The browser-based administration UI was well-organized and very easy to navigate. Administrators can use the Network Explorer
view to push-install client computers, create reports for one or all clients, and initiate on-demand scans with a single click.
Like the other products tested, SpyCatcher had no trouble enumerating my computers in Active Directory or across other Windows
domains. Unique to SpyCatcher is the way it organizes your PCs into predefined groups in the Status Explorer view. I found
this especially helpful when trying to identify PCs with out-of-date definitions or that did not have the agent installed.
Policy definition required little effort, due in part to the limited number of choices available. SpyCatcher does break out
the various forms of malware into a number of groups, and administrators can define the action to take on detection for each
group. For instance, I set SpyCatcher to quarantine everything but cookies, port scanners, and packet sniffers; these SpyCatcher
just entered into the alert log. Admins can create multiple policies to meet the security needs of the network.
SpyCatcher’s real-time engine does not block the malware from entering the system; rather, it watches for its behavior when
it’s in memory. There it quickly kills the application and keeps it at bay until the next full scan. I saw this process in
action, and although it let the process execute, it ended the task almost immediately. In reality, because there is a delay
before the application terminates, there is a chance that a malicious program could sneak off with personal information. I
would like to see this real-time protection be more proactive and stop the intruder before it is in the front door.
The re porting engine gets the job done, but it has room for improvement. Reports are available in PDF or CSV (comma-separated
value) only, and other than choosing a date range and report type, there is no other customization available.
SpyCatcher’s resource usage on a client PC was about average out of all products here, and, like all others, swelled to nearly
60MB and 95 percent CPU utilization while doing a scan. Admins cannot set thread priority during a scan, so make sure scheduled
tasks take place after work hours.
SpyCatcher is easy to use and deploy, and it did prove resilient in cleaning spyware from my test systems. Given that this
is a beta release, I expect some things, such as lower resource usage, to change before it is generally available. In future
releases, I would like to see the real-time protection step up and keep the bad stuff out.
Trend Micro Anti-Spyware for Small and Medium Business 3.0
Trend Micro is one of the top anti-virus companies in the world, so it was a natural progression for the company to put together
an anti-spyware product. Through technology obtained through the acquisition of InterMute in May 2005, Trend Micro has assembled
what could be one of the better anti-spyware products for the enterprise — when a few kinks are worked out. Real-time protection
is only average, but scanning remediation is among the best. Another solution with a browser-based administrative UI, TMAS
(Trend Micro Anti-Spyware for Small and Medium Business) was easy to install and configure.
Like CounterSpy Enterprise and CA eTrust PestPatrol, TMAS is an anti-spyware point product -- it does not provide built-in
anti-virus services. TMAS worked well alongside my Norton AntiVirus installation and didn’t complain about the Windows XP
firewall. I had no trouble installing it on my Windows 2003 Server and pushing installations out to Windows XP Professional
clients. The browser-based administration user interface is well-designed, and I found it very easy to navigate.
The network discovery portion of TMAS found all of my Windows domains and correctly listed all member computers. Installation
of the TMAS agent was as simple as selecting a client PC from the list and clicking the Install button. A very easy-to-read
Desktop Status window showed each client’s vital statistics, such as its status, last contact with the server, and the version
of the agent running on it.
Creating various test policies took little time, simply because there weren’t that many choices to be made. Unlike in F-Secure
Anti-Virus Client Security, most options are simply on or off. Options such as whether to do a quick scan or deep scan, whether
to scan on startup, and if the policy should run on a schedule are all available.
Real-time protection, called Active Application Monitoring, works along the lines of Sunbelt CounterSpy. It doesn’t actively
stop the malware from entering the system but allows it to save to disk and execute. Active Application Monitoring watches
memory for specific processes, and, when detected, it terminates them before they can continue their dastardly deeds. In theory,
this is fine, but as with CounterSpy, I saw a lag time between infection and termination, with one piece going undetected
even after a scan and clean.
TMAS uses two small processes to monitor and maintain your client, using only about 21MB of RAM when idle. During a cleaning
pass, a third process starts, and total RAM usage goes up to about 64MB, but CPU utilization stays around 50 percent. This
is due in part to Trend’s dynamic CPU throttling. It will back off CPU usage when it sees other activity on the system, allowing
for midday scans with minimal impact on end-user performance.
Bottom Line: Computer Associate’s eTrust PestPatrol provides very good detection and removal of installed spyware. Its administrative UI
is easy to install, maintain, and use, but its reporting is very limited. Real-time detection and prevention of initial spyware
installation is very weak: It allows spyware to install but prevents the processes from running.
Platforms: Windows 95 and later, Linux OS Linux (Kernel 2.2.x, 2.4.x and 2.6.x, glibc 2.2.5 or higher); Novell NetWare 4.x and later
Bottom Line: NOD32 Antivirus System has the potential to be a major anti-spyware player with a few enhancements, such as smoother, more
streamlined installation. Policies are flexible but building them is a chore. Reporting is very strong, allowing for many
different views into workstation histories. Detection and prevention is merely average: A small group of spyware slipped through.
Platforms: Server: Windows 2000/XP/2003; client: Windows 2000/XP, F-Secure Policy Manager Console
Bottom Line: F-Secure has rolled anti-virus, anti-spyware, and personal firewall protection into a single package. It has the best real-time
protection of any products in this roundup, stopping all attempts. On previously infected systems, detection and removal were
also first rate. Reporting is excellent, but it suffers from some organizational issues in the administrative UI.
Cost: For 100 users, $5,900 for the first year, $2,900 each year after
Platforms: Server: Windows 2000/2003 Server; client: Windows 95 and later, Mac OS 9.22 and later, HP-UX, IBM AIX 5.1, NetWare 6.0, 6.5,
Red Hat Linux 7.3, 8.0, 9.0, Solaris 8, Suse Linux 9.
Bottom Line: LANDesk Security Suite scales to any size and complements the already strong LANDesk product family. It has very good detection
and remediation, and its real-time protection is above average, although an IE toolbar did slip through. Reporting is top
notch but administrative overhead is considerable.
Cost: For 100 users, $16 per user with 1-year support
Platforms: Server: Windows NT 4 Server, Windows 2000/2003 Server; client: Windows NT 4, Windows 2000/2003/XP
Bottom Line: The addition of Anti-Spyware Enterprise Module to VirusScan Enterprise provides a very scalable platform for protecting your
network from spyware and viruses. Reporting capabilities are excellent, but real-time protection is only average. Administration
is more difficult than that of most of the other products.
Platforms: Server: Windows 2000 and later; client: NT4 SP6a, Windows 98SE and later
Bottom Line: CounterSpy Enterprise was one of the easiest products to install and maintain. Its real-time protection allows spyware to
install before terminating it, but its on-demand detection and remediation is very good. Reporting is good, but not as strong
as that of some others in this roundup.
Cost: For 100 users, $1,530 for a perpetual, one-time purchase. Annual subscription to the Threat Shield databases, $1,874
Platforms: Server: Windows Server 2000/2003; client: Windows 98/ME and later
Bottom Line: SurfControl Enterprise Threat Shield is straightforward to install, and administration isn’t overly complex. Real-time protection
proved better than average. It relies, however, on being connected to a management server, so disconnected users lose some
protection. It has a very small memory footprint, even during an on-demand scan. Its reporting engine is very capable.
Platforms: Server: Windows 2000/XP/20003; client: Windows 2000/XP/2003
Bottom Line: SpyCatcher is an easy-to-deploy-and-administer anti-spyware solution with great detection and remediation. Real-time protection
doesn’t block spyware installations but does stop any process from launching. Reporting is good, but it lacks customization.
Platforms: Server: Windows XP/2000/20003; client: Windows XP/2000/2003
Bottom Line: Anti-Spyware for Small and Medium Business likely will be one of the best anti-spyware products available, once it matures
a little more. Real-time protection allows spyware to install before clamping down on it. On-demand scans and cleans work
well and remove any traces of spyware from a PC. Reporting could be made a little stronger if there were customization options.
Platforms: Server: Windows NT 4.0 and later; client: Windows 98SE and later
Bottom Line: Spy Sweeper is one of the best all-around anti-spyware tools. It offers good real-time protection and excellent detection
and remediation. Spy Sweeper is flexible enough that administrators can easily create policies based on specific needs. Reporting
would be better if it allowed for customizable reports.
Zombie PCs Are Attacking Your LAN
A recent study showed that malware-infected zombie PCs are now a bigger threat to ISPs and Web infrastructure than DoS attacks. As this brand new IT Strategy Guide explains, an increased use of peer-to-peer techniques by the attackers has made it harder to fight back. Download now, compliments of Verio:
Help Simplify Virtualization - One common challenge IT organizations face is server sprawl, which can require large amounts of facilities and support resources...
Disaster Recovery in Minutes - This paper describes a complete disk-based system recovery solution for Microsoft Windows based servers, desktops, and laptops...
Protecting Microsoft(R) Applications - Microsoft Exchange, SQL, Active Directory, and SharePoint have quickly risen to mission-critical status in many companies...
What's the 411 on GOOG-411? Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...
Apple HTML source reveals 'iPhone Extreme' "This one's a stretch..." reports AppleInsider.
Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it.
Now, that sounds like the product Apple should have released first, rather ...
Open Sources Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...
E-mail
Printer Friendly
Reprints
(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...
