Anti-Spyware: Layered Look Is In

While anti-spyware products vie for IT managers attention by trumpeting the ill effects and extreme difficulty of eradicating unwanted software, the age-old question of where to install these security tools must first be answered.

PCs that travel should have a client-based system, while stationary computers on a company network are probably best protected by a gateway-based product. Right?

It turns out that what at first appears to be a simple question is clouded by a host of technical and policy concerns, not the least of which is the evolving and somewhat slippery definition of just what constitutes spyware. So, the first policy decision, upon which further action should be guided, must be to settle the question of what software is allowed on end-user systems. (eWEEK Labs limits the discussion here to end-user systems because we assume that servers should run only authorized software and are already subject to stringent control policies.)

/zimages/4/28571.gifLabs analyst Jason Brooks says far too many users run their systems with administrative rights. Click here to read his column.

To answer the question asked at the beginning of this article, it is correct to say that mobile PCs—and soon all devices that pass into and out of the corporate network, including phones and PDAs—should have some kind of anti-spyware client running on board.

In addition to protecting the end-user system when operating outside the corporate perimeter defense systems, such as firewalls and gateway-based anti-spyware systems, client-based anti-spyware agents may soon play a role in many outside networks. For example, Cisco Systems Inc.s Clean Access family of NAC (Network Admission Control) technology checks to see if systems are properly protected before allowing network access.

On the flip side, PCs that never travel outside the corporate boundary and that should be protected from spyware with a gateway-based perimeter defense could still benefit from client-based anti-spyware protection. The reason why comes back to the unsettled definition of just what constitutes spyware.

For the time being, IT managers should take a page from the anti-spam playbook. Layered defense from different vendors can lead to a more satisfactory result. Spyware, like spam, actively seeks to evade detection by any number of means. A single anti-spyware provider can offer significant protection from spyware but, as our tests showed, can have quite varied degrees of success in terms of both detection and remediation.

/zimages/4/28571.gifClick here to read Labs reviews of three anti-spyware products.

Combining the R&D efforts of two competing anti-spyware vendors can synergistically increase the level of protection. This significantly increased protection might well be worth the increased licensing and maintenance costs for PCs that hold the keys to an organizations future.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.