The InfoWorld Test Center assesses the readiness of 10 anti-spyware operatives for active enterprise duty
SpyCatcher is a point solution that focuses on adware, spyware, and other malicious programs. Unlike F-Secure, NOD32, and McAfee, anti-virus protection is not built in. I had no trouble with Windows XP’s firewall and Norton AntiVirus and SpyCatcher on the same system. I installed SpyCatcher’s administration server on a Windows 2000 Server and used Windows XP Professional clients exclusively.
The browser-based administration UI was well-organized and very easy to navigate. Administrators can use the Network Explorer view to push-install client computers, create reports for one or all clients, and initiate on-demand scans with a single click.
Like the other products tested, SpyCatcher had no trouble enumerating my computers in Active Directory or across other Windows domains. Unique to SpyCatcher is the way it organizes your PCs into predefined groups in the Status Explorer view. I found this especially helpful when trying to identify PCs with out-of-date definitions or that did not have the agent installed.
Policy definition required little effort, due in part to the limited number of choices available. SpyCatcher does break out the various forms of malware into a number of groups, and administrators can define the action to take on detection for each group. For instance, I set SpyCatcher to quarantine everything but cookies, port scanners, and packet sniffers; these SpyCatcher just entered into the alert log. Admins can create multiple policies to meet the security needs of the network.
SpyCatcher’s real-time engine does not block the malware from entering the system; rather, it watches for its behavior when it’s in memory. There it quickly kills the application and keeps it at bay until the next full scan. I saw this process in action, and although it let the process execute, it ended the task almost immediately. In reality, because there is a delay before the application terminates, there is a chance that a malicious program could sneak off with personal information. I would like to see this real-time protection be more proactive and stop the intruder before it is in the front door.
The re porting engine gets the job done, but it has room for improvement. Reports are available in PDF or CSV (comma-separated value) only, and other than choosing a date range and report type, there is no other customization available.
SpyCatcher’s resource usage on a client PC was about average out of all products here, and, like all others, swelled to nearly 60MB and 95 percent CPU utilization while doing a scan. Admins cannot set thread priority during a scan, so make sure scheduled tasks take place after work hours.
SpyCatcher is easy to use and deploy, and it did prove resilient in cleaning spyware from my test systems. Given that this is a beta release, I expect some things, such as lower resource usage, to change before it is generally available. In future releases, I would like to see the real-time protection step up and keep the bad stuff out.
Trend Micro Anti-Spyware for Small and Medium Business 3.0
Trend Micro is one of the top anti-virus companies in the world, so it was a natural progression for the company to put together an anti-spyware product. Through technology obtained through the acquisition of InterMute in May 2005, Trend Micro has assembled what could be one of the better anti-spyware products for the enterprise — when a few kinks are worked out. Real-time protection is only average, but scanning remediation is among the best. Another solution with a browser-based administrative UI, TMAS (Trend Micro Anti-Spyware for Small and Medium Business) was easy to install and configure.