The InfoWorld Test Center assesses the readiness of 10 anti-spyware operatives for active enterprise duty
Installation of the client agent was a push process, much like other products reviewed here. In addition to hooking into Active Directory, Threat Shield can also work with Novell NDS and Windows NT 4 domains. Enterprise Threat Shield differs from other products in that instead of pushing a multimegabit application to each client, a small 1.3MB listener application launches with the main detection engine running “hidden” in memory (no process shows in Task Manager). Threat Shield keeps a small list of application signatures in memory and compares active applications against it. When it doesn’t have a match in memory, or needs to confirm a signature with a server, it makes a quick connection to get the data it needs.
This is fine for PCs connected full time to the network, but it fails to completely protect mobile users out of the office. I tested this by first connecting my Windows XP Professional client to the network and installing the agent. I made a full pass of my test URLs to make sure the system was working correctly. I then disconnected the network cable to my Threat Shield server and visited the URLs again. I was surprised to find that while some adware applications were installed, many were still blocked by the resident portion of SurfControl. Even after subsequent reboots, although not at the same level of protection I had while connected, there was some measure of security. SurfControl is working on a more mobile-friendly update due by the end of the year.
Threat Shield is rules-driven. When I understood how to correctly assemble a rule, I found it to be a straightforward process. I simply selected the clients to deploy to, what types of threats to look for, and what actions to take for each detected threat. When this process was completed, I saved the configuration, and it was automatically pushed to the selected PCs. Unlike with McAfee ePolicy Orchestrator, I wasn’t bombarded with configuration choices.
Threat Shield allows administrators to define any application as an unwanted application, which is a feature I like. Through the database manager, admins can add specific applications to a blocked programs list, allowing them to tailor their security to their specific needs.
The reporting system is enterprise-grade, based on IIS and MS SQL, and allows for some customization. There are a number of predefined reports, and I had no trouble adding custom ones. Admins can export reports to PDF, MS Word, and Excel, or print right from the window. The reporting system also allows view-only user access for non-technical users.
Threat Shield doesn’t use any additional system RAM during an on-demand scan, unlike the other solutions. This near-zero footprint is a very welcome sight. Definition updates occur automatically or on-demand.
Enterprise Threat Shield does a good job of protecting enterprise clients. Its reliance on being connected to the management server is a problem, albeit a small one. I like the ultra-small resource footprint, and the browser-accessible reporting engine is nice, but its management interface takes some getting used to.
Tenebril SpyCatcher 4.0 Beta
I reviewed SpyCatcher 3.0 last October, and even though the latest release isn’t quite ready, I wanted to report what’s new and improved in the next incarnation. What I found is a security solution that is more network-friendly, with good protection and remediation, but reporting was minimal. Policy settings covered the basics, but many advanced settings were missing.