General discussion

  • Creator
    Topic
  • #2273134

    Anti-Spyware for the Enterprise?

    Locked

    by billbohlen@hallmarkchannl ·

    Hello, I know that the enterprise anti-spyware space is still in it’s infancy…but our management wants a solution NOW, and I’ve been tasked with reviewing several contenders.
    Currently we use Spybot, which is OK for the price (free) but is not enterprise. We need something that can be centrally managed (for installing clients and updating definitions).
    We’re going to evaluate CA eTrust PestPatrol (even though CA software sucks PestPatrol was actually pretty decent). Also SunBelt CounterSpy Enterprise and Webroot’s SpySweeper Enterprise.
    Anyone have any comments/ suggestions?

All Comments

  • Author
    Replies
    • #3318592

      Can you hold on?

      by jdmercha ·

      In reply to Anti-Spyware for the Enterprise?

      Before spending the cash – I’ve lost the details, but I’ve recently read that Microsoft will soon release anti-spyware software for free.

    • #3318587

      re: counterspy

      by afram ·

      In reply to Anti-Spyware for the Enterprise?

      I use CounterSpy Enterprise edition from sunbelt software.

      I purchased it early December when it was first released and I am impressed. You can push out agents without visiting the desktops. You can schedule the scans and tell it what to do with what it finds (leave it, remove it, quarantine it). It will also generate reports that tell you what machines where infected with what, how often, biggest threats, most compromised computer etc.

      It’s still version 1.0 and it has a few quirks but it has really cleaned the network here – effectively removing hundreds of nasties from our machines. Users don’t even notice the scans and I don’t notice any network slowness when it scans.

      I recommend it.

      • #3316828

        Thanks!

        by billbohlen@hallmarkchannl ·

        In reply to re: counterspy

        Well that is good news! Tell me, does it work regardless of whether the end user has local Administrator rights on their PC? One of the problems we have with enteprise software is that a lot of it doesn’t work if the user logged in is not a local Administrator.

        • #3316805

          re: admin rights

          by afram ·

          In reply to Thanks!

          I was able to push the client out to machines who were not logged in as admin. Occasionally, a client would not install, but when I logged in as admin it worked. It seems to remove stuff ok without admin rights.

      • #3313920

        CounterSpy = Microsoft = Giant

        by info ·

        In reply to re: counterspy

        I have been researching products like this also, and I spoke with the CounterSpy guys (great guys, BTW). Their technology was licensed from Giant as well (before Microsoft bought them), and they actually have an agreement with to get updates to the engine, spyware definitions, etc. for another 7 years. Pretty cool.

        This company is very responsive. I downloaded a trial of CounterSpy Enterprise and had some problems deploying the agent. I e-mailed tech support and the next day I got a phone call from the president of the company who had the tech support guys and the head of the development team on the phone with me to resolve the problems. I was amazed. I’m planning to re-evaluate the product soon.

    • #3316743

      Another Product

      by dennis.rhine ·

      In reply to Anti-Spyware for the Enterprise?

      We have started using the TrendMicro OfficeScan suite. Not only does this have a central antivirus solution with a web interface for you to keep track of the clients but you also get anti-spyware built-in. In fact, all of the reports that I have gotten have been of spyware that has been disabled or eliminated. Ive liked it so far.

      • #3343352

        I agree about TrendMicro

        by lquillen ·

        In reply to Another Product

        I have been using TrendMicro’s Office Scan suite for several years, and in the past few months they have added an “Additional Threats” option that I have been utilizing. I have been very pleased — no extra cost, continuous updates along with the virus updates and it has done a tremendous job of fending off spyware although it is not quite as good at removing existing stuff. For that I still use Ad-Aware as necessary.
        It is already “Enterprise Edition” and uses the same management console as the anti-virus portion of the program.

        • #3341724

          Catch Spyware at the point of ENTRY

          by chucksel ·

          In reply to I agree about TrendMicro

          Having an enterprise Spyware cleaner is not enough. You must be more procative! In ADDITION to your Spyware product, use a web proxy cache (i.e. ISA 2004 or another product) that has Trend Micro’s Interscan 2 suite installed. This scans all web surfing activity in real-time for rogue ActiveX controls, Java applets and other problematic web page plug-ins. Get Spyware BEFORE it enters the enterprise. Don’t just clean up afterwards….

          Chuck

    • #3316740

      Spysubtract Enterprise Edition

      by dafe2 ·

      In reply to Anti-Spyware for the Enterprise?

      We’ve deployed the Enterprise Edition at the beginning of December with no issues & great results.

      http://www.intermute.com/products/corporations.html

      The reporting features and management console alone where worth it.

      It also now includes CWshredder. We’re keeping an eye on that fuction as I’ve recently found out (Via Apotheon here) that this is new ( Component)to Intermute.

    • #3313923

      Webroot Spysweeper

      by rick.catton ·

      In reply to Anti-Spyware for the Enterprise?

      Webroot has just released Version 2.0 of it’s Enterprise Spysweeper. I have been doing evaluations of them all and they are the Best. Especially if you have remote users. The PC based Client can update itself from Webroot if it is not able to communicate with your Management Console.

      • #3313919

        Push install?

        by info ·

        In reply to Webroot Spysweeper

        Rick,

        I liked the ease of use of the Webroot product too, except they don’t have a push install for clients yet. If they add this function, it’ll be pretty good.

        • #3313822

          Webroot Enterprise

          by kathleenu ·

          In reply to Push install?

          The new Enterprise version does have the ability for the client to find the centralized server (admin console) for updates. If you don?t already use some sort of push technology, this does it for you! We have multiple locations across the country and found this to be the best solution by far. You can control everything from the Admin Console (single server) and the back end database can either be their native one or SQL for larger computers (I believe the limit for the native is 10k clients). You can also create groups in the admin console and only make changes, push updates, or change configurations, shields, etc. to those groups instead of all the clients. You can even just pick out one client machines if you need to look something up on that one. We have also found their support and response times to be amazing, which means a lot these days!!

        • #3313754

          Yes, but…

          by info ·

          In reply to Webroot Enterprise

          What I meant was a ‘push install’ of the Spysweeper client. I would fully expect a product like this to provide updates via the server. I agree it’s a pretty good product, I’d just like to see an easy way to deploy the client software to lots of PC’s (i.e. push install, WMI, etc.)

        • #3324172

          Push install

          by ictmserik ·

          In reply to Yes, but…

          There are several other ways of distributing the client (via logon script, active directory, group policy). We have succesfully deployed SpySweeper Enterprise in organisations with over 600 clients without leaving our desk, with or without the use of special software distribution software.

        • #3324852

          Spysweeper Ent Ed…2 thumbs up!

          by fizzx ·

          In reply to Push install

          I pushed this out via GPO and it was a piece of cake.
          I wrote a kinda lengthy post in another thread about my experiences with it
          http://techrepublic.com.com/5208-6230-0.html?forumID=10&threadID=166870&messageID=1707957
          YMMV

    • #3313915

      Blue Coat SG

      by mprentice ·

      In reply to Anti-Spyware for the Enterprise?

      Have you looked at the Blue Coat SG appliance? http://www.bluecoat.com/ Goes inline with your Internet traffic passing through. With additional equipment you can have a complete web proxy/filter system. We are working on bringing in an evaluation unit.

    • #3313895

      CA Pestpatrol

      by randy ·

      In reply to Anti-Spyware for the Enterprise?

      I am using the network enterprise version of this software and am very pleased!
      I really like the active protection feature. Stops spyware in its tracks.
      I would definitely buy it again.

      • #3313799

        Burned by CA in the Past

        by billbohlen@hallmarkchannl ·

        In reply to CA Pestpatrol

        I’ve used several CA products….Arcserve, InocuLAN, etc.. Admittedly a few years ago.

        The licensing was incredibly hard to understand and very expensive. For these products to work together we were pushed to a Unicenter TNG solution which was even more money.

        What has been your experience with this eTrust product??

        • #3313789

          Hasn’t been CA very long….

          by herrmannator ·

          In reply to Burned by CA in the Past

          CA just recently acquired this product within the past few months, so experience buying this product through them will all be new. Not sure if that is good or bad news.

        • #3352315

          CA support not very good

          by hugeb ·

          In reply to Hasn’t been CA very long….

          We have purhcased a small (25 user) license for a customer and are having major issues with the product (won’t talk to the management program). CA support does not seem to have much (any ?) expertise, is slow to resond and the “foreign accent” barrier is a real problem. This has been going on for over two weeks and we are just about ready to toss the thing back at the supplier for a refund.

