Counter-spies on the LAN
For networked, enterprise-wide spyware and adware protection, both Computer Associates and Tenebril are strong contenders
This feature worked well, as long as the user logged in to the server running PestPatrol Corporate’s console had administrative rights on the client PC. Otherwise, the client install would fail. To work around this -- for Windows 95 and 98 PCs or to deploy the client through an existing software distribution system -- a command line installation option is available that can be easily run using log-in scripts.
All client-related functions -- enabling real-time protection, updating the client engine, and setting up what to do when a threat is detected -- are easily accessed from the console. Administrators can choose to log, delete, or quarantine any detected pests during an interactive or scheduled scan. They can also specify what they want to scan, be it memory, cookies, the Registry, common malware locations, hard drives, or a specific path.
An exclusion file is also available to give admins the ability to ignore specific items, such as remote administration utilities or authorized security programs, during a scan. For example, I added UltraVNC, a remote access tool, to my exclusion list to eliminate it from detection. But you cannot add new applications to PestPatrol’s database as you can with SpyCatcher. Thus, PestPatrol won’t help you spot suspicious files or non-line-of-business programs.
PestPatrol Corporate did an excellent job of detecting pests on my test clients. On one system, PestPatrol detected 25 spyware programs; SpyCatcher detected only 14. Anti-spyware programs often vary in the number of cookies they identify as spyware, so I told both programs to ignore cookies for the purpose of my test.
At rest, PestPatrol uses only 7MB of memory, but during a scan operation, its usage grew to about 34MB, and it used nearly 100 percent of CPU time. Unlike SpyCatcher, PestPatrol will not let you set the maximum client CPU usage, meaning clients all but grind to a halt during scanning.
I found it easy to manage detected programs through the PestPatrol console. When I selected a computer from my domain, the list of detected pests was retrieved from the client and displayed in a table. With a simple right-click, I could delete the pest or remove it from quarantine. It would have been nice to be able to add items to my exclusion list from this view, but that feature wasn’t available.
PestPatrol Corporate downloads database updates to the central console machine and then distributes them to each client either manually or on a schedule; SpyCatcher forces each client to download the update separately via the Internet. PestPatrol’s updates can sometimes be large, so having the console perform a single download saves Internet bandwidth.
On the downside, PestPatrol’s reporting lacks a certain robustness, with less extensive facilities than those found in SpyCatcher. The management console does create, however, a text-based report of pests, showing workstation name, date, time, detected program name and category, and the action taken. There is no advanced logging in PestPatrol, such as to a Syslog server, but the software can e-mail a specific administrator when spyware is detected.