General discussion
-
CreatorTopic
-
December 30, 2004 at 9:36 am #2273134
Anti-Spyware for the Enterprise?
Lockedby billbohlen@hallmarkchannl · about 19 years, 3 months ago
Hello, I know that the enterprise anti-spyware space is still in it’s infancy…but our management wants a solution NOW, and I’ve been tasked with reviewing several contenders.
Currently we use Spybot, which is OK for the price (free) but is not enterprise. We need something that can be centrally managed (for installing clients and updating definitions).
We’re going to evaluate CA eTrust PestPatrol (even though CA software sucks PestPatrol was actually pretty decent). Also SunBelt CounterSpy Enterprise and Webroot’s SpySweeper Enterprise.
Anyone have any comments/ suggestions?Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
December 30, 2004 at 9:44 am #3318592
Can you hold on?
by jdmercha · about 19 years, 3 months ago
In reply to Anti-Spyware for the Enterprise?
Before spending the cash – I’ve lost the details, but I’ve recently read that Microsoft will soon release anti-spyware software for free.
-
December 30, 2004 at 10:00 am #3318589
Microsoft?
by house · about 19 years, 3 months ago
In reply to Can you hold on?
How efficient will this software be? There is already an abundance of anti-spyware programs (not specifically enterprise) that will each identify different issues in relation to malware, spyware, virus, etc. Enterprise anti-spyware might be hell on your network. I’m interested to see a few more case studies in the future.
-
December 30, 2004 at 10:07 am #3318585
re: MS spyware
by afram · about 19 years, 3 months ago
In reply to Microsoft?
I read about MS spyware removal too. It didn’t say anything about an enterprise version, but it did say it would initially be free, but they would likely charge for it after its release becomes more well known.
Hmm…charging to remove the junk that their software didn’t block like it should have in the first place.
-
December 30, 2004 at 10:29 am #3316826
MS/Giant
by billbohlen@hallmarkchannl · about 19 years, 3 months ago
In reply to re: MS spyware
Yes from what I can tell this is going to be a desktop product…with no centralized management or reporting.
-
January 5, 2005 at 2:49 pm #3313757
initially will be desktop, but …
by herrmannator · about 19 years, 2 months ago
In reply to MS/Giant
..when they talk about bundling with AV and competing against Symantec and McAffee, they must be thinking enterprise longer term.
http://www.eweek.com/article2/0,1759,1747958,00.asp?kc=EWRSS03119TX1K0000594
http://www.neowin.net/comments.php?id=26525&category=main
http://news.com.com/Giant+step+for+Microsoft+spyware+killer/2100-1012-5513085.html?part=dht&tag=ntop&tag=nl.e703
-
-
-
December 30, 2004 at 10:02 am #3318587
re: counterspy
by afram · about 19 years, 3 months ago
In reply to Anti-Spyware for the Enterprise?
I use CounterSpy Enterprise edition from sunbelt software.
I purchased it early December when it was first released and I am impressed. You can push out agents without visiting the desktops. You can schedule the scans and tell it what to do with what it finds (leave it, remove it, quarantine it). It will also generate reports that tell you what machines where infected with what, how often, biggest threats, most compromised computer etc.
It’s still version 1.0 and it has a few quirks but it has really cleaned the network here – effectively removing hundreds of nasties from our machines. Users don’t even notice the scans and I don’t notice any network slowness when it scans.
I recommend it.
-
December 30, 2004 at 10:27 am #3316828
Thanks!
by billbohlen@hallmarkchannl · about 19 years, 3 months ago
In reply to re: counterspy
Well that is good news! Tell me, does it work regardless of whether the end user has local Administrator rights on their PC? One of the problems we have with enteprise software is that a lot of it doesn’t work if the user logged in is not a local Administrator.
-
December 30, 2004 at 11:09 am #3316805
-
-
January 5, 2005 at 9:31 am #3313920
CounterSpy = Microsoft = Giant
by info · about 19 years, 2 months ago
In reply to re: counterspy
I have been researching products like this also, and I spoke with the CounterSpy guys (great guys, BTW). Their technology was licensed from Giant as well (before Microsoft bought them), and they actually have an agreement with to get updates to the engine, spyware definitions, etc. for another 7 years. Pretty cool.
This company is very responsive. I downloaded a trial of CounterSpy Enterprise and had some problems deploying the agent. I e-mailed tech support and the next day I got a phone call from the president of the company who had the tech support guys and the head of the development team on the phone with me to resolve the problems. I was amazed. I’m planning to re-evaluate the product soon.
-
-
December 30, 2004 at 12:51 pm #3316743
Another Product
by dennis.rhine · about 19 years, 3 months ago
In reply to Anti-Spyware for the Enterprise?
We have started using the TrendMicro OfficeScan suite. Not only does this have a central antivirus solution with a web interface for you to keep track of the clients but you also get anti-spyware built-in. In fact, all of the reports that I have gotten have been of spyware that has been disabled or eliminated. Ive liked it so far.
-
February 1, 2005 at 1:29 pm #3343352
I agree about TrendMicro
by lquillen · about 19 years, 2 months ago
In reply to Another Product
I have been using TrendMicro’s Office Scan suite for several years, and in the past few months they have added an “Additional Threats” option that I have been utilizing. I have been very pleased — no extra cost, continuous updates along with the virus updates and it has done a tremendous job of fending off spyware although it is not quite as good at removing existing stuff. For that I still use Ad-Aware as necessary.
It is already “Enterprise Edition” and uses the same management console as the anti-virus portion of the program.-
February 2, 2005 at 7:58 am #3341724
Catch Spyware at the point of ENTRY
by chucksel · about 19 years, 1 month ago
In reply to I agree about TrendMicro
Having an enterprise Spyware cleaner is not enough. You must be more procative! In ADDITION to your Spyware product, use a web proxy cache (i.e. ISA 2004 or another product) that has Trend Micro’s Interscan 2 suite installed. This scans all web surfing activity in real-time for rogue ActiveX controls, Java applets and other problematic web page plug-ins. Get Spyware BEFORE it enters the enterprise. Don’t just clean up afterwards….
Chuck
-
-
-
December 30, 2004 at 1:02 pm #3316740
Spysubtract Enterprise Edition
by dafe2 · about 19 years, 3 months ago
In reply to Anti-Spyware for the Enterprise?
We’ve deployed the Enterprise Edition at the beginning of December with no issues & great results.
http://www.intermute.com/products/corporations.html
The reporting features and management console alone where worth it.
It also now includes CWshredder. We’re keeping an eye on that fuction as I’ve recently found out (Via Apotheon here) that this is new ( Component)to Intermute.
-
January 5, 2005 at 9:28 am #3313923
Webroot Spysweeper
by rick.catton · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
Webroot has just released Version 2.0 of it’s Enterprise Spysweeper. I have been doing evaluations of them all and they are the Best. Especially if you have remote users. The PC based Client can update itself from Webroot if it is not able to communicate with your Management Console.
-
January 5, 2005 at 9:33 am #3313919
Push install?
by info · about 19 years, 2 months ago
In reply to Webroot Spysweeper
Rick,
I liked the ease of use of the Webroot product too, except they don’t have a push install for clients yet. If they add this function, it’ll be pretty good.
-
January 5, 2005 at 12:35 pm #3313822
Webroot Enterprise
by kathleenu · about 19 years, 2 months ago
In reply to Push install?
The new Enterprise version does have the ability for the client to find the centralized server (admin console) for updates. If you don?t already use some sort of push technology, this does it for you! We have multiple locations across the country and found this to be the best solution by far. You can control everything from the Admin Console (single server) and the back end database can either be their native one or SQL for larger computers (I believe the limit for the native is 10k clients). You can also create groups in the admin console and only make changes, push updates, or change configurations, shields, etc. to those groups instead of all the clients. You can even just pick out one client machines if you need to look something up on that one. We have also found their support and response times to be amazing, which means a lot these days!!
-
January 5, 2005 at 2:53 pm #3313754
Yes, but…
by info · about 19 years, 2 months ago
In reply to Webroot Enterprise
What I meant was a ‘push install’ of the Spysweeper client. I would fully expect a product like this to provide updates via the server. I agree it’s a pretty good product, I’d just like to see an easy way to deploy the client software to lots of PC’s (i.e. push install, WMI, etc.)
-
January 25, 2005 at 3:49 pm #3324172
Push install
by ictmserik · about 19 years, 2 months ago
In reply to Yes, but…
There are several other ways of distributing the client (via logon script, active directory, group policy). We have succesfully deployed SpySweeper Enterprise in organisations with over 600 clients without leaving our desk, with or without the use of special software distribution software.
-
January 27, 2005 at 8:44 pm #3324852
Spysweeper Ent Ed…2 thumbs up!
by fizzx · about 19 years, 2 months ago
In reply to Push install
I pushed this out via GPO and it was a piece of cake.
I wrote a kinda lengthy post in another thread about my experiences with it
http://techrepublic.com.com/5208-6230-0.html?forumID=10&threadID=166870&messageID=1707957
YMMV
-
-
-
January 5, 2005 at 9:36 am #3313915
Blue Coat SG
by mprentice · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
Have you looked at the Blue Coat SG appliance? http://www.bluecoat.com/ Goes inline with your Internet traffic passing through. With additional equipment you can have a complete web proxy/filter system. We are working on bringing in an evaluation unit.