          BTW we like eTrust AV but CA definitely is not up to speed with this item yet.

    • #3313850

      you are on the right track, but waiting may be good advice

      by herrmannator ·

      In reply to Anti-Spyware for the Enterprise?

      Webroot & Pestpatrol seem like the current leaders in the infant “enterprise” A-S space. But INFANT may be the key word and seems like there has to be a shake out ahead, so would be easy to pick the “wrong” product. If your users are locked down, you may be better off waiting. Pestpatrol offers a free online scanning tool (but requires admin rights to run the first time), and Webroot offers a free “corporate audit” tool (does not require admin rights to run). Neither of these tools remove Spyware, but both can help you determine need for implementing something now. As others have also mentioned, SpySubtract recently came out with an “enterprise” product too. If you already use Norton or McAffee, they are SLOWLY adding increased anti-spyware capability – but some analysts are skeptical about the wisdom of combining AV and AS into a single product. As for MS new offering, Giant was a great product but is not currently enterprise – but apparently MS may bundle it with an anti-virus offering and perhaps will make it enterprise class soon or even integrate functionality into the OS. In my testing, Giant consistently found a lot of stuff missed by other products. If I had to pick today, might pick Pestpatrol or Webroot. But if I could wait, would be anxious to see whether MS releases an enterprise product or better yet incorporates functionality into the OS. If you went with Pestpatrol or Webroot, should be able to implement something for $10-20 per desk depending on size of your co. Can do a free trial of both enterprise products. If you do a test, use one product to “clean” an infected PC. Reboot and clean it again. Then install competing products on the “clean” PC and see what they find. If they find anything serious, ask why the test product missed it. There are some “anti-spyware” products out there that are actually spyware themselves, and/or give false positives to sell more product. But the industry is so new that no 2 products seem to give the same answer.

      • #3313800

        Giant not enterprise…

        by romerogt ·

        In reply to you are on the right track, but waiting may be good advice

        I searched news but there is nothing about MS/Giant being for enterprise or centralized managment as billbohlen already stated. So, I don’t consider waiting a good option.

        I personally keep with Spybot and for enterprise and centralized managment I would evaluate CA, NAI or Checkpoint (Zonelabs) aproaches as they already have good enterprise administration for their antivirus/firewall solutions. MS of course could tell you SMS or WUS would do the administration but this means a whole lot of configuration and integration with Active Directory, Group Policy, Logon Scripts… If you have it, good, if not… try a third party alternative for central administration.

        • #3313786

          waiting depends on your circumstances

          by herrmannator ·

          In reply to Giant not enterprise…

          If your users are locked down, you may be able to hold off – but should do periodic testing to validate that. If your users are not locked down, you probably do need something now — or better yet, give them a clean PC and lock it down (once spyware is in place, SP2’s effectiveness is diminshed – so build a clean image including SP2, give the users restricted rights, and that should eliminate most spyware threats). If that’s not feasible in your environment, plan B is enterprise anti-spyware.

    • #3313802

      Spyware on “locked down” PC’s??

      by herrmannator ·

      In reply to Anti-Spyware for the Enterprise?

      It is my impression that most standard (“locked down”) XP users in an enterprise setting have limited capability to become infected with the most dangerous spyware. Only the Power and Admin users seem to really get themselves into trouble. Have others found this to be the case, or has anyone found serious threats even on restricted users?

      • #3313793

        Bingo!

        by dafe2 ·

        In reply to Spyware on “locked down” PC’s??

        Your impression is correct, but there’s a little more to it…some (so called) Admins don’t bother putting forth the effort of locking a machine up is all.

        That’s just it…..people run arround screaming about viruses & spyware & malware. Soon after that, they start talking about installing Firefox. You see?

        Bottom line is – A PROPERLY setup Windows box cannot be infected.

        • #3317077

          That is good to know

          by webdrewjen ·

          In reply to Bingo!

          Internal Security is not an issue here. I have only found a few computers with spyware but have not found a program to completely remove all of it yet. I tried adware, giant, spybot they were the most recommended, but not one removed all the spyware. The only program I found successfull is fdisk. I’d rather be a pain and lock the computers down than purchase scanning software. It kind of ruins the joy of working on a fast computer when you run popup blockers, firewalls, spyware detectors, and antivirus. Antivirus is a given, the rest I can due without.

        • #3317066

          Another Product

          by bthompson ·

          In reply to That is good to know

          We have used a product from a compnay called Aluria. It has found and removed all instances of spyware that Spybot did not. You can do a free scan online to check PC’s. They have developed a corporate version for AOL but it was a custom product. They state that they will soon release a full blown corporate app.
          http://www.aluriasoftware.com

        • #3316884

          Some sites warn about this product

          by herrmannator ·

          In reply to Another Product

          Aluria Spyware Eliminator. Not an enterprise product. Once rated amongst the top desktop products, I read that this company apparently merged with WhenU, reportedly a major purveyor of adware. Not sure what to make of these claims, but you may want to read and investigate further:
          http://www.spywareinfo.com/articles/aluria/delisted.php
          http://www.dslreports.com/forum/remark,11723816~mode=flat

        • #3294410

          Good advice

          by dafe2 ·

          In reply to Some sites warn about this product

          .

        • #3316967

          Locking machines & spyware

          by billbohlen@hallmarkchannl ·

          In reply to Bingo!

          I agree that not giving local Administrator rights to users, and putting some sort of enterprise firewall in place (XP SP2, etc.) will stop a large majority of spyware from harming the system.

          Unfortunately a lot of enterprise client software requires that the user have Power User or local Admin rights in order for it to function, hence the reason many administrators don’t lock these PC’s down. Because of one of our key financial applications, we have to give all users Power User rights to their PC’s.

          Also, there is a lot of spyware that does not need to access the registry and can infect a machine without needing Power User or Admin rights.

        • #3316873

          You may be able to get around that if you have time to investigate

          by herrmannator ·

          In reply to Locking machines & spyware

          We have lots of products that supposedly “require” admin or power user right, and we have figured out how to make them work in a restricted enterprise environment. To be sure, that takes time. But by figuring out what areas of the registry and file system an application needs access to, you can selectively open up only what is needed. There are tools that can help in this process, anything from free tools that monitor registry changes to full blown packaging tools like Wise or Installshield. CALCS is a simple technique for granting file permissions through scripts. At the same time, we should all be putting pressure on the vendors to understand that the industry needs to move in this direction and we cannot forever tolerate software that requires elevated privileges — vendors should be working to re-design such software. As a last resort, there are “run-as” utilities which can allow certain applications to run under different credentials, but these have risks of their own and need to be used sparingly and cautiously. TQCRunas is one such product.

        • #3294374

          This app has about 1 million registry entries

          by billbohlen@hallmarkchannl ·

          In reply to You may be able to get around that if you have time to investigate

          We went through that process….this financial app in particular has millions of entries in the registry because it uses DCOM. RunAs doesn’t work with it either.

          To track down all of these with something like RegMon, as well as write CACLS scripts to secure all of them, would require too many hours of staff time.

          And that is only ONE application!

        • #3291887

          OK, couple more thoughts…

          by herrmannator ·

          In reply to This app has about 1 million registry entries

          Although you said “runas” does not work, try TQCRunas. This app lets you create an encrypted icon which when clicked by the user runs the app as though it had been clicked by any user you desire. So you could perhaps set up a domian account called “FinanceApp User1” which would only have rights to highly restricted areas of your network, but perhaps common to all users needing the app. You would have to think thru the security risks this might pose and decide whether it makes sense. But the domain account could then be granted Power User rights on the PC. Or another thought would be AD’s capabilities for “always install with elevated priveleges” which can be restricted to apps located in certain network directories. And finally, it may sound like “pie-in-the-sky”, but what we ended up doing was hiring a software developer who specialized in packaging/deployment to re-package the apps into new MSI’s which then allowed any domain user to run the app succesfully. Since we depend on SMS to deploy MSI packages, this large initial investment in talent was crucial to our ability to be succesful in a locked down environment.

        • #3316834

          Try Spysubtract

          by dafe2 ·

          In reply to Locking machines & spyware

          That’s the only one that I know of that can run (On a client) without elevated priveledges.

          I also apply security to a couple of reg keys (Run etc..), on our standard images.

          herrmannator (as well) had some good advise re you financial apps.

        • #3343561

          Wow – You have THE answer!!! You should write a book!!! $Make Millions $$$$

          by jnoble9 ·

          In reply to Bingo!

          Ok, now I’ve heard it all. “A PROPERLY setup Windows box cannot be infected.”

          I would be very interested in seeing your definition of a “A PROPERLY setup Windows box”.

          As a matter of fact, I bet that several million people would like to know this information. Perhaps you could “enlighten” us “(so called) Admins” on how to keep ANY Windows box from being infected?

          From your post, it seems that you don’t even need 3rd party software to accomplish this.

          Are you saying that you have the magic answers that the enterprise has been seeking for the past 6+ years? And you haven’t yet capitalized on this Knowledge?

          I’d bet that even Microsoft might pay you a handsome sum if you could backup your ridiculous statement with a shred of fact.

          I would really like to see your post to this forum on how you can achieve your claimed “Bottom line”.

          Does the system have any connected access? What Anti-virus solution does it run? What services does it provide? What business environment does it run in? What business software is installed? Is it a laptop? Does it perform testing or development? Does it run VMWare? Does it have a bootable USB/Floppy/CD/DVD?

          Please O’ Great Sage Dafe2, Enlighten us poor, wretched “(so called) Admins”, we need your great brain to solve this plague that befalls us!!! (I’m melting all my gold fillings down to make a false idol to dafe2)

          Oh, please… get a clue.

        • #3330123

          Dude…

          by tonza ·

          In reply to Wow – You have THE answer!!! You should write a book!!! $Make Millions $$$$

          …you opened your rant with a close tag.

          You’re such a “(so called) amateur.”

          (just kidding)

          😉

        • #3343267

          Bottom line is … disputed

          by bigbenb ·

          In reply to Bingo!

          Some users are capable of getting their machines infected (and spammed, and browser-hijacked, etc) no matter how well they are locked up – unless they are locked up, out of reach. It’s not the “savvy” ones who do it, but those who can’t get Excel to open up twice in a row without assistance….

          Sorry. Bad day. Needed to get that off my chest. 🙂

      • #3343543

        Push product to get around the Lock Down

        by kathleenu ·

        In reply to Spyware on “locked down” PC’s??

        You can install and get around a locked down machine with additional products. We use BigFix to push spy sweeper out to all of our client PCs, regardless of the local security. It allows us to write a script to the agent on the PC that then runs the ?action? as a system administrator. There are many other products that do similar type of deployments, Tivoli, SMS, etc.

    • #3316950

      Enterprise Solutions are Rare

      by mert1 ·

      In reply to Anti-Spyware for the Enterprise?

      Per Gartner, current enterprise solutions for spyware detection and removal rate at about a 2 on a scale of 1-10. We currently use PestPatrol, and can attest to this rating. Although the product is adequate on an individual PC basis, it is not a true enterprise solution yet. I have heard (not first hand) that SpySweeper is at about the same level. I have downloaded CounterSpy and will be testing this as well. It is policy based, which looks more promising and is based off the Giant engine (recently bought by MS). Gartner’s recommendation to us was to use a stop gap solution until our AV provider comes out with an integrated solution for AV and spyware. McAfee is supposed to deliver somthing by mid to late ’05.

      • #3346631

        Symantec Enterprise 10

        by jeremys ·

        In reply to Enterprise Solutions are Rare

        Symantec AntiVirus Enterprise 10 is said to have full ?expanded threat? detection and removal capabilities. NAV 9 currently has rudimentary abilities. Many of my clients use NAV 8.1/9 (and are happy with it), there will be little to no learning curve. NAV10 should be released early 2005.

        • #3326693

          Where can i find more info on this?

          by herrmannator ·

          In reply to Symantec Enterprise 10

          Saymantec.com has pretty limited info regarding the capabilities of this forthcoming product. Has anyone actually reviewed the Anti-spyware capabilities of SAV yet and compared results against other products?

        • #3342597

          Symantec Corporate Edition 10 Beta

          by jnoble9 ·

          In reply to Where can i find more info on this?

          The SAV 10 product is in beta currently, and as a member of the beta program, I can attest that the product works, and is enterprise capable.

          I have tried too many of the other products mentioned here to name, but I am very happy with the direction Symantec is going with this product.

          It seems that this product is simply declaring any “threat”, be it virus, worm, spyware, adware, simply a “threat”, and dealing with it.

          The beta may still be open, but I’m told that the release of SAV 10 will be available at the end of March 05.

          I found out from my Symantec Sales Reps. I suggest that you call yours, and see what you can find out.

        • #3349177

          Aha

          by herrmannator ·

          In reply to Symantec Corporate Edition 10 Beta

          Looks like Symantec Corp Ed. version 10 is about to be released:
          http://www.symantec.com/press/2005/n050214.html

    • #3346447

      Spyware depends on Desktop

      by dcrowley ·

      In reply to Anti-Spyware for the Enterprise?

      Hi,

      There are many ways to get after this situation. We’ve tried one way in our labs and it’s working very nice. We use a product that doesn’t allow any changes to the machine and still allows saving to network volumes. It is enterprise is some respects and does need to coincide with your Acceptable Use Policy. We’ve taken the stance that the desktop and it’s configuration is the sole responsibility of Tech Services and Staff/Users don’t the right to change that. That includes Software installs and desktop changes. It wasn’t popular but it made a big difference. We globally turn the protection off everynight and allow virus update and OS updates to occur. We then turn the protection back on every morning. It works good and CA Innoculation can still get virus updates in-house and we can serve MS updates in-house. We were using Spybot and Ad-Aware at the same time but it still caused tech time to address machines that became infested. We chose to not allow infection and still use Ghost 8.0 to perfect images and role them out. Hope this helps. I realize this scenario brings us to a conclusing….. are we heading back to mainframe days or Microsoft Terminal Server where a new desktop w/ apps come to a machine at every boot?? Nobody could forsee the rapid evolution of adware/spyware/viruses but the products I’ve mentioned can make life more bearable. We curse Microsoft but remember, 3rd party software fixes pop up overnight to combat oversight and that is not a bad thing. Our usage of computers evolves and so should we on the support side. An old friend of mine from Russia told me one time…. No problems, no job!!!!

      • #3326599

        You ‘seem’ to appologize for this

        by dafe2 ·

        In reply to Spyware depends on Desktop

        I see it as a well managed network.
        We do the same thing including registry security and maintaing both RIS & Ghost images current.

        No user is permited to install software and even techs cannot run (their) desktop systems with admin rights. ‘Run as’ is used at all times for installs. This sounds harsh but it’s the way it is today. Many busineses today are going the Term Serv route for clerical staff & light user pc’s anyway.

        Business PC’s are corporate property…….end of story.

      • #3342656

        no problem, no job .. ?

        by michaeltsen ·

        In reply to Spyware depends on Desktop

        No problems no Job !!

        No problems more businesses !!

        Half empty or half full, its just ur viewpoint …

    • #3328524

      Enterprise Spyware

      by gvanscyo ·

      In reply to Anti-Spyware for the Enterprise?

      Bill:

      I am using SpywareX-terminator at my company. I worked out a good deal with Mike Moriarty of Stompsoft (www.stompsoft.com mikem@stompsoft.com) which reduced the per unit cost to about 50% of the single user license. I have yet to locate a better anti-spyware program, and I have tried them all.

      Gary

    • #3324361

      well i don’t know that much about the enterprise but…

      by startrekrocks ·

      In reply to Anti-Spyware for the Enterprise?

      I use adware pro. i mean i guess if you stop and think i didn’t pay but, from what I know about this program it would work for the business. i’m not sure how well your deployment would go. i guess that depends on how good you are at that kind of thing. So I would suggest trying adware personal maybe even just on a old dead machine, and see how you like it. it has add ons as well. but the professional adition looks pretty neat man. give it a shot. I mean what do you have to loose? Oh! As for pest patrol i didn’t care for it that much. Just didn’t seem to remove what it found.

    • #3323516

      Why use a software solution?

      by tundraroamer ·

      In reply to Anti-Spyware for the Enterprise?

      Enterprise level solutions will require overhead on your resources and unless you have excess capacity, it may slow some WebPages from loading in a timely manner or slow other process down.
      I would suggest you look into using an appliance to filter all your internet traffic. This is done at one point -right behind the firewall. All traffic must pass through this in both directions. While appliances can cost more than a software solution, maintenance is only at one point and pretty much manages itself after set up. Look at iPrism and Panda to see what I am talking about. There are others and all are scalable. Panda recently announced that they have a new product coming out that will search for and anticipate new problems and not just check against a list of known problems. I also use the Barracuda anti-spam appliance and am very pleased at its results and performance. Also, I would not rely on one type of solution for all your protection. I have a second tier of protection that is a software solution for anti virus & spam but the real work is done at the appliance level, so it does not add to the overhead problem.

      • #3342662

        the right concept to go with …

        by michaeltsen ·

        In reply to Why use a software solution?

        I agree with this approach but not the necessary the cost, apply the same concept ‘single point entrance control’ using existing resources is possible too.

        I don’t see ‘Enterprises’ necessary require an enterprise software solution. Most Enterprise software require high maintainece resource … and in this case, the same resource can properly be used to manage the effect itself. All you need is some scripting experience and current desktop solution you are using ….

        Ofcourse if you insist in paying the money, spin off a company to do above work so that this still become an expenses to your old company but ‘may’ become an additional income revenue …

      • #3343573

        Client Control is the key

        by jnoble9 ·

        In reply to Why use a software solution?

        While it may seem like a simple answer to use a centralized, single egress control system, there are major flaws with this thinking.

        1. All traffic must be inspected through this “Single” point, causing there to be a collapsed architecture. Most large (10,000+ clients) have distributed networks, with multiple egress points. This would require multiple hardware solutions.

        2. This only acknowledges a part of the overall threat. When a roaming laptop comes into the environment, what would stop it from cross-infecting it’s peers? The traffic would have to be 100% routed through this hardware solution to be effective, and there is no guarantee that it would be 100% effective.

        3. You note that web pages “might” be slowed down, yet haven’t touched upon the overall cost SAVINGS of having a client based, enterprise solution. I’m sure that a CEO/CFO would agree, they are willing to have a web page load .004% slower for a more secure and manageable solution.

        I would recommend watching the major vendors, such as Symantec, for their upcoming releases. While the classic AV Vendors have been slow to release new products to combat this threat, it is not without significant development on true Enterprise Ready applications to combat Spyware as a threat to the enterprise.

        While I feel that using appliances such as the ones recommended by tundraroamer, for a defense-in -depth security posture, it should NOT be in lueu of a solid client solution to mitigate the threats of Viruses, Worms, Trojans, Adware, Spyware, Trackware, and other threats.

        Just my 2?, YMMV.

    • #3342610

      WebWasher from CyberGuard

      by cdbrady ·

      In reply to Anti-Spyware for the Enterprise?

      PestPatrol is the best for a desktop solution.

      Gateway solutions are: BlueCoat (expensive), Finjan (slow on speds/feeds), eSafe Aladdin (incomplete protection) and WebWasher from CyberGuard. I have found WebWasher to be the best and most inclusive for a gateway solution. PestPatrol is the best for a desktop solution.
      I have used them all, email for more info cbrady@rbt-inc.com

      • #3343568

        Additional Products

        by jnoble9 ·

        In reply to WebWasher from CyberGuard

        You missed a few:

        Symantec Gateway Security Appliances – Firewalls that can perform AV/Threat Scanning inline, internal to the traffic flow

        Symantec Network Security 7100 Appliances – Network IDS/IPS, perform blocking of malicious payloads inline traffic, and traditional IDS functions, all in one appliance. Priced by aggregate bandwidth, regardless of how many of the interfaces you use.

        Symantec Client Security – Centrally managed, enterprise client firewall, with IDS/IPS, Trojan Port Blocking, network location awareness, and ad blocking / popup blocking. (Has kept me spyware/adware free for the past 9 months)

        Of course, I am biased, I have used Symantec products since 1996, and found them to be quite robust. I have used all of the products above, and I am currently beta testing the new release of SAV 10, due out in March of this year.

        Feel free to send me any questions, jnoble@noblesouth.com.

    • #3343540

      Try Sophos PureMessage

      by notespro ·

      In reply to Anti-Spyware for the Enterprise?

      I managed the evaluation and implementation of the anti-spam solution for my company (Large fortune 50 company).

      We researched all the prominent server based product offerings and selected Sophos PureMessage. See http://www.sophos.com

      We have great success with Sophos PureMessage. On average, we block 65% of all inbound Internet email. I continue to get praise from my customers about this project. They love it.

      Please note that no product can block 100% of the spam you receive. You need to set this expectation early in the project for all stake holders.

