| |||||
It seems that reviews these past few months have been revolving around Internet-borne content in one way or another. Last month we looked at Internet content filters; this month we are looking at a similar but a much more transparent and malicious beast -- spyware. (Next month we will be going over anti-spam applications to see where they have come in the year since we visited them last.)
One thing is sure: the worldwide spam epidemic certainly has not gone away or abated at all. And spyware seems to be shaping up as the next big "security" threat to consumers and businesses alike. While we are on the topics of spam and spyware, has anyone noticed the increase in spam purporting to provide "free" and "effective" spyware removal tools? Most of these should really be read as, "Click here to download and install this really super-effective spyware so that we can easily monitor your system and then rip off not only your identity, but all the funds in your bank account".
Call it what you will, adware, malware, tracking software, spybots, key loggers, diallers -- the list is virtually endless -- it is all spyware. If the user did not knowingly install it, or if the application did not come with an explicit, detailed description of its intended purpose that the user read, understood and agreed to (one that gathers a user's information and sends it back to another party with their authorisation), then it is malicious spyware.
With the advent of more connected and dynamic Web sites, those with malicious intent have seized on the opportunity to develop small applications that surreptitiously install themselves on users' systems. These apps can come as part of shareware or freeware programs, or popular peer-to-peer file sharing applications; they can even be innocuously downloaded during regular browsing of some sites (this is known as drive-by downloads), or delivered in the payload of an e-mail attachment (as with worms or viruses).
Once installed, more insidious spyware might monitor the user's keystrokes and wait for pre-programmed strings to be typed, such as a URL for a banking site. Subsequent keystrokes are then recorded and sent back to the coder's home. After that, the unsuspecting user can basically kiss their hard earned cash goodbye.
Some people assume that their traditional antivirus application vendors would be looking out for them and protecting them against this malicious code. But most antivirus vendors are at a loss to protect their clients from this type of attack. At the end of the day, the application needs to be installed and launched. Most AV engines cannot protect against what may appear to them to be a legitimate application -- one the user authorised to be installed. Some antivirus application vendors are working on additions or further applications to bring to the market to control these new threats. Indeed, Trend Micro was the only vendor to supply a corporate-level network-orientated antivirus/anti-spyware suite for this review. F-Secure has also anti-spyware and antivirus bundled with various other applications in their submitted suite, but this product is mainly for standalone systems.
Ultimately, protection from spyware comes down to the desktop. The best way to deal with it is through the deployment of personal or local system firewalls that can pick up and identify applications that cause data to go back out to the Internet (perhaps without the user's knowledge) and notify the user of this attempted traffic.
Unfortunately for the majority of users out there these systems are too often ignored and/or switched off simply because of the overwhelming amount of notifications being generated. On top of that, the smarter spyware apps use commonly open ports, so unless a system is configured to match applications with ports, there is a good chance the data will get out regardless.
The only real line of defense an individual or organisation has against such code is to evaluate and deploy an effective anti-spyware application like the ones we are looking at in this review.
Computer Associates eTrust Pest Patrol v5The anti-spyware application CA has recently added to its eTrust security portfolio is called Pest Patrol. You probably have already heard of Pest Patrol -- it's been around for quite some time. Installation of the Pest Patrol application was very straightforward. While the version that we were sent for the review by CA, had not been "CA-efied", we are sure that the coming released will be branded with the dual moniker. The actual version tested was Pest Patrol Corporate Edition v5. It should also be noted that the machine upon which the application is to be installed needs to have the Microsoft .NET framework pre-installed -- this is freely available from the Microsoft Web site and is approx 20MB in size.
Once the CA package is installed and launched, the first thing it does is check for available online updates -- the one we tested found 41MB of updates. Further configuration is handled very efficiently by the well laid-out user interface with all of the controls at the administrator's fingertips. Administration, like the configuration, is a breeze; in fact, for the administrator who likes apps that are set-and-forget, the Pest Patrol product is marvelous. One great advantage is the system's ability to scan multiple systems on a network from a single centralised system. This is particularly desirable if one has a large multi-node network to administer and clean up.
Pest Patrol has been in this business for quite some time and their product has obviously been developed and matured enough to satisfy most corporate network administrators' needs. It would be very difficult to go past this application for networked scanning of systems for spyware.
| ||||
| Product | eTrust Pest Patrol Anti-Spyware |
| Price | US$39.95/volume discounts |
| Vendor | Computer Associates |
| Phone | 02 9937 0500 |
| Web | www.pestpatrol.com |
| Interoperability | |
| Designed to work very well in a small-to-medium sized network environment. | |
| Futureproofing | |
| Well-designed and developed product with just the right amount of features specifically targeting spyware. | |
| ROI | |
| Very well priced. | |
| Service | |
| 12 months appears to be the standard warranty with all these applications which is very good for software applications in general. | |
| Rating | |
F-Secure submitted a suite of security-blocking, filtering, and scanning-orientated applications. The spyware component was sourced from the people at Lavasoft, and is identical to Ad-Aware. The rest of the suite includes antivirus, firewall, anti-spam, and parental control components.