-
January 5, 2005 at 10:11 am #3313895
CA Pestpatrol
by randy · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
I am using the network enterprise version of this software and am very pleased!
I really like the active protection feature. Stops spyware in its tracks.
I would definitely buy it again.-
January 5, 2005 at 1:24 pm #3313799
Burned by CA in the Past
by billbohlen@hallmarkchannl · about 19 years, 2 months ago
In reply to CA Pestpatrol
I’ve used several CA products….Arcserve, InocuLAN, etc.. Admittedly a few years ago.
The licensing was incredibly hard to understand and very expensive. For these products to work together we were pushed to a Unicenter TNG solution which was even more money.
What has been your experience with this eTrust product??
-
January 5, 2005 at 1:52 pm #3313789
Hasn’t been CA very long….
by herrmannator · about 19 years, 2 months ago
In reply to Burned by CA in the Past
CA just recently acquired this product within the past few months, so experience buying this product through them will all be new. Not sure if that is good or bad news.
-
March 17, 2005 at 4:02 am #3352315
CA support not very good
by hugeb · about 19 years ago
In reply to Hasn’t been CA very long….
We have purhcased a small (25 user) license for a customer and are having major issues with the product (won’t talk to the management program). CA support does not seem to have much (any ?) expertise, is slow to resond and the “foreign accent” barrier is a real problem. This has been going on for over two weeks and we are just about ready to toss the thing back at the supplier for a refund.
BTW we like eTrust AV but CA definitely is not up to speed with this item yet.
-
-
-
January 5, 2005 at 11:29 am #3313850
you are on the right track, but waiting may be good advice
by herrmannator · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
Webroot & Pestpatrol seem like the current leaders in the infant “enterprise” A-S space. But INFANT may be the key word and seems like there has to be a shake out ahead, so would be easy to pick the “wrong” product. If your users are locked down, you may be better off waiting. Pestpatrol offers a free online scanning tool (but requires admin rights to run the first time), and Webroot offers a free “corporate audit” tool (does not require admin rights to run). Neither of these tools remove Spyware, but both can help you determine need for implementing something now. As others have also mentioned, SpySubtract recently came out with an “enterprise” product too. If you already use Norton or McAffee, they are SLOWLY adding increased anti-spyware capability – but some analysts are skeptical about the wisdom of combining AV and AS into a single product. As for MS new offering, Giant was a great product but is not currently enterprise – but apparently MS may bundle it with an anti-virus offering and perhaps will make it enterprise class soon or even integrate functionality into the OS. In my testing, Giant consistently found a lot of stuff missed by other products. If I had to pick today, might pick Pestpatrol or Webroot. But if I could wait, would be anxious to see whether MS releases an enterprise product or better yet incorporates functionality into the OS. If you went with Pestpatrol or Webroot, should be able to implement something for $10-20 per desk depending on size of your co. Can do a free trial of both enterprise products. If you do a test, use one product to “clean” an infected PC. Reboot and clean it again. Then install competing products on the “clean” PC and see what they find. If they find anything serious, ask why the test product missed it. There are some “anti-spyware” products out there that are actually spyware themselves, and/or give false positives to sell more product. But the industry is so new that no 2 products seem to give the same answer.
-
January 5, 2005 at 1:19 pm #3313800
Giant not enterprise…
by romerogt · about 19 years, 2 months ago
In reply to you are on the right track, but waiting may be good advice
I searched news but there is nothing about MS/Giant being for enterprise or centralized managment as billbohlen already stated. So, I don’t consider waiting a good option.
I personally keep with Spybot and for enterprise and centralized managment I would evaluate CA, NAI or Checkpoint (Zonelabs) aproaches as they already have good enterprise administration for their antivirus/firewall solutions. MS of course could tell you SMS or WUS would do the administration but this means a whole lot of configuration and integration with Active Directory, Group Policy, Logon Scripts… If you have it, good, if not… try a third party alternative for central administration.
-
January 5, 2005 at 2:05 pm #3313786
waiting depends on your circumstances
by herrmannator · about 19 years, 2 months ago
In reply to Giant not enterprise…
If your users are locked down, you may be able to hold off – but should do periodic testing to validate that. If your users are not locked down, you probably do need something now — or better yet, give them a clean PC and lock it down (once spyware is in place, SP2’s effectiveness is diminshed – so build a clean image including SP2, give the users restricted rights, and that should eliminate most spyware threats). If that’s not feasible in your environment, plan B is enterprise anti-spyware.
-
-
-
January 5, 2005 at 1:16 pm #3313802
Spyware on “locked down” PC’s??
by herrmannator · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
It is my impression that most standard (“locked down”) XP users in an enterprise setting have limited capability to become infected with the most dangerous spyware. Only the Power and Admin users seem to really get themselves into trouble. Have others found this to be the case, or has anyone found serious threats even on restricted users?
-
January 5, 2005 at 1:43 pm #3313793
Bingo!
by dafe2 · about 19 years, 2 months ago
In reply to Spyware on “locked down” PC’s??
Your impression is correct, but there’s a little more to it…some (so called) Admins don’t bother putting forth the effort of locking a machine up is all.
That’s just it…..people run arround screaming about viruses & spyware & malware. Soon after that, they start talking about installing Firefox. You see?
Bottom line is – A PROPERLY setup Windows box cannot be infected.
-
January 6, 2005 at 6:28 am #3317077
That is good to know
by webdrewjen · about 19 years, 2 months ago
In reply to Bingo!
Internal Security is not an issue here. I have only found a few computers with spyware but have not found a program to completely remove all of it yet. I tried adware, giant, spybot they were the most recommended, but not one removed all the spyware. The only program I found successfull is fdisk. I’d rather be a pain and lock the computers down than purchase scanning software. It kind of ruins the joy of working on a fast computer when you run popup blockers, firewalls, spyware detectors, and antivirus. Antivirus is a given, the rest I can due without.
-
January 6, 2005 at 6:45 am #3317066
Another Product
by bthompson · about 19 years, 2 months ago
In reply to That is good to know
We have used a product from a compnay called Aluria. It has found and removed all instances of spyware that Spybot did not. You can do a free scan online to check PC’s. They have developed a corporate version for AOL but it was a custom product. They state that they will soon release a full blown corporate app.
http://www.aluriasoftware.com -
January 6, 2005 at 11:36 am #3316884
Some sites warn about this product
by herrmannator · about 19 years, 2 months ago
In reply to Another Product
Aluria Spyware Eliminator. Not an enterprise product. Once rated amongst the top desktop products, I read that this company apparently merged with WhenU, reportedly a major purveyor of adware. Not sure what to make of these claims, but you may want to read and investigate further:
http://www.spywareinfo.com/articles/aluria/delisted.php
http://www.dslreports.com/forum/remark,11723816~mode=flat -
January 6, 2005 at 1:28 pm #3294410
Good advice
by dafe2 · about 19 years, 2 months ago
In reply to Some sites warn about this product
.
-
January 6, 2005 at 8:52 am #3316967
Locking machines & spyware
by billbohlen@hallmarkchannl · about 19 years, 2 months ago
In reply to Bingo!
I agree that not giving local Administrator rights to users, and putting some sort of enterprise firewall in place (XP SP2, etc.) will stop a large majority of spyware from harming the system.
Unfortunately a lot of enterprise client software requires that the user have Power User or local Admin rights in order for it to function, hence the reason many administrators don’t lock these PC’s down. Because of one of our key financial applications, we have to give all users Power User rights to their PC’s.
Also, there is a lot of spyware that does not need to access the registry and can infect a machine without needing Power User or Admin rights.
-
January 6, 2005 at 11:58 am #3316873
You may be able to get around that if you have time to investigate
by herrmannator · about 19 years, 2 months ago
In reply to Locking machines & spyware
We have lots of products that supposedly “require” admin or power user right, and we have figured out how to make them work in a restricted enterprise environment. To be sure, that takes time. But by figuring out what areas of the registry and file system an application needs access to, you can selectively open up only what is needed. There are tools that can help in this process, anything from free tools that monitor registry changes to full blown packaging tools like Wise or Installshield. CALCS is a simple technique for granting file permissions through scripts. At the same time, we should all be putting pressure on the vendors to understand that the industry needs to move in this direction and we cannot forever tolerate software that requires elevated privileges — vendors should be working to re-design such software. As a last resort, there are “run-as” utilities which can allow certain applications to run under different credentials, but these have risks of their own and need to be used sparingly and cautiously. TQCRunas is one such product.
-
January 6, 2005 at 2:53 pm #3294374
This app has about 1 million registry entries
by billbohlen@hallmarkchannl · about 19 years, 2 months ago
In reply to You may be able to get around that if you have time to investigate
We went through that process….this financial app in particular has millions of entries in the registry because it uses DCOM. RunAs doesn’t work with it either.
To track down all of these with something like RegMon, as well as write CACLS scripts to secure all of them, would require too many hours of staff time.
And that is only ONE application!
