Well, the pros are pretty obvious. You spare 595$ US (700$ with one year premium support) per copy of Tripwire for NT you would have needed, since InstallWatch Pro is provided free of charge. But it could sell for 30$-40$ and it would still be a good purchase, even if you were to limit it's use to it's original design. With very little effort, a good file integrity checker will protect your servers. What could you ask more?
Well, not much, but still a few things. First, I don't know about the CRC check algorithm used by InstallWatch, but I am sure it is not as strong as the one implemented in Tripwire. If you require the best of the best in your security choices, then go for the absolute best, there is no trade off for that. But I still consider that the CRC check is still good enough for the vast majority of us (but don't let your CD carelessly on your desk). Another point, Tripwire supports networks, meaning that several servers running Tripwire report to a management console, providing a single point of access. Since InstallWatch was not designed as a security suite, it would be unfair to blame it on Epsilon Squared. But InstallWatch can export its data in HTML, and you could save it on an intranet page to view all your results. What would be a nice add-on is the ability to have an auto-export feature that export to files according to your specifications after every audit. That's about it. If you have some imagination, you could have your audits to run as scheduled tasks (which would involve leaving the CD in the machine, it's OK if your server is in a safe location).
By the way, I should mention it here, there is an error message that may pop out when you make an audit with the snapshot file on the CD. It will say that it will need approximately 10 Megabytes of free storage space on the drive to perform the analysis, but no problem happens and the program behaves as expected.
I wanted to have an integrity checker that works in the same fashion than Tripwire on the Windows platform, but as I was to attempt to do this with batch files, I laid my hands on InstallWatch Pro, a good piece of software that could very well do the trick. With some quick experimenting, I came to the conclusion that this setup provides efficient system integrity checking, even uncovering some unexpected file activity. I leave to the reader to figure out the best configuration, common sense should rule. I hope this will help many people at securing their systems for the best price in the world.
4. The experiment
Appendice A. A little bit more about InstallWatch
Table of contents