This article can also be found in the Premium Editorial Download "Information Security magazine: Identity crisis solved: Tips from a top identity management expert."
Download it now to read this article plus other related content.
|Consumer vs. Enterprise|
Most of the vendors whose enterprise products we tested also market a consumer-grade antispyware product. In fact, most enterprise antispyware tools are repackaged consumer products, with a management front end. At the outset of our testing, we expected that the enterprise tools would offer at least the same level of protection as the consumer products, but we were wrong. In every case where a vendor supported behavior-based detection, the enterprise tool was far weaker by default than the consumer product.
Vendors told us they feared breaking corporate applications, and thus purposely dumbed down their protection for enterprise customers.
Bottom line: If you've fallen in love with a consumer antispyware product at home, don't assume that you will have the same protection from the same vendor in your enterprise.
--Ed Skoudis & Tom Liston
Controlling interaction with users. Given the business case for reducing help desk calls, all the products follow this cardinal rule: "Thou shalt not interact with the user." Messages indicating spyware trouble that are displayed to the user might cause yet another help desk call, so such interaction was turned off by default.
Some of the vendors offer options for increased interaction, such as allowing the user to order an on-demand scan or to see alert messages, while others offer no user interface at all. We believe that there can be value in giving enterprises the option to allow users to conduct a full scan, perhaps saving a help desk call.
McAfee offers the most flexibility in configuring user interaction, giving admins fine-grained control to display or turn off components of the user GUI, including the ability to launch scans. McAfee also lets admins define a password for administrative control to the client, so a roving troubleshooter can correct a problem.
Webroot offers the choice of a pop-up or minimized icon in the tool tray for allowing or prohibiting user-initiated scans. Similarly, eSoft displays a tool tray icon to let a user start an on-demand scan--if an enterprise wants to enable this option.
CA's only interaction with users is to pop up a request message when the enterprise management console initiates a scan, giving users an option of delaying the scan by several minutes so that they can save their work. Trend Micro and SurfControl won't allow user scans or display anything when a scan starts up; Trend Micro's obscure command-line scan initiation is helpful for support personnel.
Lavasoft offers no user interaction configuration by default, opting to keep the user out of the process. But, an adventurous user can easily find Lavasoft's directory under Program Files and invoke various .exe files to run or alter Lavasoft's installation. This is another indication that the management GUI is an overlay of the consumer product.
This was first published in May 2006