-
January 7, 2005 at 9:56 am #3291887
OK, couple more thoughts…
by herrmannator · about 19 years, 2 months ago
In reply to This app has about 1 million registry entries
Although you said “runas” does not work, try TQCRunas. This app lets you create an encrypted icon which when clicked by the user runs the app as though it had been clicked by any user you desire. So you could perhaps set up a domian account called “FinanceApp User1” which would only have rights to highly restricted areas of your network, but perhaps common to all users needing the app. You would have to think thru the security risks this might pose and decide whether it makes sense. But the domain account could then be granted Power User rights on the PC. Or another thought would be AD’s capabilities for “always install with elevated priveleges” which can be restricted to apps located in certain network directories. And finally, it may sound like “pie-in-the-sky”, but what we ended up doing was hiring a software developer who specialized in packaging/deployment to re-package the apps into new MSI’s which then allowed any domain user to run the app succesfully. Since we depend on SMS to deploy MSI packages, this large initial investment in talent was crucial to our ability to be succesful in a locked down environment.
-
January 6, 2005 at 1:25 pm #3316834
Try Spysubtract
by dafe2 · about 19 years, 2 months ago
In reply to Locking machines & spyware
That’s the only one that I know of that can run (On a client) without elevated priveledges.
I also apply security to a couple of reg keys (Run etc..), on our standard images.
herrmannator (as well) had some good advise re you financial apps.
-
February 1, 2005 at 6:10 am #3343561
Wow – You have THE answer!!! You should write a book!!! $Make Millions $$$$
by jnoble9 · about 19 years, 2 months ago
In reply to Bingo!
Ok, now I’ve heard it all. “A PROPERLY setup Windows box cannot be infected.”
I would be very interested in seeing your definition of a “A PROPERLY setup Windows box”.
As a matter of fact, I bet that several million people would like to know this information. Perhaps you could “enlighten” us “(so called) Admins” on how to keep ANY Windows box from being infected?
From your post, it seems that you don’t even need 3rd party software to accomplish this.
Are you saying that you have the magic answers that the enterprise has been seeking for the past 6+ years? And you haven’t yet capitalized on this Knowledge?
I’d bet that even Microsoft might pay you a handsome sum if you could backup your ridiculous statement with a shred of fact.
I would really like to see your post to this forum on how you can achieve your claimed “Bottom line”.
Does the system have any connected access? What Anti-virus solution does it run? What services does it provide? What business environment does it run in? What business software is installed? Is it a laptop? Does it perform testing or development? Does it run VMWare? Does it have a bootable USB/Floppy/CD/DVD?
Please O’ Great Sage Dafe2, Enlighten us poor, wretched “(so called) Admins”, we need your great brain to solve this plague that befalls us!!! (I’m melting all my gold fillings down to make a false idol to dafe2)
Oh, please… get a clue.
-
March 2, 2005 at 12:29 pm #3330123
Dude…
by tonza · about 19 years, 1 month ago
In reply to Wow – You have THE answer!!! You should write a book!!! $Make Millions $$$$
…you opened your rant with a close tag.
You’re such a “(so called) amateur.”
(just kidding)
😉
-
February 1, 2005 at 5:32 pm #3343267
Bottom line is … disputed
by bigbenb · about 19 years, 2 months ago
In reply to Bingo!
Some users are capable of getting their machines infected (and spammed, and browser-hijacked, etc) no matter how well they are locked up – unless they are locked up, out of reach. It’s not the “savvy” ones who do it, but those who can’t get Excel to open up twice in a row without assistance….
Sorry. Bad day. Needed to get that off my chest. 🙂
-
-
February 1, 2005 at 6:41 am #3343543
Push product to get around the Lock Down
by kathleenu · about 19 years, 2 months ago
In reply to Spyware on “locked down” PC’s??
You can install and get around a locked down machine with additional products. We use BigFix to push spy sweeper out to all of our client PCs, regardless of the local security. It allows us to write a script to the agent on the PC that then runs the ?action? as a system administrator. There are many other products that do similar type of deployments, Tivoli, SMS, etc.
-
-
January 6, 2005 at 9:08 am #3316950
Enterprise Solutions are Rare
by mert1 · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
Per Gartner, current enterprise solutions for spyware detection and removal rate at about a 2 on a scale of 1-10. We currently use PestPatrol, and can attest to this rating. Although the product is adequate on an individual PC basis, it is not a true enterprise solution yet. I have heard (not first hand) that SpySweeper is at about the same level. I have downloaded CounterSpy and will be testing this as well. It is policy based, which looks more promising and is based off the Giant engine (recently bought by MS). Gartner’s recommendation to us was to use a stop gap solution until our AV provider comes out with an integrated solution for AV and spyware. McAfee is supposed to deliver somthing by mid to late ’05.
-
January 11, 2005 at 6:39 am #3346631
Symantec Enterprise 10
by jeremys · about 19 years, 2 months ago
In reply to Enterprise Solutions are Rare
Symantec AntiVirus Enterprise 10 is said to have full ?expanded threat? detection and removal capabilities. NAV 9 currently has rudimentary abilities. Many of my clients use NAV 8.1/9 (and are happy with it), there will be little to no learning curve. NAV10 should be released early 2005.
-
January 19, 2005 at 12:32 pm #3326693
Where can i find more info on this?
by herrmannator · about 19 years, 2 months ago
In reply to Symantec Enterprise 10
Saymantec.com has pretty limited info regarding the capabilities of this forthcoming product. Has anyone actually reviewed the Anti-spyware capabilities of SAV yet and compared results against other products?
-
February 1, 2005 at 5:33 am #3342597
Symantec Corporate Edition 10 Beta
by jnoble9 · about 19 years, 2 months ago
In reply to Where can i find more info on this?
The SAV 10 product is in beta currently, and as a member of the beta program, I can attest that the product works, and is enterprise capable.
I have tried too many of the other products mentioned here to name, but I am very happy with the direction Symantec is going with this product.
It seems that this product is simply declaring any “threat”, be it virus, worm, spyware, adware, simply a “threat”, and dealing with it.
The beta may still be open, but I’m told that the release of SAV 10 will be available at the end of March 05.
I found out from my Symantec Sales Reps. I suggest that you call yours, and see what you can find out.
-
February 16, 2005 at 6:06 am #3349177
Aha
by herrmannator · about 19 years, 1 month ago
In reply to Symantec Corporate Edition 10 Beta
Looks like Symantec Corp Ed. version 10 is about to be released:
http://www.symantec.com/press/2005/n050214.html
-
-
-
January 11, 2005 at 11:36 am #3346447
Spyware depends on Desktop
by dcrowley · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
Hi,
There are many ways to get after this situation. We’ve tried one way in our labs and it’s working very nice. We use a product that doesn’t allow any changes to the machine and still allows saving to network volumes. It is enterprise is some respects and does need to coincide with your Acceptable Use Policy. We’ve taken the stance that the desktop and it’s configuration is the sole responsibility of Tech Services and Staff/Users don’t the right to change that. That includes Software installs and desktop changes. It wasn’t popular but it made a big difference. We globally turn the protection off everynight and allow virus update and OS updates to occur. We then turn the protection back on every morning. It works good and CA Innoculation can still get virus updates in-house and we can serve MS updates in-house. We were using Spybot and Ad-Aware at the same time but it still caused tech time to address machines that became infested. We chose to not allow infection and still use Ghost 8.0 to perfect images and role them out. Hope this helps. I realize this scenario brings us to a conclusing….. are we heading back to mainframe days or Microsoft Terminal Server where a new desktop w/ apps come to a machine at every boot?? Nobody could forsee the rapid evolution of adware/spyware/viruses but the products I’ve mentioned can make life more bearable. We curse Microsoft but remember, 3rd party software fixes pop up overnight to combat oversight and that is not a bad thing. Our usage of computers evolves and so should we on the support side. An old friend of mine from Russia told me one time…. No problems, no job!!!!
-
January 19, 2005 at 5:47 pm #3326599
You ‘seem’ to appologize for this
by dafe2 · about 19 years, 2 months ago
In reply to Spyware depends on Desktop
I see it as a well managed network.
We do the same thing including registry security and maintaing both RIS & Ghost images current.No user is permited to install software and even techs cannot run (their) desktop systems with admin rights. ‘Run as’ is used at all times for installs. This sounds harsh but it’s the way it is today. Many busineses today are going the Term Serv route for clerical staff & light user pc’s anyway.
Business PC’s are corporate property…….end of story.
-
February 1, 2005 at 1:26 am #3342656
no problem, no job .. ?
by michaeltsen · about 19 years, 2 months ago
In reply to Spyware depends on Desktop
No problems no Job !!
No problems more businesses !!
Half empty or half full, its just ur viewpoint …
-
-
January 20, 2005 at 2:25 pm #3328524
Enterprise Spyware
by gvanscyo · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
Bill:
I am using SpywareX-terminator at my company. I worked out a good deal with Mike Moriarty of Stompsoft (www.stompsoft.com mikem@stompsoft.com) which reduced the per unit cost to about 50% of the single user license. I have yet to locate a better anti-spyware program, and I have tried them all.
Gary
-
January 25, 2005 at 10:25 am #3324361
well i don’t know that much about the enterprise but…
by startrekrocks · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
I use adware pro. i mean i guess if you stop and think i didn’t pay but, from what I know about this program it would work for the business. i’m not sure how well your deployment would go. i guess that depends on how good you are at that kind of thing. So I would suggest trying adware personal maybe even just on a old dead machine, and see how you like it. it has add ons as well. but the professional adition looks pretty neat man. give it a shot. I mean what do you have to loose? Oh! As for pest patrol i didn’t care for it that much. Just didn’t seem to remove what it found.
