Join the Spyware Fight

By Andrew Garcia  |  Posted 2006-02-06 Print this article Print

Tech Analysis:Use Gateway and desktop systems together to stem spyware scourge.

When evaluating anti-spyware solutions, administrators should strongly consider implementing a gateway detection and blocking solution in addition to host-based anti-spyware software. While gateway solutions come in many shapes and sizes, the spyware-blocking prowess they confer will help alleviate spyware infection rates and reduce the strain on desktop administration and computing resources.

Click here to read eWEEK Labs reviews of three gateway anti-apyware appliances.
Although gateway devices cannot clean existing infections, they can detect and block outgoing "phone home" behavior from malware that is used to transmit pilfered personal data, as well as malware attempts to update or restore out-of-date or damaged components.

Better yet, gateway devices provide much-improved blocking capabilities, denying users the chance to access spyware-ridden Web sites or to download infected packages. With a gateway device, many malware strains never have the chance to start the installation process, so theres less need to test and tax client solutions cleaning prowess.

While client-based anti-spyware software products often have their own blocking mechanisms, eWEEK Labs has found many of these products capabilities to be underwhelming or ineffective. Many of these products rely on real-time protection through hard drive scans, catching new spyware infestations only after installation has started. And once many malware strains gain a foothold, it is hard to completely eradicate them—no matter what client software is used.

During the last six months, several vendors have ramped up client blocking mechanisms through the use of kernel-level drivers. This has the dual benefit of hiding the protection from the operating system—making it harder for malware to detect and disable in-place defenses—and enabling anti-spyware products to clean malware strains that use rootkit technologies to mask themselves from the operating system. However, the impact of installing many applications at the kernel level is unclear at this time. Some evidence has surfaced that shows that anti-virus and anti-spyware applications could interfere with each other as they both start to leverage kernel-level components.

Many products now being marketed as gateway anti-spyware appliances did not get their start that way. Weve seen several types of products get repositioned as spyware defense. For example, vendors that produce Web filtering appliances, Web caching appliances, instant messaging security appliances and gateway anti-virus devices are wading into the anti-spyware arena. While not all solutions are created equal, each will provide some modicum of protection.

How do integrated anti-virus/anti-spyware solutions stack up? Click here to read more. When evaluating gateway anti-spyware appliances, IT administrators should first examine whether the company already has some pieces in place that are upgradable to spyware defense. Introducing new appliances into the network mix always runs the risk of adding latency to network performance, so paying due diligence to whats already installed could reap immediate security and performance benefits.

Click here to read eWEEK Labs tips for testing anti-spyware systems. Of course, gateway appliances should not be relied on as the sole layer of spyware defense. Gateway appliances have no cleaning capabilities to remove existing threats, nor can they provide protection for mobile clients as they migrate outside the corporate perimeter.

Next Page: Team work

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel