Anti-spyware solutions fall into three main categories at this time: dedicated anti-spyware systems, defenses integrated into anti-virus applications and gateway defenses for HTTP and other protocols. Before sending out an RFP to vendors, its important for organizations to determine the following:
First, how big is your organizations spyware problem? Is it pervasive or limited mainly to a few users? Will spyware defenses be best implemented by limiting administrative rights for troublesome users?
Also, what is the importance of integrated solutions for your business? Is best-of-breed anti-spyware defense of paramount concern, or are ongoing deployment, management and system performance issues—and their impact on IT time—most important?
Finally, is the rate of spyware infection similar on desktops and mobile computers? Do Weblogging or syslogging software programs indicate whether infections are generated in the main office or when machines travel remotely? Use the answers to these questions as context for your RFP, sample queries for which are:
* How do you define “spyware”? Spyware categories include adware, system monitors, Trojans, tracking cookies and dialers.
* What mechanisms do you use for cleaning/blocking?
* What level(s) of control do administrators/users have? Will different policy controls for various categories suffice, or do you need drill-down control for individual exceptions? Can administrators control how much interaction users have with the solution?
* What server OSes does your solution support?
* What client OSes does your server support?
* Will anti-spyware policy controls conform to directory structure? How do anti-spyware solutions interact with directories to establish defense groups?
* What deployment techniques are supported? • Push from the management console, individual executables, group-policy deployment?
* Does the solution scale to enterprise use? • Are multiple servers manageable from one location? • Can administrators deploy signature and policy repositories in multiple locations? • Does the system support differential access for different administrators?
* What is your process for dealing with companies that wish to have their software removed from spyware classification? Will this software ultimately be removed from signature databases altogether, or will the threat assessment and default action be altered? Will the administrator at the customer site have the final word?
* When the anti-spyware agent is installed, what is the expected system CPU and memory hit? • During scans? • During normal operation?
* Does the administrator have any control over how system resources are affected?