No One Fell Swoop for Spyware

 
 
By Andrew Garcia  |  Posted 2005-07-21 Email Print this article Print
 
 
 
 
 
 
 

Anti-virus/anti-spyware apps from McAfee, Symantec and Trend Micro fall short.

While dedicated anti-spyware companies struggle to ramp up the underlying management tools that enterprises require to address the escalating spyware scourge, eWEEK Labs tests show that anti-virus vendors are failing the marketplace by providing combination solutions long in integration and management capabilities but decidedly subpar when it comes to finding and permanently destroying spyware.

The appeal of an integrated anti-virus and anti-spyware solution is undeniable—promising simplified management and reporting for virus- and spyware-based threats, a single agent and policy to deploy to client workstations, and integrated delivery of signature updates. All of this would significantly ease administrative burden—if the scanning and cleaning were up to snuff with stand-alone anti-spyware software.

eWEEK Labs invited three leading anti-virus vendors to submit for review enterprise-grade platforms with integrated anti-spyware capabilities. On the following pages, we review the spyware scanning and cleaning, ongoing management, deployment, and reporting capabilities of McAfee Inc.s McAfee VirusScan Enterprise 8.0i with the optional McAfee Anti-Spyware Enterprise plug-in, Symantec Corp.s Symantec Client Security 3.0 and Trend Micro Inc.s OfficeScan 7.0 Client/Server Edition.

While these products underlying management and distribution tools are effective and easy to use over a large network, we were not entirely satisfied with their spyware defense and cleaning capabilities. Only McAfees VirusScan Enterprise 8.0i suite is worthy of consideration as the sole anti-spyware solution on the corporate desktop at this time.

Check out Labs Executive Summary for VirusScan Enterprise 8.0i suite here.
Exemplifying our dissatisfaction is the inability of these products to eradicate Claria Corp.s family of behavioral marketing applications to our satisfaction. According to Webroot Software Inc.s Q1 2005 State of Spyware report, Clarias GAIN applications are the second-most-common adware programs detected in Webroots online scans. Despite Clarias claims regarding the legitimacy of its software (and Microsoft Corp.s recent downgrade of its Claria threat assessment), it is highly unlikely that Claria software has any role whatsoever on the corporate desktop.

Administrators need and should expect their anti-spyware products to completely tackle the problem. Unfortunately, none of the products reviewed here met that expectation. Trend Micros OfficeScan 7.0 and McAfees VirusScan Enterprise 8.0i each removed Clarias Precision Time component and several other traces yet left Date Manager alive and active. Symantec Client Security 3.0 couldnt accomplish even that much, leaving Precision Time running.

Through threats to security, system performance and worker productivity, spyware has leapt to the forefront of many IT administrators minds within the last year, but anti-spyware defenses are still in their toddler stage. We have no doubt that these vendors will improve their anti-spyware capabilities—through research, development and acquisitions—in the near future. Signifying this, Trend Micro recently acquired anti-spyware vendor Intermute and last month released a stand-alone, enterprise-grade anti-spyware platform, with plans to integrate the technology into OfficeScan in the near future.

Check out Labs Executive Summary for Trend Micros OfficeScan 7.0 Client/Server Edition here. Unfortunately, at this time, it is best to consider these products as intriguing baby steps in the war against spyware—addressing the core security concerns but leaving system performance and worker productivity as targets to address down the road.

Pricing for the three products is fairly disparate, but each price quoted includes the costs for management servers, consoles and reporting/logging tools. Trend Micros OfficeScan 7.0 costs $26.97 per user for 1,000 users, while Symantec Client Security 3.0 costs $33.90 per user for 1,000 users. McAfees VirusScan Enterprise 8.0i with the optional anti-spyware plug-in costs $41.94 per user ($29.54 for VirusScan Enterprise 8.0i and $12.40 for the Anti-Spyware Enterprise module).

Check out Labs Executive Summary for Symantec Client Security 3.0 here. In addition to its significantly higher price, VirusScan Enterprise 8.0i lacks a complete integrated desktop firewall. (Symantec Client Security 3.0 and OfficeScan 7.0 include full desktop firewalls, while VirusScan Enterprise 8.0i has limited firewall functions.) However, VirusScan Enterprise 8.0is vastly superior anti-spyware detection and cleaning capabilities, combined with the best management and reporting tools among these products, make it the only integrated solution we can recommend as a front-line anti-spyware defense.

eWEEK Labs tested each product on a series of Microsoft Windows XP Professional- and Windows 2000 Professional-based hosts, each patched at slightly different levels. To ensure repeatability of tests across products, we installed our clients on virtual machines using VMware Inc.s VMware Workstation 5.

We infected some clients with known adware threats weve commonly run into on user desktops. We infected others with easily obtainable free system monitors (such as keystroke loggers) or by trawling coupon, warez and other questionable sites. We then took snapshots of each client before anti-virus software installation to ensure that each anti-spyware solution faced the same threats.

We deployed our clients in three separate networks: two primary offices connected via a T-1 (1.544M bps) link simulated using Shunra Software Ltd.s Shunra Virtual Enterprise, and a remote office connected via ADSL (asymmetric DSL) and an IP Security VPN.

At each primary office, we installed a local signature repository for each of the three products tested to avoid updating many clients directly over a WAN link.

Next page: Scanning and cleaning.



 
 
 
 
Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel