Anti-Spyware: Layered Look Is In

By Cameron Sturdevant  |  Posted 2005-07-21 Print this article Print

IT managers should deploy anti-spyware products from different vendors to provide the best possible defense.

While anti-spyware products vie for IT managers attention by trumpeting the ill effects and extreme difficulty of eradicating unwanted software, the age-old question of where to install these security tools must first be answered.

PCs that travel should have a client-based system, while stationary computers on a company network are probably best protected by a gateway-based product. Right?

It turns out that what at first appears to be a simple question is clouded by a host of technical and policy concerns, not the least of which is the evolving and somewhat slippery definition of just what constitutes spyware. So, the first policy decision, upon which further action should be guided, must be to settle the question of what software is allowed on end-user systems. (eWEEK Labs limits the discussion here to end-user systems because we assume that servers should run only authorized software and are already subject to stringent control policies.)

Labs analyst Jason Brooks says far too many users run their systems with administrative rights. Click here to read his column. To answer the question asked at the beginning of this article, it is correct to say that mobile PCs—and soon all devices that pass into and out of the corporate network, including phones and PDAs—should have some kind of anti-spyware client running on board.

In addition to protecting the end-user system when operating outside the corporate perimeter defense systems, such as firewalls and gateway-based anti-spyware systems, client-based anti-spyware agents may soon play a role in many outside networks. For example, Cisco Systems Inc.s Clean Access family of NAC (Network Admission Control) technology checks to see if systems are properly protected before allowing network access.

On the flip side, PCs that never travel outside the corporate boundary and that should be protected from spyware with a gateway-based perimeter defense could still benefit from client-based anti-spyware protection. The reason why comes back to the unsettled definition of just what constitutes spyware.

For the time being, IT managers should take a page from the anti-spam playbook. Layered defense from different vendors can lead to a more satisfactory result. Spyware, like spam, actively seeks to evade detection by any number of means. A single anti-spyware provider can offer significant protection from spyware but, as our tests showed, can have quite varied degrees of success in terms of both detection and remediation.

Click here to read Labs reviews of three anti-spyware products. Combining the R&D efforts of two competing anti-spyware vendors can synergistically increase the level of protection. This significantly increased protection might well be worth the increased licensing and maintenance costs for PCs that hold the keys to an organizations future.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.
Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel