RFP: Anti-spyware Solutions

Analysis: This sample document is designed to help IT administrators develop an RFP for an enterprise-grade, stand-alone desktop anti-spyware solution.

As administrators deal with conditions of worsening desktop security, lost user productivity and reduced system performance, anti-spyware defenses have emerged as a necessary layer of protection for enterprise desktops.

Anti-spyware solutions come in many forms, however, including stand-alone desktop-based protection, protections integrated with desktop anti-virus solutions and systems delivered via network-based gateway protections. This sample document is designed to help IT administrators develop an RFP for an enterprise-grade, stand-alone desktop anti-spyware solution.

To identify the right solution when creating an RFP, administrators should have a good understanding of what the real problem is that needs to be solved, what the scope and size of the deployment will be, and what potential obstacles may currently exist.

Protection and Research

An anti-spyware solution is only as good as its research team and the signatures it generates—most anti-spyware products detect and clean only about 80 percent of malware. Customers should know ahead of time what types of threats are most critical to address and whether spyware or adware is of concern as a security, performance or productivity issue.

What types of threats does your solution detect?

• Spyware
• Rootkits
• Adware
• Dialers
• Trojans
• Cookies
• System monitors
• Other (list)

Does the solution provide cleaning and blocking services?

Describe how blocking works.

Blocking often relies on heuristic detection in addition to signature databases. Since false-positive rates can increase with heuristic detections, its worth getting to know how the software does it.

* How are new malware samples identified?

* How often are new signatures delivered?

* Describe your research team.

* How many members? Locations?

Do you partner with any other research teams for additional signatures?

Please list the teams notable awards or achievements.

* How does your organization deal with requests to remove Web sites or applications from the detection list? Describe the submission and review processes.

* What actions are taken if a status change is warranted? Are sites removed from the database, or is there a change of default recommended action?

* How are customers notified of changes?

Servers and Infrastructures

Describe the various components of the solution infrastructure, including:

• Policy server

• Distribution server

• Reporting server

• Management console

What are the minimum and recommended requirements for server components, including:

• Supported operating systems


• Memory

• Disk space

Please provide a scaling guide, describing maximum clients supported versus server specifications.

Can server components be installed on separate machines, or must they all be installed together? Please list what communication ports are used between components.


Describe the database included with the server installation package.

Does the application work with existing enterprise databases? If so, list which databases are supported.


Which client operating systems are supported?

• Windows Server 2003

• Windows XP

• Windows 2000

• Windows 95/98/ME

• Other (list)

How much disk space is required?

How much memory is consumed?

• Under normal conditions?

• During scans?

What is the CPU usage during scans?

Can administrators adjust via policy or manually?

Does the client operate as an application or a service?

At what point in the boot process does the anti-spyware product start?

Does the service/process require local administrative rights to perform scans or cleans?

Describe modes of operation:

• User interactive

• User alerting only

• Silent (no user interaction or alerting possible)

• Other (describe)

Are there any known conflicts with other applications and services?

As spyware threats have become more complex, anti-spyware programs have needed to reach deeper into the operating system to find and detect the threats, as well as to avoid tampering from outside sources. Administrators should take care to list in an RFP existing security or management applications to ensure that the anti-spyware program does not have known incompatibilities with any of them.

Describe how agents communicate with server components. Please list any relevant TCP/UDP (User Datagram Protocol) ports.

Describe any special concerns for clients traveling out of network.

Does the client receive updates from the vendor?

Does the client process shut down after a predetermined amount of time?

Can the client report back to the server through an alternative method?

Next Page: Client distribution, Updates, Directory integration, Policy control, Reporting.