Counter-spies on the LAN
For networked, enterprise-wide spyware and adware protection, both Computer Associates and Tenebril are strong contenders
Click for larger view.
SpyCatcher 3.0 Enterprise
SpyCatcher Enterprise takes an approach similar to PestPatrol Corporate, creating a central point of administration for clients. The management console is lean yet usable, offering flexible control of what malware to keep an eye on and what to ignore.
Installation of SpyCatcher Enterprise went smoothly with no surprises on my Compaq ML-530 rack-mount server running Windows 2003 Server. Client software is installed via Windows .MSI installation packages, which can be distributed through a shared folder or a software distribution system. Unfortunately, you cannot handle console-to-client management in real time, making immediate client changes and updates impossible. Clients seem to check in to the management console for updates about once per hour.
At the end of the console installation, a wizard stepped me through the process of defining the communication method between the console and the client application. The three choices were direct network connection, use of an intermediary FTP server for inbound and outbound data, and use of a shared folder on a network drive to act as the intermediary. I chose to use the direct network option, because all of my PCs could communicate directly with the SpyCatcher console. Most enterprises will want to use this method, if possible, because it provides the best overall performance.
The wizard also allows administrators to secure the client-side application with a password or to hide the system tray icon completely. Unlike PestPatrol Corporate, SpyCatcher installs a client application that an end-user can run at will unless administrators explicitly prevent it with a global setting.
By default, SpyCatcher merely logs detected adware or spyware, but administrators can also set it to automatically disable all malware upon detection. In the event of false positives, SpyCatcher can save recovery information on the client PC so that any deleted files can be restored. One feature not found in PestPatrol, SpyCatcher can “scrub” deleted files to prevent undeletion by overwriting them using a Department of Defense-style algorithm.
SpyCatcher lets administrators keep an eye on particularly troublesome clients by adding them to its Watch List. This is a great way to quickly and easily monitor specific clients for new or continuing spyware infections. Unfortunately, SpyCatcher will not allow you to disable any software from the Watch List screen; you must go to another page. Nonetheless, I found it easy to disable programs from the Detected Spyware page -- simply select the item and click the Disable button.
Administrators can decide what types of spyware to scan for by choosing any of SpyCatcher’s predefined groups, such as “Backdoor Targets” or “Malicious ActiveX Components.” But as in PestPatrol, you cannot create new group listings of your own.