The InfoWorld Test Center assesses the readiness of 10 anti-spyware operatives for active enterprise duty
I like the simplicity of CounterSpy’s policy engine. It isn’t overwhelming, yet it provides enough granularity to meet most needs. For instance, I was able to define different thread priorities and options for quick and deep scans, as well as different run schedules. Each policy allows admins to specify how detected threats are handled, with different choices for real-time and on-demand scans.
Reporting is good, if not overly exciting. CounterSpy uses the Crystal Reports engine, which makes it easy to print and e-mail reports directly from the report viewer. Unlike McAfee ePolicy Orchestrator, CounterSpy doesn’t make full use of Crystal Reports drill-down features to filter displayed data. Also, admins cannot create custom reports; they are limited to the seven reports built into CounterSpy.
The update engine is streamlined and effective in retrieving and distributing new program and definition updates. Updates are retrieved by the management console on a specified schedule, and admins can force an immediate check. Each policy has its own settings for how often to check for updates, as well as an Update Now button.
CounterSpy’s agent installs five services on a client PC, with a small 16MB memory footprint. When a scan starts, however, memory usage swells to over 62MB. Real-time protection, called Active Protection, was much like Trend Micro’s; it allowed the malware to download and start running in memory, where it killed the process before allowing further execution. This process was not always 100 percent successful, and it allowed a couple of adware pop-up applications to launch. By design, Active Protection will stop a process from running, but it relies on a system scan to really remove the threat.
Quick and deep scans proved to be capable of eradicating leftover pieces of malware, with the deep scan checking more locations. On subsequent reboots, I never experienced a reinfection of any malware that slipped through the real-time protection.
CounterSpy Enterprise is one of the most intuitive and configurable anti-spyware products in this roundup. The reporting is good, if not flashy, and if its real-time protection were a bit more proactive, it would be hard not to make CounterSpy the top choice for enterprise anti-spyware protection.
SurfControl Enterprise Protection Suite -- Enterprise Threat Shield
SurfControl Enterprise Protection Suite -- Enterprise Threat Shield blocks not only known malicious software, but also any application defined as unwanted by the organization. Real-time protection was above average, allowing only one piece of adware to sneak through. The reporting engine is browser-based, and the whole system uses MSDE -- or your existing SQL installation -- for its data repository. Mobile users, meanwhile, only have some protection while disconnected.
SurfControl Enterprise Threat Shield is part of a suite of applications that cover just about all aspects of enterprise security, including Web content and e-mail filtering. Enterprise Threat Shield does not include anti-virus or firewall capabilities, but I had no trouble using it alongside the Windows firewall and Norton AntiVirus. Installation of the server console on a Windows 2003 Server didn’t prove difficult.