Countering spyware

Spyware outbreaks are escalating from a frustrating productivity problem to an outright security issue. All it takes is one careless user who decides to satisfy his MP3 addiction by downloading a free file-swapping program poisoned with malware. A backdoor application and keylogger install themselves, and next thing you know, your company’s Web sites have been compromised and are acting as a file-sharing FTP site, and your domain registrations have been changed to an offshore company.

Whether you call it adware, malware, or spyware, these malicious programs are not only capable of tracking where a user goes on the Internet, but they’re capturing sensitive information such as user names, passwords, and customer data, such as credit card information.

Fortunately, vendors are working to provide smarter and better antispyware tools to help protect against these digital sneak attacks. I recently took ten enterprise antispyware operatives and put them through a series of real-world tests to see how good they are at intercepting malicious programs and protecting end-users computers and sensitive company information. Participating companies included: Computer Associates, Eset, F-Secure, LANDesk, McAfee, Sunbelt, SurfControl, Tenebril, Trend Micro, and Webroot.

Enterprise Ready?
Last year, I reviewed two of the first enterprise-geared anti-spyware apps -- Tenebril SpyCatcher 3.0 Enterprise and CA eTrust PestPatrol Corporate Edition 5.0 -- and saw just how far products on the market were from being truly enterprise-ready. The latest versions of both applications are included in this year’s roundup, and I’m happy to say that both -- and just about all of the others reviewed -- can truly be considered for the enterprise. Deployment, management, and reporting are all easily managed from centralized consoles, and all of the products scale easily into the thousands of installed seats.

All but one of the products integrates easily and thoroughly with AD (Active Directory), as well as simple workgroups. By hooking AD, admins can directly access domain PCs and more easily push installations and updates to clients. All of the anti-spyware products come with centralized reporting, again some better than others. Trend Micro creates very nice looking -- though static -- HTML reports, whereas LANDesk Security Suite includes one of the most flexible and powerful reporting systems in the roundup.

Agent deployment was one area where the vendors shared a common theme; they all support the push delivery method. Further, all the products allow for either .exe or .msi distribution via scripting or software distribution tools. An area where the solutions vary greatly is in how managers interact with installed clients. F-Secure does a great job of allowing an administrator to view protected PCs and manage policies and definitions, but it doesn’t have a way to start an on-demand scan of a client.

Real Time Makes a Real Difference
Support for real-time protection also varies among vendors. McAfee’s, Trend Micro’s, and Tenebril’s versions allow the malware to install, but prevent it from executing, thus leaving it installed but neutered until a removal scan is started. Others, such as Sunbelt CounterSpy, block most malware installs while missing others, and, like Trend Micro, remove existing traces on next scan. F-Secure did the best job of preventing initial installations, blocking all spyware and malware attacks.