Product Group Tests

Anti-spyware (2006)

by Peter Stephenson January 01, 2006
products

GROUP SUMMARY:

Our Best Buy award goes to Webroot’s Spy Sweeper Enterprise. As well as having one of the best detection and removal rates in our tests, it is one of the easiest products to manage. Its admin console gives a huge range of options, including when to download new versions of the software. For enterprise environments, it is a superb tool that will fit into your existing security policy. Our Recommended award goes to Finjan’s VSA NG-5000. This hardware gateway appliance includes optional client support for notebook protection when taken on the road. It’s a flexible and scalable system, which has several approaches for tackling spyware infections. The NG-5000 should integrate with existing systems and offers a high level of protection.

Many believe that spyware is the biggest threat to an enterprise’s network, but how effective is the protection being offered in the marketplace? Christopher Moody examines a dozen products.

According to recent reports, spyware is now the most serious threat to corporate networks, outstripping even viruses. And it is a major threat for a wide range of reasons.

First, there is the theft of private information through key logging or file scanning – both potentially damaging and annoying. Browser hijacking might do nothing more than redirect the occasional web request to a different site, but it will increase the number of helpdesk calls and could expose your users to offensive material.

On top of this, a large volume of spyware on a PC can grind it down to an almost unusable state, which will also increase those help desk calls. It’s clear that measures have to be taken to prevent and correct spyware, which is where these 12 products come into play – all designed to help you block and remove it from your network.

Evaluating this kind of software is difficult. One of the problems that anti-spyware programs face is classifying just what constitutes spyware. In general, it is a broad category of malicious applications that either take control over a part of a computer or intercept data without consent or knowledge. But the boundary between these applications and viruses is starting to blur. After all, is a key-logger a virus or spyware?

And there is actually a lot of crossover between antivirus and anti-spyware – indeed, Panda only supplies its anti-spyware software as part of its antivirus application.

Next, there is tracking cookies from malicious sites, which are considered spyware, but definitely aren’t viruses.

Finally, perfectly legitimate applications can be stealth-installed by programs such as Kazoo, turning them into spyware.

These applications also offer real-time protection, which blocks known spyware files from downloading and existing spyware from communicating. Many of these scanners can also protect Internet Explorer settings, prevent toolbars from installing and a host of other things that should prevent spyware from gaining a foothold.

We’ve tested nine of these products. Noticeably missing are Microsoft’s and Computer Associate’s anti-spyware products, as both are still currently in beta.

Second, we’ve tested gateway devices. These look at spyware on a network-wide basis and use a combination of signatures, knowledge of spyware URLs and code analyzers to stop spyware geting in and existing infections from communicating.

To test our products, we downloaded and infected our test PC with several pieces of spyware using information available from www.spywareguide.com. Our PC-based scanners were then used to see how many they could find.

Using this site, we also found some malicious websites that would try and install toolbars and hijackers in order to test how good the prevention systems were on the gateway and PC products.

For the gateway products, we were also interested to see how they coped with notebooks leaving the corporate network and if they could still offer protection through an optional client. We also evaluated the products for management. In an enterprise environment, you need to be able to centrally manage policies, updates and scans. Central reporting is also important, so that you can track the biggest threats to the network.

Our tests showed high levels of recognition, removal and prevention, but not 100 percent. So it is important not to rely just on anti-spyware products to protect your network.

In all cases, prevention is better than a cure. If people can’t get at spyware, then there’s no way for it to infect their computers. So consider installing web filters and blocking the harmful sites that carry this kind of software, particularly those that contain warez, pornography or music.

Implement strict security policies on the PCs to prevent unauthorized applications from being installed by the user, such as P2P applications, which usually come stuffed full of spyware.

Don’t forget that you will need to match your anti-spyware software with suitable antivirus software. The combination of the two applications working together should increase detection and removal rates.

Finally, you might also want to consider installing personal firewalls. Many of these come with application-level controls, which can stop unauthorized clients from connecting to the internet.

With a combination of these security tools, which some of the appliances in this test offer in one box, you will have a much safer environment. Over the next eight pages, you can see how the products we tested stacked up against each other.

SC Webcasts UK

Sign up to our newsletters

FOLLOW US