I reviewed CA’s eTrust PestPatrol Anti-Spyware last October, and, on the surface, things are pretty much the same as they
were then. Installation proved to be intuitive as well as non-eventful. I was able to push the PestPatrol agent to my client
PCs right from the administration console. A command line distribution method is also available for clients for which the
admin console doesn’t have local administrative rights or for enterprises that have a software distribution system in place.
The scanning and detection engine has been upgraded for this release. CA changed how PestPatrol scans for and identifies spyware.
Now it scans based on a CRC (cyclic redundancy check) signature first, and if it finds a possible hit, it uses an MD5 hash
to make sure. The CRC check is very fast, allowing PestPatrol to improve its scanning performance. I liked that I could select
multiple clients from across the network and launch an on-demand scan with one click. At scan time, I was able to choose how
to handle detected threats and also where to look for them.
PestPatrol really falls behind the other products in this roundup with its real-time scanning. Its Active Protection is comparable
to Tenebril SpyCatcher. It doesn’t block malicious content from making its way into the system. Instead, it monitors processes
in memory and cookie activity on the client PC. The goal is to stop or slow down malware between scheduled or on-demand scans.
With the number of threats in the wild and the growing sophistication of the attacks, Active Protection as it stands just
isn’t enough. Computer Associates stated that the next release of PestPatrol will have a more active real-time agent.
Reporting is another area where PestPatrol really misses the mark. Reports are available based on pests or a specific pest,
all or selected workstations, and also by date range. The generated report is a text file describing each event; no support
for any other format or charts is available. Activity and quarantine log views per machine are available. From here, you purge
and archive quarantined malware on a client-by-client basis.
PestPatrol does allow for exclusions based on the included lists of known pests and categories, or admins can add their own
files and paths to exclude. This is helpful if you want to make sure some applications -- such as remote control or password-cracking
tools -- are never quarantined by mistake. Unfortunately, administrators cannot add their own applications to the pest list
for removal.
Overall, PestPatrol is a decent all-around anti-spyware solution. It does have some weaknesses, most of which will be addressed
in the next release, but it’s one of the easiest tools to use. The scanning engine did an excellent job of removing any spyware
on the system, and the push install made deployment fast and easy.
Eset NOD32 2.5 Antivirus System
Eset, with its NOD32 Antivirus System, is a relatively unknown player in the enterprise anti-spyware game. This suite of security
services proved average in detecting and cleaning my malware threats but boasts a full-featured remote-administration console.
Although NOD32 has solid technical chops, it does suffer from overly cumbersome installation and disjointed administration.
The core technology of NOD32 is Eset’s ThreatSense detection technology, a single engine that identifies malicious behavior.
On top of ThreatSense are five task-specific modules: a file system monitor; a Microsoft document monitor; a Microsoft Outlook
monitor; an Internet traffic monitor; and the NOD32 on-demand scanner. The system works well at detecting and handling not
only spyware but also viruses. It does not include a personal firewall.
Installing the NOD32 server components on my Windows 2000 Server was not nearly as straightforward as the other products.
Documentation was available and helped explain the various installation procedures, including manually creating file shares
for the client update service.
Creating an end-user policy was also a little more challenging than even with F-Secure. Another tool, NOD32 Configuration
Editor, was required to create an XML configuration file that was then used to define my security policy as I distributed
the agent out to my test clients. It would be nice to be able to do all of this from a single UI.
The most useful tool was yet a third application, NOD32 Remote Administrator. This console had by far the most useful UI of
the bunch. In fact, Remote Administrator should have all of the afore-mentioned functions for the best all-around administration
experience. With Remote Administrator, I was able to manage clients, deploy NOD32 to other PCs, view alerts and reports, and
also schedule tasks. Additional client configuration is available through the console as well as update management.
NOD32’s reporting engine was one of the best of those tested, creating charts that were easy to read and understand. I like
that I can save custom reports as templates and schedule the templates to run automatically.
NOD32 had one of the smaller memory footprints out of the ten products tested. Even while running a deep scan of my Windows
XP Professional client, memory usage only topped out around 33MB -- easily half of the usage of most solutions. During a deep
scan of my client, memory usage stayed nearly the same, but CPU utilization did jump up to around 75 percent, which is to
be expected during an in-depth analysis.
NOD32 handled most of the malware I threw at it, detecting drive-by virus and other spyware installs as they occurred. It
did, however, allow one adware program to drop Internet shortcuts on my desktop, and it also didn’t detect or remove Virtual
Bouncer, AdRoar, and AdDestroyer. A subsequent deep on-demand scan also failed to identify and remove the adware.
Computer Associates eTrust PestPatrol Anti-Spyware Corporate Edition r5
Computer Associates, ca.com
|
 Good 7.6 |
|
| criteria |
score |
weight |
| Effectiveness |
8 |
50% |
 |
| Management |
7 |
20% |
|
| Reporting |
6 |
10% |
|
| Setup |
9 |
10% |
|
| Value |
7 |
10% |
|
|
|
Cost:
For 100 users, $39.95 per user
Platforms:
Compatible with Windows 98 and later
Bottom Line:
Computer Associate’s eTrust PestPatrol provides very good detection and removal of installed spyware. Its administrative UI
is easy to install, maintain, and use, but its reporting is very limited. Real-time detection and prevention of initial spyware
installation is very weak: It allows spyware to install but prevents the processes from running.
|
|
About our Reviews and Scoring Methodology
|
|
Eset NOD32 2.5 Antivirus System
Eset, eset.com
|
| Good 7.2 |
|
| criteria |
score |
weight |
| Effectiveness |
7 |
50% |
|
| Management |
7 |
20% |
|
| Reporting |
9 |
10% |
|
| Setup |
7 |
10% |
|
| Value |
7 |
10% |
|
|
|
Cost:
$2,060 for 100 enterprise users
Platforms:
Windows 95 and later, Linux OS Linux (Kernel 2.2.x, 2.4.x and 2.6.x, glibc 2.2.5 or higher); Novell NetWare 4.x and later
Bottom Line:
NOD32 Antivirus System has the potential to be a major anti-spyware player with a few enhancements, such as smoother, more
streamlined installation. Policies are flexible but building them is a chore. Reporting is very strong, allowing for many
different views into workstation histories. Detection and prevention is merely average: A small group of spyware slipped through.
|
|
About our Reviews and Scoring Methodology
|
|
F-Secure Anti-Virus Client Security 6
F-Secure, f-secure.com
|
| Excellent 9.3 |
|
| criteria |
score |
weight |
| Effectiveness |
10 |
50% |
|
| Management |
8 |
20% |
|
| Reporting |
9 |
10% |
|
| Setup |
9 |
10% |
|
| Value |
9 |
10% |
|
|
|
Cost:
For 100 users, $29.75 per user
Platforms:
Server: Windows 2000/XP/2003; client: Windows 2000/XP, F-Secure Policy Manager Console
Bottom Line:
F-Secure has rolled anti-virus, anti-spyware, and personal firewall protection into a single package. It has the best real-time
protection of any products in this roundup, stopping all attempts. On previously infected systems, detection and removal were
also first rate. Reporting is excellent, but it suffers from some organizational issues in the administrative UI.
|
|
About our Reviews and Scoring Methodology
|
|
LANDesk Security Suite 8.6
LANDesk, landesk.com
|
| Excellent 8.7 |
|
| criteria |
score |
weight |
| Effectiveness |
9 |
50% |
|
| Management |
8 |
20% |
|
| Reporting |
10 |
10% |
|
| Setup |
8 |
10% |
|
| Value |
8 |
10% |
|
|
|
Cost:
For 100 users, $5,900 for the first year, $2,900 each year after
Platforms:
Server: Windows 2000/2003 Server; client: Windows 95 and later, Mac OS 9.22 and later, HP-UX, IBM AIX 5.1, NetWare 6.0, 6.5,
Red Hat Linux 7.3, 8.0, 9.0, Solaris 8, Suse Linux 9.
Bottom Line:
LANDesk Security Suite scales to any size and complements the already strong LANDesk product family. It has very good detection
and remediation, and its real-time protection is above average, although an IE toolbar did slip through. Reporting is top
notch but administrative overhead is considerable.
|
|
About our Reviews and Scoring Methodology
|
|
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...