The InfoWorld Test Center assesses the readiness of 10 anti-spyware operatives for active enterprise duty
Spy Sweeper Enterprise does not include anti-virus protection but ran fine alongside my Norton AntiVirus installation and the Windows XP firewall. Installation of the management console on my Windows 2000 Server was as easy as it comes. Client deployment was a little rougher than most other products. Even though Spy Sweeper identified all of my domains and clients, I was not able to push-deploy the agent to an uninstalled client. I believe it was a user name and rights issue, but unfortunately, as of this writing, I was not able to confirm this with Webroot support. Installation via file share using the Spy Sweeper MSI package worked flawlessly.
Defining a policy for Spy Sweeper means deciding which drives and folders to scan, whether to perform additional sweeps of memory and the Registry, and if the agent should pop up or stay hidden during a scan. Each of these items has a check box to enable the end-user to modify the settings, which is nice for power users, but it should be left off (default state) for normal clients.
Real-time protection comes in the way of Smart Shields. These various shields protect the Windows system, Internet Explorer, and Startup locations. A Spy Installation Shield uses known spyware definitions to block processes from running. It also allows administrators to define custom lists of applications they don’t want running on a client; for instance, instant messaging or a p-to-p client . I tested this by adding sol.exe to the custom list, and after letting the policy update, when I tried to launch Solitaire, Spy Sweeper didn’t even let it begin to load. To the end-user, it simply didn’t look like it even tried to launch. This process only works on explicit file names and not CRC (cyclic redundancy check) or MD5 hashes, so it is possible for someone to circumvent this protection if he or she really wanted to.
Real-time protection was better than average, but even Spy Sweeper didn’t stop all of the spyware attacks. It did, however, scan and clean all of the pests that left traces behind, proving to have the best remediation of all apps tested.
The Enterprise Admin Console is at times very intuitive; other times, it’s completely disorganized. As with F-Secure, occasionally I found myself jumping between groups of tasks to manage similar functions. Also, the console is currently Java-based and feels a bit sluggish as a result. Future releases are scheduled to have a Web-based UI to help speed admin chores.
Reporting is good, but there is room for improvement. Admins can choose from predefined templates and create reports based on workstation and group and also filter on date. Graphical reporting is new to Spy Sweeper Enterprise, but customization and reuse of reports is not available.
Overall, Spy Sweeper Enterprise provides all of the necessary parts to the anti-spyware solution. It has excellent real-time protection and remediation and a full slate of options that allows for flexible yet powerful protection. Once the reporting gets up to speed, it will be hard not to choose Spy Sweeper as your enterprise anti-spyware tool.
It’s All About the People
In the end, a network’s security is only as good as the people who use it. Tools like these will help ease administrator’s jobs some by providing reporting and logging of user activity and the programs they try to run. All the tools in the world, however, will not prevent a user from copying files to a PC or installing an unapproved application. The enterprise must establish an acceptable use policy for the network and enforce it.
Spyware attacks are only going to continue to gain in frequency and cleverness. Unlike viruses, spyware and adware have a financial goal driving them, and you can bet those spyware writers are doing everything they can to access your network. Make sure you make their job even harder.