CA ITM means double trouble for digital invaders

An unfortunate fact of life for the network administrator is that the virus and malware threats are not going away any time soon. In fact if anything, things are only going to get worse. Managing enterprise-wide anti-virus and anti-spyware solutions can be difficult; two applications, two separate points of management. Why not roll both security tools into a common solution?

Computer Associates has done just that with ITM (Integrated Threat Management) r8, a bundling of eTrust AntiVirus and eTrust PestPatrol Anti-Spyware Corporate Edition. ITM allows network admins to create, manage and monitor their virus and malware policy from a single browser-based console. A flexible discovery option helps locate ITM-installed clients and the new graphical reporting engine makes keeping up with pest activity easy. The real-time anti-virus and malware scanning engines did a decent, if not total, job of keeping my test systems malware free. And ITM’s on-demand scanner did an excellent job locating and eradicating the one that slipped through.

I installed ITM’s admin and alert server on a Windows 2003 Small Business Server running all of the latest Microsoft patches. Setup was thankfully uneventful and the system was operational in about 30 minutes. I installed the ITM agent on a handful of Windows XP clients as well as a Windows 2003 Web Server Edition machine using file share. Admins can deploy the agent using traditional software distribution systems or they can push it out to clients using the included remote install utility.

During my evaluation, I used Internet Explorer 6 to view some Web sites that I know attempt drive-by installs on unsuspecting users. ITM successfully prevented various Java- and Win32-based Trojans and other sneaky exploits from ever landing on my test systems. It did allow, however, the Istbar V adware toolbar to install successfully; but this one item was quickly removed once I performed an on-demand scan. I found launching such manual scans to be nearly effortless.

ITM is more than just a bundle of two complementary products. Both tools received updates and enhancements, but eTrust PestPatrol gained the most of the two. Previous releases of PestPatrol forced users into a clunky text-based UI with mediocre reporting and poor real-time protection. The UI now has a much needed overhaul and reporting is comprehensive and graphical.

Whereas eTrust AntiVirus already benefited from a cohesive centralized framework that took care of policy and signature updates, now PestPatrol also rides on top of this framework and takes advantage of incremental program and signature updates. New to this release, incremental anti-spyware definitions and signatures are available from the ITM server or shared from a local redistribution server to save scarce WAN bandwidth. This means that, unlike the previous release, installed systems no longer have to connect individually to CA’s Web site for updates.

The heart of ITM is the policy engine, where CA has done the most work in integrating PestPatrol into the mix. While both anti-virus and anti-spyware are bound together in management, in reality each client agent runs a separate engine for each type of protection. Therefore, each engine gets its own separate set of policies. Common actions, such as alert handling and content updating are handled in their own policy group.