Installation takes quite some time and part of the process involves removing other similar applications (eg antivirus and anti-spyware programs). This could potentially be a problem if you are one of those paranoid users who does not trust a sole application to provide the level of security required on the desktop. Once the system has been installed and updated, the user could be forgiven for wondering where the spyware application is located. After a short period of poking and prodding, we discovered that it is in fact a separate standalone application launched from the start menu. One would expect that the programmers at F-Secure could have at least put a shortcut button on their main user interface window to allow operators to launch the anti-spyware application directly from the console.
For the purposes of this review, we are focusing solely on the anti-spyware capabilities of the product and not on the additional applications and features bundled in the suite.
As already mentioned, F-Secure sourced and re-badged the Ad-Aware application from Lavasoft. This being the case what we mention later for Ad-Aware can be considered to be the same for F-Secure's Anti-Spyware application.
F-Secure's suite of applications appears to be geared fairly and squarely at the SOHO or home-user market, particularly with the inclusion of applications such as parental controls. Therefore, from the standpoint of a business magazine review, there is very little that can be said except that F-Secure made a very good decision to bundle Lavasoft's technology and experience with their suite instead of trying to re-invent the wheel. If a home user or SOHO is looking for a complete security suite then consideration should be given to F-Secure's Internet Security 2005 package.
| ||||
| Product | F-Secure Internet Security 2005 |
| Price | Euro 79.90 |
| Vendor | F-Secure Corporation |
| Phone | +358 9 2520 0700 |
| Web | www.f-secure.com |
| Interoperability | |
| Bundled with quite a lot of applications but the system is standalone especially in respect to the anti-spyware component being the same as Ad-Aware. | |
| Futureproofing | |
| Great array of features for a standalone application. | |
| ROI | |
| A reasonable price considering the bundled applications, but if one is just after a spyware scanner then perhaps it would be better to consider Ad-Aware on its own. | |
| Service | |
| 12 months appears to be the standard warranty with all these applications which is very good for software applications in general. | |
| Rating | |
Lavasoft is one of the pioneers of this type of scanning technology. The company has specialised in this area for a number of years. Originally focusing on assisting home and small businesses to cope with malware problems, Lavasoft has now expanded and created this professional edition of its application with a number of features that may make it attractive to some corporates.
The Ad-Aware product has been around for a very long time and Lavasoft, like Pest Patrol, has great experience in targeting pop-up advertisements and spyware specifically. It would be a safe bet that when most tech-savvy people think about spyware issue it is Ad-Aware or Pest Patrol that first come to mind.
Installation of Ad-Aware took less than a minute. Initial configuration consists of a wizard prompting the operator through the Web update process to bring the definition files up-to-date. At this stage it is worth drawing attention to the fact that most anti-spyware applications are similar to most antivirus applications in that they have regular definition and engine updates. So it is advisable to set a similar schedule for your anti-spyware application, just to ensure the package is as current as possible.
With virtually the same interface across all its products, each Ad-Aware version basically adds more levels of features and functionality. This makes the proposition very attractive for administrators who have possibly already been using and are familiar with other versions of the Ad-Aware family.
Administration in the professional edition -- as to be expected -- is slightly more complicated than the other versions, but it's nothing a competent administrator couldn't get their head around in a matter of minutes. The user interface, while neatly laid out and pleasing to the eye, at times seems a little too vague. For corporate applications one would expect a more functional or direct interface. There is also no facility for scanning multiple target machines on the network from the one system. However, development is in progress to enable network features -- this will undoubtedly win a lot of business once it is included in a release. There is a workaround: you can use a centralised logfile repository and a centralised definitions file to save the network team from having to ensure that all machines are up to date individually. These settings are accessed via the General Settings tab on the configuration window.
This product is feature-rich and well-developed, but due to the lack of ability to scan multiple target machines from the one system, the application might be better suited to smaller offices where the administration burden of semi-centralised applications is not so high.
| ||||
| Product | Lavasoft Ad-Aware SE Professional Edition |
| Price | Price variable according to number of seats (starts at US$39.95) |
| Vendor | Nicolas Stark Computing AB (Lavasoft) |
| Phone | +46 5155 0300 |
| Web | www.lavasoft.de |
| Interoperability | |
| Very straightforward user interface for a standalone application quite a lot of additional bells and whistles (worthwhile staying tuned for the network version that is in progress). | |
| Futureproofing | |
| Great array of features for a standalone application. | |
| ROI | |
| Business licences start at US$39.95 per seat with price breaks for quantity which is a very good price considering the feature set. | |
| Service | |
| 12 months appears to be the standard warranty with all these applications which is very good for software applications in general. | |
| Rating | |
McAfee's AntiSpyware 2005 application is not technically aimed at the larger corporate market -- it is more for the SOHO field, but we still felt it worthy of inclusion in this round-up. Indeed, this product is of a similar calibre to the Lavasoft AdAware offering, and, as we found out during our research, there are very few enterprise orientated anti-spyware applications currently on the market -- those that support targeted network scanning are rarer still (except those with the ability to scan mapped network drives).
Installation was very straightforward -- it took less than two minutes on an AMD Athlon system. Immediately upon the conclusion of the installation routine, the system updated the spyware definition files. The package ships with the McAfee SecurityCenter component that allows users to centrally monitor any other McAfee security products they might have installed (such as VirusScan, Personal Firewall+, Privacy Service, or Spamkiller). SecurityCenter also has a kind of "news" feed that users can access to learn about recent security threats around the world and, in general, provides more of an education to users about the potential for security issues to arise in IT. This security awareness education can only be a good thing.
Configuration of the AntiSpyware application was the easiest of all the products in this review. Credit must be given to the developers because the level of detail really required in an anti-spyware application should not be overly technical or complex.
Administration is equally as straightforward, helping operators get the job completed quickly, easily, and with the least amount of confusion possible.
While not a true network-grade application this product could still be incorporated into a businesses security arsenal and due to its ease-of-configuration and administration would not overly burden an IT department.
| ||||
| Product | McAfee AntiSpyware 2005 |
| Price | AU$49.95 |
| Vendor | McAfee |
| Phone | 1800 644 646 |
| Web | www.mcafee.com.au |
| Interoperability | |
| Excellent, easy-to-use standalone application. | |
| Futureproofing | |
| Not as many additional featurse in this standalone application as there are in Ad-Aware. | |
| ROI | |
| Excellent price. | |
| Service | |
| 12 months appears to be the standard warranty with all these applications which is very good for software applications in general. | |
| Rating | |
Trend Micro's corporate anti-spyware product is OfficeScan. When used in conjunction with Trend Micro's Control Manager 3 application, the product facilitates centralised management and reporting features that some network administrators of larger systems may crave. Indeed, the application suite incorporates not only anti-spyware capabilities but also has an antivirus engine and a firewall facility.
The installation of OfficeScan was very easy -- a neat touch is that the install routine includes a prescan for viruses before continuing through to the remainder of the setup stages. If the system has IIS installed on it then the operator can choose to use that Web server. Alternatively, Apache Web Server can be installed (this is also bundled on the CD).
The majority of the configuration is handled during the installation and for those tinkerers who cannot keep their hands off the nuts and bolts there are plenty of straightforward easy-to-access controls within the console.
Administration and updating can be handled using the central console, making it a great tool for administrators of larger networks. There's also a handy monitoring utility showing current and recent virus and firewall incidents.
Overall, this product is a very refined and powerful suite of network scanning tools. The ease of use is also a definite positive, particularly when considering the complexity of the tasks handled by the application.
If you are in control of a large network and spyware is keeping you and your engineers up and night then definitely give the TrendMicro OfficeScan suite a test drive.
| ||||
| Product | OfficeScan Corporate Edition version 6.5 |
| Price | AU$61.35 per user per annum. Minimum of 5 users. (AU$29.95 per user per annum at 350 users) |
| Vendor | Trend Micro |
| Phone | 1800 642 421 |
| Web | www.trendmicro.com |
| Interoperability | |
| Very well designed medium-to-large sized enterprise security scanning suite. | |
| Futureproofing | |
| Very comprehensive suite of tools. | |
| ROI | |
| Well-priced considering the potential scale of this application bundle. | |
| Service | |
| 12 months appears to be the standard warranty with all these applications which is very good for software applications in general. | |
| Rating | |
The developers at Websense have taken a lateral thinking approach when it comes to combating spyware on the network. Instead of looking individually at each desktop machine's registry entries and hard drive files, Websense takes the whole network into account. The application -- while primarily designed as a content filter/employee Internet management system -- does have some anti-spyware designs and applications to it.
Installation was a little more difficult than some of the other products in this review but it is still relatively simple. The main reason for this additional level of complexity is that this product is designed to be installed on a gateway machine and has those additional filtering features inherently built into its design. A series of questions and prompts during the installation phase makes the process easier and also aids in the initial configuration of the system.
Once the relevant modules are installed and the main interface has been launched, more detailed levels of configuration can be accessed. Integration with varying directory services/structures is very handy and saves a lot of double handling of accounts. There is even a real time traffic/incident monitor included.
Unfortunately we did not have as long as we would have liked to review this product, particularly considering it has quite a prodigious list of capabilities. But from what we saw, it is our suggestion to those in the market for an advanced content filtering/management system or looking for an enterprise level spyware/malware detection system to give Websense a trial.
| ||||
| Product | Websense Enterprise, Websense Security PG, and Websense Client Policy Manager |
| Price | For 1000 users: Websense Enterprise US$15/user/year; Security PG US$5/user/year; Client Policy Manager US$25/user/year |
| Vendor | Websense |
| Phone | +1 858 320 8000 |
| Web | www.websense.com |
| Interoperability | |
| Good bundle, excellent network design and management, providing one is also looking for content filtering. | |
| Futureproofing | |
| Comprehensive suite of tools, however it does not provide for dsektop specific ondemand scan. | |
| ROI | |
| Well-priced considering the features of this suite. | |
| Service | |
| 12 months appears to be the standard warranty with all these applications which is very good for software applications in general. | |
| Rating | |
| Product | eTrust PestPatrol Anti-Spyware | F-Secure Internet Security 2005 | Ad-Aware SE Professional Edition |
| Vendor | Computer Associates International | F-Secure Corporation | Nicolas Stark Computing AB |
| On demand scanning? | Yes | Yes | Yes, through use of the drive mapping and UNC share support in the Professional edition |
| On access scanning? | No | No | Yes, through use of the drive mapping and UNC share support in the Professional edition |
| Actions | Scan memory, registry, tracking cookies, common hard disc locations where pests typically hide, individual files and folders | All of those added with cookie blocking | Extended disk (including mapped and optical drives), memory, Alternate Data Streams on NTFS, and registry scanning |
| Central management support | Yes | No | Partial |
| Central notification/reporting support | Yes | No | No |
| Supported O/S | Windows 98/ME/NT/2000/XP | Win 98, Win ME, Win 2000 workstation, Win XP | Windows platforms only (except W95, and NT3.5) |
Specifications
| Product | McAfee AntiSpyware 2005 | OfficeScan Corporate Edition v6.5 | Websense Enterprise |
| Vendor | McAfee | Trend Micro | Websense |
| On demand scanning? | Yes | Yes | Yes |
| On access scanning? | Yes | Yes | Yes |
| Actions | Disk scan, registry scan, e-mail scan, on launch scan | Yes, disk-scan (file scan) | Prevents spyware from running on desktops, reports on desktops with spyware installed, prevents users from accessing Web sites infected with spyware |
| Central management support | No | Yes | Yes |
| Central notification/reporting support | No | Yes | Yes |
| Supported O/S | Microsoft Windows XP Home, XP Pro, 2000 Pro, ME, 98 | All Microsoft platforms including CE v3. Additional support for Palm OS v3 & 4, Psion Revo or Revo Plus | Server components: Windows 2000, 2003; Client/desktop agent: Windows 98, XP, 2000, 2003 |
| ||||
Interoperability
How well do the systems work within a network environment (or how easy to use for standalones)?
Futuringproofing
How do the solutions pro-actively protect and/or scan for malware/adware?
ROI
What kind of functionality do you get for your money?
Service
What is the duration of the service and availability from the vendors?
Sample scenarios
| ||||
Company: Gayter Electronics
This company is having an increasing problem in relation to unauthorised spy/adware with its in-house desktop systems and notebook computers used by the sales team on the road, and they wish to utilise a scanner/filter application that will combat this issue.
Approximate budget: Less than AU$80 per system.
Requires: A suitable spy/adware scanner/filter for each desktop machine. Also the ability to clean up any machines that already have these malicious applications resident and undetected.
Concerns: Pricing and ease of use.
Best solution: McAfee Anti-Spyware 2005 with a very close second going to Lavasoft for their AdAware application.
Scenario 2
Company: Capricorn Inc.
This company is having an increasing problem with its 350+ desktop systems in relation to unauthorised spy/adware and wish to deploy a scanner/filter application that will combat this issue.
Approximate budget: Open.
Requires: A suitable spy/adware scanner/filter for each desktop machine. Also the ability to clean up any machines that already have these malicious applications resident and undetected.
Concerns: Pricing and ease of use.
Best solution: Computer Associates' eTrust Pest Patrol v5. It is perfectly suited to this scenario and dedicated to spyware so it does not have the encumbrances of being included in a suite of applications.
| ||||
The Editor's Choice this month goes to Computer Associates' eTrust Pest Patrol v5 product for many of the same reasons described in Scenario 2.
This article was first published in Technology & Business magazine.
Click here for subscription information.
| ||||