Page Three

By Andrew Garcia  |  Posted 2005-07-21 Print this article Print

All three products also failed to properly clean one system infected with an LSP (Layered Service Provider)-based threat, which tightly wove itself into the clients TCP/IP stack. Both Symantec Client Security 3.0 and VirusScan Enterprise 8.0i detected the infection and deleted an offending DLL—which resulted in a crashing wave of error messages and a nonfunctional network connection after we rebooted the client. OfficeScan 7.0, on the other hand, failed to identify the threat at all, which sadly was a preferable outcome, all things considered.

McAfee and Trend Micro representatives were surprised by these results, as each company claims to identify and clean many LSP-borne threats. Symantec representatives promised an improved repair engine late this quarter to address LSP-based malware.

Each product we tested provides free enterprise management platform components bundled with client licenses. These platforms allow mature and robust centralized administration, policy control and logging over anti-virus and anti-spyware components.

On the whole, we preferred McAfees ePolicy Orchestrator 3.5 because of its intelligent design and simplified client distribution, with ties to Active Directory for organizational structures, and advanced reporting capabilities.

We deployed ePolicy Orchestrator 3.5 server in the data center of our main network, and we could configure multiple management consoles as front ends to the server. From the console, we could push deployment of a signature and configuration policy repository to a server in the other office to minimize bandwidth utilization for clients remote to the ePolicy server. We could also push the ePolicy agent to clients from the console, using directory structures culled from Active Directory to define groups of managed hosts in ePolicy Orchestrator 3.5.

To update signatures or add optional components (such as the Anti-Spyware module), we added components to the central repository; the components could then be replicated to other repositories and delivered to clients on demand or on a scheduled basis.

With the Symantec offering, clients report to central servers, with configuration and scanning policies applied on a per-server, per-group or per-client basis. We deployed policy servers at both primary offices, although we also could have chosen to deploy a Live Update server in the second location instead. Each server and all clients are managed via the SSC (Symantec Security Center) application, which can be installed on multiple computers.

Symantecs primary update vehicle is LiveUpdate, which can be configured to update from Symantecs servers at specified intervals. Were not wild about LiveUpdates practice of releasing signature updates only on a weekly basis (unless new critical threats are afoot), but administrators wishing for daily signatures can create a script to automate Symantecs Intelligent Updater update process instead.

We also deployed separate OfficeScan 7.0 servers at each primary network site. Unlike the other products, which use management GUI applications, OfficeScan 7.0 offers an integrated Web console for each server—installed atop Microsofts IIS (Internet Information Services) or Apache 2.0. A separate central management console is also available, but we were not able to test it in time for this review.

For sites wishing only to install a signature repository at remote sites, OfficeScan 7.0 let us designate a client as a repository, and we could adjust deployment policy for remote-site clients to look to this repository client for updates.

Deploying client software via the OfficeScan Web console was sometimes tedious, requiring us to provide administrative log-in credentials for each host to which we wished to push software, instead of allowing us to set a universal management password.

Each product we tested includes in-depth logging functions that detail system events and detection history, and the logs may be accessed from the management console or directly from the client agent, if permitted. We found that each products logs contained detailed accounts of scan histories, threat detection histories and records of the action taken when threats were identified.

McAfees VirusScan Enterprise 8.0i, however, is the only product that includes a true reporting engine. From ePolicy Orchestrator 3.5, we could pull a vast array of filterable reports with drill-down infection details, top-10 reports and other high-level reports. We could also export these reports to a variety of file types for further dissemination.

Each products logs and reports pointed to its respective vendors Web site for in-depth descriptions, technical details and manual removal processes for threats found on our infected systems.

We preferred Symantecs Web site, with its impressive details and breadth of coverage. We found that both the McAfee and Trend Micro threat encyclopedias lacked details about many spyware threats and provided bare-minimum threat assessment or no information at all. Documenting spyware threats must be a tedious and time-consuming endeavor, but, given the spotty cleaning record these products displayed, more information is definitely required.

Next page: Evaluation Shortlist: Related Products.

Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel