By Andrew Garcia  |  Posted 2006-03-06 Print this article Print

Seventeen months after announcing the purchase of PestPatrol anti-spyware technology, CA is the first anti-virus company to meld its own technology with an acquired anti-spyware solution. Although the resulting eTrust ITM r8 solution is relatively late to market, the time CA took to meld the technologies has produced a compelling and feature-rich product.

eWEEK Labs tests show that IT managers might have more difficulty installing and configuring eTrust ITM (Integrated Threat Management) r8 across the enterprise than they would with competing integrated security suites, but the CA offerings solid protection; new Web-based consoles; and integrated reporting, updating and alerting definitely make it worthy of consideration.

eTrust ITM r8 costs $27 per workstation for 1,000 seats (or $13.95 per workstation for 5,000 seats). This pricing is on par with that of competing solutions from Symantec and Trend Micro and is much more affordable than McAfees integrated solution.

Although eTrust ITM r8, which started shipping in January, leverages separate detection engines for anti-virus and anti-spyware capabilities, both engines are maintained under the same overarching client agent. eTrust PestPatrols communication protocol has been rewritten to work with the eTrust Antivirus agent, so eTrust ITM r8 leverages the same reporting, logging, quarantining and updating mechanisms for both engines.

For instance, with the unified agent architecture, updates for anti-virus signatures, anti-spyware pattern files and agent components are delivered together during one update process. However, anti-virus and anti-spyware signatures remain separate files because each uses different file formats and structures. Also, with eTrust ITM r8, anti-virus signatures use the new MicroDAT File Method to deliver only differential update information, saving bandwidth and system resources.

Administrators can deploy eTrust ITM r8 agents to Windows 2000-, Windows 2003- or Windows XP-based hosts across the enterprise using the included (but separately installed) Remote Install tool. With this tool, we were able to preconfigure agents with server, update and other configuration data tailored to a particular clients needs. We also could provide a more general configuration and update the client via policy when it checked in with the eTrust ITM server for the first time.

eTrust ITM r8 offers completely Web-based management, both for the central administration console and for individual client agents. We found the various Web interfaces to be a little sluggish, with long load times as we navigated among various screens, but their layouts were intuitive and easy to use.

To organize clients within the central console, we needed to create detection groups, which automatically organize clients by subnet in a routed network.

The ITM Server discovers clients in a couple of ways: The client leverages phone-home behavior to register with the ITM Server, or the ITM Server actively discovers clients. Although the phone-home method worked seamlessly in tests, we had trouble getting discovery to behave correctly. By default, the ITM Server uses an IP broadcast for discovery, which may not be permitted across routers in the network.

We could also configure discovery to perform a sweep (which was very slow) or use a specified election over UDP Port 42508. But with a specified election, we had to make sure to configure the discovery group with a known valid host address (rather than with subnet information), which took a fair amount of time to figure out.

Larry Seltzer thinks that the time has not only come for ISPs to block port 25 for consumer accounts, it has long since passed. Click here to read more. We configured our detection groups to automatically assign member clients to branches of the ITM Servers Organization tree, which is the structure on top of which we assigned policies. To these branches, we then applied policies—a lot of them.

Next Page: A black or white anti-spyware experience.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel