This article can also be found in the Premium Editorial Download "Information Security magazine: How security pros can benefit from information sharing."
Download it now to read this article plus other related content.
Price: Starts at $39.95
If spyware was only a desktop problem on home PCs, vendors wouldn't be rushing to get enterprise-grade products to market. Webroot has expanded on its respected workstation product with Spy Sweeper Enterprise, complete with client-server technology that gives security managers the ability to install, update and monitor distributed scanners from a central console.
Spy Sweeper is a good first effort with some strong management features, but it lacks a Web-based console and strong reporting capabilities.
Spy Sweeper can be distributed in minutes through login scripts or Active Directory group policies. The management console can be configured to poll Webroot's update server for malware updates.
The versatility of Spy Sweeper's admin console is impressive, enabling security managers to organize clients into logical groups for flexibility and multiple configurations. Policies can be applied globally, by group or individually. For example, the users in the management group may have a policy that dictates their workstations are scanned at 6 p.m., while the operations group is scanned at 1 a.m.
Spy Sweeper configurations are also controlled through Active Shields, which are simply configuration locks that prevent malware from doing such things as hijacking a browser or resetting the home page.
Spy Sweeper's scanning schedule is equally flexible and offers on-demand scans, a feature that comes in handy when a keystroke logger suddenly shows up on the network.
Nevertheless, Spy Sweeper falls short in a couple of areas. There's no Web-based management console, which should be standard for any enterprise-caliber product. Webroot says it will include this in an upcoming version.
Also, its proprietary database and reporting features are weak. The reports are locked on the management console and there's no auto-generating option. As a result, security managers must sit at the console and read the information off the screen. Reports can't be saved to a file or exported, and can only be printed at the console. The only other sources of information are e-mail alerts about spyware infections.
That said, the console provides a wealth of information: workstation-by-workstation data and history, infection trends, and enterprise collection and quarantine data. Spy Sweeper reports infected nodes by IP and MAC address, as well as information regarding the offending malware.
Webroot Software is recognized as a leader in the consumer spyware market. With the Spy Sweeper Enterprise release, weak reporting and lack of a Web-based console notwithstanding, it's making a statement as a contender in the enterprise antispyware market.
This was first published in January 2005