SolutionSeries: CounterSpy Enterprise is spyware defense built from the ground up

Sunbelt Software recently introduced CounterSpy Enterprise, an anti-spyware tool created "by admins for admins." The tool is designed to offer centralized, policy-based management, making it easier to protect against spyware in a corporate environment.

Sunbelt Software's CounterSpy Enterprise product is designed to help administrators combat spyware that threatens the corporate network. Although this is only the first version of the product, CounterSpy's ease of management and powerful features make it a strong candidate for you to consider as you design your spyware defenses. You can obtain a preview edition of the product by visiting the Sunbelt Software site. Here's a look at what the product offers.

CounterSpy components

CounterSpy consists of three components:

  • The CounterSpy Admin Console
  • The CounterSpy Server Module
  • The CounterSpy Agent software

The Admin Console provides a broad range of configuration and management options, which we'll discuss in depth in the next section.

The Server Module contains the workstation database, spyware definition database for download to the Agents, and other management-related data. The Server Module communicates with the Admin Console and the Agents using short XML bursts. This HTTP traffic, which utilizes SOAP, can pass through firewalls that are configured to allow such traffic.

The Agent software is installed on each network workstation. After installation, the program scans for spyware that is resident in memory, in the system registry, or on the computer's hard disk. The Agent can be configured to display a System Tray icon, or it can be hidden from the user's view.

Centralized management

CounterSpy Enterprise was developed independently from Sunbelt Software's CounterSpy personal edition. As a result, CounterSpy Enterprise contains an extremely well-conceived centralized management scheme. The CounterSpy Enterprise Management Console lets you perform a multitude of tasks. For instance, you can:

  • Install the CounterSpy client Agent on workstations located throughout the enterprise network. You can deploy CounterSpy using a silent push. Because the client Agent is available as an MSI file (in addition to being available as an .exe file), you can also deploy CounterSpy by using the user's login script, SMS, or an Active Directory Group Policy, or by allowing the user to install the application from a Web page.
  • Schedule spyware scans on individual workstations, several computers, or all of the computers on the network. You can scan for threats by using the Scan Now button or by scheduling either a quick or deep scan.
  • Configure e-mail alerts that notify designated people when spyware is detected on a client workstation.
  • Set the security level for various categories of spyware. For example, certain types of spyware, such as malware, constitute an immediate threat. CounterSpy lets you determine what action to take against a category of spyware.
  • Automatically deploy new spyware definition files to Agent workstations.
  • Create a variety of reports. Crystal Reports is bundled with CounterSpy, providing you with a full array of reporting options. You can select from the seven preconfigured reports or create your own.
  • Remove items that are quarantined on workstations. In fact, the items can be removed only by the centralized admin. Although this might appear to be an administrative headache, the configuration options in CounterSpy allow you to control what types of spyware are quarantined. This reduces the amount of quarantined programs to a manageable number.
  • Roll back items that were quarantined on just one machine, an entire policy, or the entire network. There is no rollback option for deleted items.

Using these powerful features, you can customize CounterSpy to meet your organizational requirements. CounterSpy doesn't scan for spyware when someone logs on to a PC, and it can't repair Winsock DLL files, but it does offer a wide assortment of configuration options that should meet most administrators' needs.

CounterSpy requirements

The CounterSpy Admin Console and Server Module components have the following hardware and software requirements:

  • A 1 Ghz P3 or higher
  • At least 512 MB of RAM
  • 150 MB of free disk space
  • The server requires MDAC 2.6 or greater

One of the following operating systems:

--Windows Server 2003

--Windows XP Professional

--Windows 2000 Server with Service Pack 3

--Windows 2000 Professional with Service Pack 2

--Microsoft .NET Framework 1.1 or higher

The CounterSpy Agent has the following hardware and software requirements:

  • A Pentium 200 workstation
  • At least 20 MB of free disk space
  • One of the following operating systems:

--Windows XP Professional or Home edition

--Windows 2000 Professional with Service Pack 2

--Windows NT 4.0 Workstation Service Pack 6

--Windows 98

--Window 98 Second Edition

--Windows Me

CounterSpy requires all servers and workstations to have Internet Explorer version 5 or later installed.

CounterSpy pricing

Table A summarizes Sunbelt Software's comprehensive pricing scheme for CounterSpy. Spyware definition file updates are free for one year, which is standard for the industry.

Table A

Small Business Network Kit: 10 machines
Includes the Management Console
Small Business Network Kit: 15 machines
Includes the Management Console
Small Business Network Kit: 25 machines
Includes the Management Console
30 - 99 machines (priced per license)
100 - 199 machines (priced per license)
200 - 499 machines (priced per license)
500 - 999 machines (priced per license)
1,000 - 1,999 machines (priced per license)
2,000 - 3,499 machines (priced per license)
3,500 - 4,999 machines (priced per license)
5,000 - 19,999 machines (priced per license)
10,000 - 19,999 machines (priced per license)
20,000 - 50,000 machines (priced per machine)