      Best regards,
      Henry

    • #3343525

      Symantec added that in to last AV version update

      by jdclyde ·

      In reply to Anti-Spyware for the Enterprise?

      With version 9 they added the adaware software.

      It has found stuff that was left behing after running AdAwareSE1.05 and spybot.

      You can make it run from the central server and clean much out from there. That is how I am spending my day today. Waa hooo.

    • #3343360

      Panda Software’s TruePrevent

      by schoolerj001 ·

      In reply to Anti-Spyware for the Enterprise?

      http://www.pandasoftware.com

      Nothing More needs to be said…

    • #3341817

      Not to try and sell you but…

      by chad.gniffke ·

      In reply to Anti-Spyware for the Enterprise?

      You are right, it is in its infantcy and that is why you need a solution that is multi tierd. I represent an outsourced IT firm thousands of nodes. We currently run Spybot and others to manage the spyware. The twist is we use a co-developed solution we call SiteManager to report and update the clients (even outside the LAN) on an automated basis. This way I am not tying myself to particular product today because it is so infant, and I have invested in a tool that you will blow your socks off. Feel free to contact me if I have peeked your interest. My solution is working with success today and I am adding to it on a weekly basis.

    • #3322093

      Look at LANDesk Software

      by nemesis”t”warlock ·

      In reply to Anti-Spyware for the Enterprise?

      LANDesk Software recently launched their LANDesk Security Suite Product.

      This combines Spyware detection, reporting and remediation with Patch Management, Security Threat Analysis, Application Blocking and Device Control (USB blocking/control etc).

      It is built to handle environments from 10’s of machines to upwards of 10,000 machines from an integrated console and can be fully integrated into their desktop management suite of products.

      Check out http://www.networkd.com for details.

      If you are truly looking for an enterprise toolset, then you could do worse than looking at this product.

    • #3337174

      different factors constituting “enterprise” and one possible suggestion..

      by gateso ·

      In reply to Anti-Spyware for the Enterprise?

      Hello,

      The concept of enterprise anti-spyware makes all the sense in the world. The line item you mentioned (central management) is a critical one and there may be a few others to consider:

      – alternatives to definition updates (check out http://www.handsfreentworks.com for their different approach)
      – extensibility, from Windows today and possibly Linux in the future
      – real-time detection, real-time response and exception handling to minimize enterprise event notification streams and remediate based upon enterprise policies/procedures
      – enterprise integration, from a reporting perspective (e.g. into a preferred reporting platform), or, quite differently, from a “unified” desktop functionality perspective, to minimize the number of vendors an enterprise needs to perform “standard” desktop functions
      – technology to support individual, unique enterprise requirements which may exist
      – ability to play a role in emerging future technologies such as “autonomic computing” and “grid computing” in the future.

      Gates

    • #3336395

      Our fixes….

      by graeme ·

      In reply to Anti-Spyware for the Enterprise?

      Central Management is currently a bit beyond for small organizations but:

      MS’s Anti-Spyware is at least proactive in protection, runs on a server and can be scheduled to scan daily.

      Counterspy – though supposedly the same “Giant” core – we found to be a performance dog.

      Ad-Aware – Full and deep scans – not Enterprise central managment – but a monthly sweep with it gets the deeper crap and sorts out the cookies. It can be loaded in memory to keep things sweet but we are still testing it in mixed mode with MS A/S.

      Spy-bot – we demoted it off the machines with the introduction of MS A/S. Its Tea Timer function was a good idea but confused users (the similar MS messages are in LSIGHTLY more intelligible English!). Spybot remains in the toolkit for “just in case”.

      Roll on the MS rollout of a “Super” version of Giant/MS A/S that has enterprise features.

    • #3335967

      What about TrendMicro

      by geekygirl63 ·

      In reply to Anti-Spyware for the Enterprise?

      TrendMicro has Enterprise solutions that cover both viruses and ad/spyware. Take a look at it, may be more expensive than you want. http://www.trendmicro.com

      • #3238597

        Have you used Trend Micro OfficeScan 7.0?

        by billserate ·

        In reply to What about TrendMicro

        Do you feel that this (OfficeScan 7.0) is an effective solution for blocking spyware?

    • #3348944

      Spybot S&D server version

      by martili ·

      In reply to Anti-Spyware for the Enterprise?

Viewing 23 reply threads