-
January 27, 2005 at 9:32 am #3323516
Why use a software solution?
by tundraroamer · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
Enterprise level solutions will require overhead on your resources and unless you have excess capacity, it may slow some WebPages from loading in a timely manner or slow other process down.
I would suggest you look into using an appliance to filter all your internet traffic. This is done at one point -right behind the firewall. All traffic must pass through this in both directions. While appliances can cost more than a software solution, maintenance is only at one point and pretty much manages itself after set up. Look at iPrism and Panda to see what I am talking about. There are others and all are scalable. Panda recently announced that they have a new product coming out that will search for and anticipate new problems and not just check against a list of known problems. I also use the Barracuda anti-spam appliance and am very pleased at its results and performance. Also, I would not rely on one type of solution for all your protection. I have a second tier of protection that is a software solution for anti virus & spam but the real work is done at the appliance level, so it does not add to the overhead problem.-
February 1, 2005 at 1:19 am #3342662
the right concept to go with …
by michaeltsen · about 19 years, 2 months ago
In reply to Why use a software solution?
I agree with this approach but not the necessary the cost, apply the same concept ‘single point entrance control’ using existing resources is possible too.
I don’t see ‘Enterprises’ necessary require an enterprise software solution. Most Enterprise software require high maintainece resource … and in this case, the same resource can properly be used to manage the effect itself. All you need is some scripting experience and current desktop solution you are using ….
Ofcourse if you insist in paying the money, spin off a company to do above work so that this still become an expenses to your old company but ‘may’ become an additional income revenue …
-
February 1, 2005 at 5:46 am #3343573
Client Control is the key
by jnoble9 · about 19 years, 2 months ago
In reply to Why use a software solution?
While it may seem like a simple answer to use a centralized, single egress control system, there are major flaws with this thinking.
1. All traffic must be inspected through this “Single” point, causing there to be a collapsed architecture. Most large (10,000+ clients) have distributed networks, with multiple egress points. This would require multiple hardware solutions.
2. This only acknowledges a part of the overall threat. When a roaming laptop comes into the environment, what would stop it from cross-infecting it’s peers? The traffic would have to be 100% routed through this hardware solution to be effective, and there is no guarantee that it would be 100% effective.
3. You note that web pages “might” be slowed down, yet haven’t touched upon the overall cost SAVINGS of having a client based, enterprise solution. I’m sure that a CEO/CFO would agree, they are willing to have a web page load .004% slower for a more secure and manageable solution.
I would recommend watching the major vendors, such as Symantec, for their upcoming releases. While the classic AV Vendors have been slow to release new products to combat this threat, it is not without significant development on true Enterprise Ready applications to combat Spyware as a threat to the enterprise.
While I feel that using appliances such as the ones recommended by tundraroamer, for a defense-in -depth security posture, it should NOT be in lueu of a solid client solution to mitigate the threats of Viruses, Worms, Trojans, Adware, Spyware, Trackware, and other threats.
Just my 2?, YMMV.
-
-
February 1, 2005 at 4:54 am #3342610
WebWasher from CyberGuard
by cdbrady · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
PestPatrol is the best for a desktop solution.
Gateway solutions are: BlueCoat (expensive), Finjan (slow on speds/feeds), eSafe Aladdin (incomplete protection) and WebWasher from CyberGuard. I have found WebWasher to be the best and most inclusive for a gateway solution. PestPatrol is the best for a desktop solution.
I have used them all, email for more info cbrady@rbt-inc.com-
February 1, 2005 at 5:53 am #3343568
Additional Products
by jnoble9 · about 19 years, 2 months ago
In reply to WebWasher from CyberGuard
You missed a few:
Symantec Gateway Security Appliances – Firewalls that can perform AV/Threat Scanning inline, internal to the traffic flow
Symantec Network Security 7100 Appliances – Network IDS/IPS, perform blocking of malicious payloads inline traffic, and traditional IDS functions, all in one appliance. Priced by aggregate bandwidth, regardless of how many of the interfaces you use.
Symantec Client Security – Centrally managed, enterprise client firewall, with IDS/IPS, Trojan Port Blocking, network location awareness, and ad blocking / popup blocking. (Has kept me spyware/adware free for the past 9 months)
Of course, I am biased, I have used Symantec products since 1996, and found them to be quite robust. I have used all of the products above, and I am currently beta testing the new release of SAV 10, due out in March of this year.
Feel free to send me any questions, jnoble@noblesouth.com.
-
-
February 1, 2005 at 6:44 am #3343540
Try Sophos PureMessage
by notespro · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
I managed the evaluation and implementation of the anti-spam solution for my company (Large fortune 50 company).
We researched all the prominent server based product offerings and selected Sophos PureMessage. See http://www.sophos.com
We have great success with Sophos PureMessage. On average, we block 65% of all inbound Internet email. I continue to get praise from my customers about this project. They love it.
