Enterprise Spyware Fight Is On

By Andrew Garcia  |  Posted 2005-02-14 Print this article Print

New stand-alone systems help IT managers battle the spyware scourge on the enterprise front.

New ammunition in the battle against spyware is helping IT managers on the enterprise front. Weve seen many consumer-grade solutions for fighting the ever-increasing spyware scourge, but only recently have products come out that help IT managers fight spyware efficiently in the enterprise.

eWEEK Labs recently tested three enterprise-grade anti-spyware platforms. We found the products scanning and cleaning capabilities to be generally effective, but their underlying management platforms are clearly early-generation. Customers may also balk at deploying yet another management agent on their desktops, but they may not have to once anti-virus and other vendors implement spyware-fighting tools in their products. In fact, we predict that the life span of stand-alone enterprise anti-spyware applications will be relatively short.

Click here to read the reviews of Sunbelts CounterSpy Enterprise, Tenebrils SpyCatcher 3.0 Enterprise and Webroots Spy Sweeper Enterprise 2.0. When evaluating anti-spyware solutions, administrators must clearly define the problems to address. These products detect a wide range of malware, including spyware, adware, tracking cookies, Trojans, worms and keystroke loggers. However, each emphasizes different threats or may overlap with existing defenses.

Adware, and its quasi-legitimate use of license agreements to justify its existence on the desktop, may prove to be the trickiest threat to combat. Unfettered pop-up advertisements are often the most tangible evidence that spyware exists on a system, but some anti-spyware vendors may fear litigation by vendors contending that their offerings have been unfairly qualified as spyware. Weve already seen vendors such as McAfee Inc. shy away from the charged terms "spyware" and "adware," preferring the cuddlier term PUPs (possibly unwanted programs).

No matter the nomenclature, the best products will provide the signatures and allow the customer—not the vendor—to make decisions about which programs are wanted.

As in the similar anti-virus field, multiple layers of spyware defense will become critical in maintaining system integrity. Blue Coat Systems Inc. and Trend Micro Inc. have each announced solutions that block spyware at the network level, before it hits the desktop. (The products we review in this package, in contrast, concentrate on blocking or cleaning spyware at the desktop.)

However, these network-based products will have no influence on portable systems that get infected with spyware outside the network perimeter. As with anti-virus solutions, a desktop-level detection component will continue to be necessary.

Click here for tips on testing anti-spyware systems. We expect that within the next two years anti-spyware features integrated with anti-virus platforms will be the dominant spyware defense in the enterprise. Anti-virus companies will leverage their existing agent on the desktop to perform the scans and can capitalize on their familiar and mature administration consoles and reporting features.

Indeed, the newer generations of worms and viruses are similar in form to spyware, consisting of files, folders, registry entries, services and active processes that must be effectively removed to quash the threat. Anti-virus companies should maintain separate research teams for viruses and for spyware to identify more effectively all components of each strain.

Symantec Corp. and Trend Micro provided little relief with their respective first-generation anti-spyware defenses—choosing solely to detect but not clean the malware. However, products are on the way that will provide both capabilities. This month, Symantec announced the inclusion of spyware scanning and cleaning features in Symantec Anti-Virus Corporate Edition Version 10 and Symantec Client Security 3.0. For an additional fee, McAfee, a unit of Network Associates Inc., offers an Enterprise Anti-Spyware plug-in for its VirusScan platform. We expect Trend Micro to follow suit in the near future.

We also expect that it will take one more product revision before anti-virus platforms match the scanning and cleaning capabilities we saw in the anti-spyware pure plays we review here. Anti-virus companies will have to ensure that their agents can capably handle a large spike in the volume of signatures that need to be scanned without significantly affecting processor and memory use.

Microsoft Corp. will surely play a role in enterprise anti-spyware defenses as well. The recent release of the beta version of Windows AntiSpyware is targeted at consumers, but we expect the announcement of a solution for enterprise customers later this year.

Technical Analyst Andrew Garcia can be reached at andrew_garcia@ziffdavis.com.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel