A Black or White
Anti-spyware Experience"> Because the eTrust ITM r8 client includes both anti-virus and anti-spyware engines, plus the overall agent structure itself, we had to create and apply several policies to gain full protection. Active protection and scheduled scans are configured separately within the anti-virus and anti-spyware components, yet another policy is required to control agent communication, reporting and updating. To schedule periodic anti-spyware scans, we created a policy dictating which types of scans to perform (memory, cookies, registry or common disk locations) and defined the action to take when a threat is found (report or quarantine). We could then schedule each scan to run one time or at a given frequency, as well as dictate the level of CPU usage for the scan.To exclude specific malware strains or a family of detection types, we had to create and apply exclusion policies. We liked the flexibility that comes when exclusions are broken out from the scan policy, as we could easily configure and apply exceptions across multiple scan policies. For the exclusion policy, we could search for individual strains in the eTrust ITM r8 database or select from among 69 known threat categories as defined by CA, and we could apply them to many scan policies without needing to edit each one. Maintaining separate policies for virus and spyware scans is unusual for integrated products; competing products rely on a single engine to perform both types of detection. We appreciated that we could easily set up different schedules for both types of scanssomething that, while possible with competing products, is not as straightforward as it is with eTrust ITM r8. In spyware detection tests, we found eTrust ITM r8s detection capabilities far from perfect but better than most competing solutions weve seen to date. In general, spyware defense was a black-and-white experience with eTrust ITM r8we found detected threats cleaned to our satisfaction, while other threats were missed completely. eTrust ITM r8 successfully detected and removed threats from Claria, 180solutions and WhenU, as well as WideStep Security Softwares Elite Keylogger, among others. Like every other anti-spyware solution weve tested, however, eTrust ITM r8 wasnt perfect by any means. It missed some troublesome threats to data security such as WareSight Keyloggers 007 Keylogger Spy. 180solutions, criticized in the past for "illegal and deceptive" practices, is again accused of allowing unauthorized installations. Click here to read more. For spyware blocking capabilities, eTrust ITM r8 relies on its robust signature detection library to keep malware from gaining a foothold. CA representatives argue that signature detection remains the most effective deterrent, as many spyware strains use a variety of mechanisms designed to evade heuristic blocking techniques. While we agree that signature-based detection is the most accurate detection method and also causes the least amount of false positives, signature-based solutions are reactive and unable to cope effectively with new or unknown threats. And weve seen some vendors, such as Panda Software with its TruPrevent technology, deliver promising results with behavioral detection capabilities. eTrust ITM r8s active protection does monitor threats in memory, and in tests we found the product able to successfully deny many malware installations before they took hold. While we were able to install some threats, those detected were not able to install at all. Next Page: Evaluation shortlist.
Fighting spyware is a never-ending battle. Products and enterprises must evolve to meet new security challenges. Read more here.