Please note that no product can block 100% of the spam you receive. You need to set this expectation early in the project for all stake holders.
Best regards,
Henry -
February 1, 2005 at 7:24 am #3343525
Symantec added that in to last AV version update
by jdclyde · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
With version 9 they added the adaware software.
It has found stuff that was left behing after running AdAwareSE1.05 and spybot.
You can make it run from the central server and clean much out from there. That is how I am spending my day today. Waa hooo.
-
February 1, 2005 at 1:07 pm #3343360
Panda Software’s TruePrevent
by schoolerj001 · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
Nothing More needs to be said…
-
February 1, 2005 at 10:45 pm #3341817
Not to try and sell you but…
by chad.gniffke · about 19 years, 2 months ago
In reply to Anti-Spyware for the Enterprise?
You are right, it is in its infantcy and that is why you need a solution that is multi tierd. I represent an outsourced IT firm thousands of nodes. We currently run Spybot and others to manage the spyware. The twist is we use a co-developed solution we call SiteManager to report and update the clients (even outside the LAN) on an automated basis. This way I am not tying myself to particular product today because it is so infant, and I have invested in a tool that you will blow your socks off. Feel free to contact me if I have peeked your interest. My solution is working with success today and I am adding to it on a weekly basis.
-
February 3, 2005 at 3:18 pm #3322093
Look at LANDesk Software
by nemesis”t”warlock · about 19 years, 1 month ago
In reply to Anti-Spyware for the Enterprise?
LANDesk Software recently launched their LANDesk Security Suite Product.
This combines Spyware detection, reporting and remediation with Patch Management, Security Threat Analysis, Application Blocking and Device Control (USB blocking/control etc).
It is built to handle environments from 10’s of machines to upwards of 10,000 machines from an integrated console and can be fully integrated into their desktop management suite of products.
Check out http://www.networkd.com for details.
If you are truly looking for an enterprise toolset, then you could do worse than looking at this product.
-
February 8, 2005 at 1:59 pm #3337174
different factors constituting “enterprise” and one possible suggestion..
by gateso · about 19 years, 1 month ago
In reply to Anti-Spyware for the Enterprise?
Hello,
The concept of enterprise anti-spyware makes all the sense in the world. The line item you mentioned (central management) is a critical one and there may be a few others to consider:
– alternatives to definition updates (check out http://www.handsfreentworks.com for their different approach)
– extensibility, from Windows today and possibly Linux in the future
– real-time detection, real-time response and exception handling to minimize enterprise event notification streams and remediate based upon enterprise policies/procedures
– enterprise integration, from a reporting perspective (e.g. into a preferred reporting platform), or, quite differently, from a “unified” desktop functionality perspective, to minimize the number of vendors an enterprise needs to perform “standard” desktop functions
– technology to support individual, unique enterprise requirements which may exist
– ability to play a role in emerging future technologies such as “autonomic computing” and “grid computing” in the future.Gates
-
February 14, 2005 at 4:21 am #3336395
Our fixes….
by graeme · about 19 years, 1 month ago
In reply to Anti-Spyware for the Enterprise?
Central Management is currently a bit beyond for small organizations but:
MS’s Anti-Spyware is at least proactive in protection, runs on a server and can be scheduled to scan daily.
Counterspy – though supposedly the same “Giant” core – we found to be a performance dog.
Ad-Aware – Full and deep scans – not Enterprise central managment – but a monthly sweep with it gets the deeper crap and sorts out the cookies. It can be loaded in memory to keep things sweet but we are still testing it in mixed mode with MS A/S.
Spy-bot – we demoted it off the machines with the introduction of MS A/S. Its Tea Timer function was a good idea but confused users (the similar MS messages are in LSIGHTLY more intelligible English!). Spybot remains in the toolkit for “just in case”.
Roll on the MS rollout of a “Super” version of Giant/MS A/S that has enterprise features.
-
February 14, 2005 at 2:14 pm #3335967
What about TrendMicro
by geekygirl63 · about 19 years, 1 month ago
In reply to Anti-Spyware for the Enterprise?
TrendMicro has Enterprise solutions that cover both viruses and ad/spyware. Take a look at it, may be more expensive than you want. http://www.trendmicro.com
-
May 20, 2005 at 8:14 am #3238597
Have you used Trend Micro OfficeScan 7.0?
by billserate · about 18 years, 10 months ago
In reply to What about TrendMicro
Do you feel that this (OfficeScan 7.0) is an effective solution for blocking spyware?
-
-
February 16, 2005 at 2:10 pm #3348944
Spybot S&D server version
by martili · about 19 years, 1 month ago
In reply to Anti-Spyware for the Enterprise?
http://www.safer-networking.ie/ has details
-
-
AuthorReplies