running the VPN.
STF
RE: FortiClient software - has anyone use this?
There are probably different levels of capability, and probably not much stopping you from running your own VM installation to connect to the corporate network. You can even attempt to run Linux, I note that it only supports the VPN connection.
I tend to agree though, if they don't provide the facilities for working at home, then its probably not quite worth pursuing.
RE: FortiClient software - has anyone use this?
The IT guy has described several such attempted attacks to me. There have been several "beachheads" established by attackers when ignorant users opened ZIP files in their e-mail.
Nothing gets our IT guys more agitated and writing e-mails in ALL CAPS than when they remind us not to open e-mail attachments from unknown sources.
STF
RE: FortiClient software - has anyone use this?
Quite often those types of programs will not run in a sandbox themselves to prevent someone from reverse-engineering what hooks it uses, so installing on a junk system and wiping after is the generally the only available solution to the average home user.
Dan - Owner
http://www.Hi-TecDesigns.com
RE: FortiClient software - has anyone use this?
The main flaw it depended on was that Outlook would use an internal marker in the file to see if it was executable even if the suffix indicated it was not. So a file with a .jpg suffix that was actually executable would get run instead of being opened in an image viewer.
I suspect somewhere north of a million files were deleted or damaged. Fortunately our IT group wears belts and suspenders and was able to purge the company and restore the files within a day. And no mid=level executives were ever given any traction about shutting off system security measures.