Tangent Finds Spyware—Messily

Tech Analysis: Packet Hawk 2.0 offers some of the most powerful real-time monitoring protections we've seen, but it falls short when it comes to cleaning.

Tangent Computer Inc.s Packet Hawk 2.0-based appliances make it exceptionally easy to get anti-spyware defenses running on a small network. Its actual cleaning capabilities leave a lot of room for improvement, but Packet Hawk 2.0 software includes many other features that will help lock down a network.

While Tangent provides the underlying hardware and support, Packet Hawk 2.0 appliances leverage FutureSoft Inc.s DynaComm I:scan anti-spyware and file surveillance software. With the DynaComm I:scan software, Packet Hawk not only provides anti-spyware blocking and scanning but also provides other blocking mechanisms to tighten security or keep users from engaging in nonproductive activities.

/zimages/4/28571.gifClick here to read a review of Shavlik NetChk Spyware.

eWEEK Labs tested Packet Hawk 2.0 on Tangents low-end appliance model, the Packet Hawk 100, a Windows XP-based, 1U (1.75-inch) appliance. The Packet Hawk 100 includes a 2.8GHz Pentium 4 processor and 1GB of RAM. The Packet Hawk 100, which supports up to 100 clients, costs $1,500; a one-year subscription for anti-spyware definition updates runs another $480. Packet Hawk 2.0 started shipping this summer.

Like Shavlik Technologies LLCs Shavlik NetChk Spyware, Packet Hawk 2.0 appliances require little to no interaction on the client—all anti-spyware functions must be controlled from the appliance. When we scheduled a spyware scan, Packet Hawk 2.0 automatically installed the necessary service on the targeted client workstations. To ensure operation, however, we needed to open UDP (User Datagram Protocol) Port 2510 on each client protected by a desktop firewall.

We used the scan wizard to configure Packet Hawk 2.0 to look for spyware, peer-to-peer applications and games. It was a snap to designate spyware for notification, deletion or quarantine. We also used Packet Hawk to lock clients Hosts file or block ActiveX controls known to be malicious.

In tests, Packet Hawk was fairly effective at disabling active spyware or unwanted applications, finding and deleting several strains from Claria, 180solutions and WeatherBug that other products havent classified as a threat. But it whiffed on other threats, including an ISTbar strain, Surf Accuracy and the WhenU search bar.

/zimages/4/28571.gifSpyware researchers discovered a massive identity theft ring. Click here to read more.

We also found that for each spyware strain detected, Packet Hawks cleanup was scanty, leaving many inert file-, folder- and registry-based traces on the client.

Packet Hawk 2.0 offers some of the most powerful real-time monitoring protections weve seen. We could block spyware from installing via Internet Explorer by blocking certain file extensions from executing, or we could whitelist or blacklist certain files for more granular control.

We could also control access to content or processes. Packet Hawk bundles a wide variety of sample rules that block access to certain types of files (such as media files) or applications. For instance, we easily instituted a policy that prohibited users from playing certain games during work hours.

Although Packet Hawk appliances are intended for SMBs (small and midsize businesses), wed appreciate more attention to the management concerns of larger, multisite organizations. Each Packet Hawk appliance must be managed separately. Tangent recommends doing so via Windows XP Remote Desktop, so theres no way to dictate policy across multiple appliances from a single console.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.