The InfoWorld Test Center assesses the readiness of 10 anti-spyware operatives for active enterprise duty
The scanning and detection engine has been upgraded for this release. CA changed how PestPatrol scans for and identifies spyware. Now it scans based on a CRC (cyclic redundancy check) signature first, and if it finds a possible hit, it uses an MD5 hash to make sure. The CRC check is very fast, allowing PestPatrol to improve its scanning performance. I liked that I could select multiple clients from across the network and launch an on-demand scan with one click. At scan time, I was able to choose how to handle detected threats and also where to look for them.
PestPatrol really falls behind the other products in this roundup with its real-time scanning. Its Active Protection is comparable to Tenebril SpyCatcher. It doesn’t block malicious content from making its way into the system. Instead, it monitors processes in memory and cookie activity on the client PC. The goal is to stop or slow down malware between scheduled or on-demand scans. With the number of threats in the wild and the growing sophistication of the attacks, Active Protection as it stands just isn’t enough. Computer Associates stated that the next release of PestPatrol will have a more active real-time agent.
Reporting is another area where PestPatrol really misses the mark. Reports are available based on pests or a specific pest, all or selected workstations, and also by date range. The generated report is a text file describing each event; no support for any other format or charts is available. Activity and quarantine log views per machine are available. From here, you purge and archive quarantined malware on a client-by-client basis.
PestPatrol does allow for exclusions based on the included lists of known pests and categories, or admins can add their own files and paths to exclude. This is helpful if you want to make sure some applications -- such as remote control or password-cracking tools -- are never quarantined by mistake. Unfortunately, administrators cannot add their own applications to the pest list for removal.
Overall, PestPatrol is a decent all-around anti-spyware solution. It does have some weaknesses, most of which will be addressed in the next release, but it’s one of the easiest tools to use. The scanning engine did an excellent job of removing any spyware on the system, and the push install made deployment fast and easy.
Eset NOD32 2.5 Antivirus System
Eset, with its NOD32 Antivirus System, is a relatively unknown player in the enterprise anti-spyware game. This suite of security services proved average in detecting and cleaning my malware threats but boasts a full-featured remote-administration console. Although NOD32 has solid technical chops, it does suffer from overly cumbersome installation and disjointed administration.
The core technology of NOD32 is Eset’s ThreatSense detection technology, a single engine that identifies malicious behavior. On top of ThreatSense are five task-specific modules: a file system monitor; a Microsoft document monitor; a Microsoft Outlook monitor; an Internet traffic monitor; and the NOD32 on-demand scanner. The system works well at detecting and handling not only spyware but also viruses. It does not include a personal firewall.
Installing the NOD32 server components on my Windows 2000 Server was not nearly as straightforward as the other products. Documentation was available and helped explain the various installation procedures, including manually creating file shares for the client update service.