Counter-spies on the LAN

In days past, help desks trotted out their anti-virus kits when asked to minister to sickly PCs. But today they must also bring to bear an array of anti-spyware tools. Spyware -- with its adjunct, adware -- is fast becoming the No. 1 problem among Internet-connected computers, more so than viruses or hack attempts.

Often, these burdensome programs do more than monitor users’ Web-surfing activities or inject unwanted advertisements. They also try to steal passwords, intercept information entered into online forms, and make changes to Internet and network settings, to the point that a computer can choke on all of the excess clutter and might fail to work correctly at all.

Spyware can share some qualities with Trojan horse programs, and that’s where the traditional anti-virus vendors claim to protect against them. For the most part, however, these intruders are able to sneak their traffic right by firewalls and anti-virus programs, rendering traditional security practices useless against them.

A number of companies market products designed to specifically target spyware and adware, but most are designed for home desktops. Computer Associates’ eTrust PestPatrol Corporate Edition and Tenebril’s SpyCatcher Enterprise are two network-ready solutions for eliminating spyware from enterprise environments.

I evaluated both programs based on enterprise features: their capability of detecting, removing, and preventing spyware and adware; reporting and logging; and day-to-day maintenance. Each proved to be a capable performer, but for overall detection and removal, PestPatrol bested SpyCatcher on all test clients.

eTrustPestPatrol Corporate Edition 5.0

CA recently acquired PestPatrol and added its product to CA’s overall enterprise protection strategy, known as eTrust Threat Management. The Corporate Edition adds centralized client and update management with an intuitive GUI and a straightforward approach to spyware and adware protection.

I installed PestPatrol Corporate on a Compaq DL-380 server running Windows 2003 Server. After installation, I launched the management console and was able to begin browsing through the various domains and computers I have in my test facility.

I was impressed by how well the PestPatrol console identified my network setup. But it did its job a little too well: It also listed some computers that are no longer active in the domain, and there is no way to remove a computer from PestPatrol’s list. This cluttered the display but otherwise did not affect the product’s performance.

Click for larger view.

Client installation is done using a “push” from the console for Windows 2000 and newer PCs. The administrator simply chooses the desired machine and clicks the Scan Now button. If the client is already installed, then the scan starts immediately. If it is not, the client installs silently without any visible traces -- no client or application group is created, and there’s no application for the end-user to run.