This article can also be found in the Premium Editorial Download "Information Security magazine: What's the best IT security advice you've ever received?."
Download it now to read this article plus other related content.
Sunbelt Software's CounterSpy Enterprise 1.5
Price: Starting at $255 for 10 users
|Sunbelt Software's CounterSpy Enterprise 1.5|
The swift emergence of spyware as a serious business problem has forced organizations to divert money and resources to address the threat. Traditional AV companies are incorporating antispyware technology into their product lines, while antispyware vendors upgrade their home-user products to enterprise-caliber.
In this fledgling market, Sunbelt Software's Count-erSpy Enterprise 1.5 is an attractive option for a host-based spyware solution.
CounterSpy's greatest asset is its comprehensive threat signature database, compiled by its researchers and from customers. Also, Sunbelt has access to Micro-soft's definitions until July 2007 under its licensing agreement with Giant Anti-Spyware, which has since been purchased by Redmond.
Administrators may also whitelist specific signatures enterprise-wide, or for specific policy groups. This is helpful, for example, if your IT staff uses administrative tools that could be construed as spyware.
In addition to scanning for signatures, CounterSpy's Active Protection technology monitors the system for changes characteristic of spyware--such as ActiveX installations, Browser Helper Objects and host file changes--to counter unidentified threats.
In our lab, CounterSpy detected the vast majority of the spyware we threw at it, including keyloggers and adware. It failed to detect one keylogger, although other spyware products we ran also failed to detect it.
Centralized administration and management is solid. Managers can group systems according to various policies based on operational requirements. CounterSpy provides loose integration with Active Directory by allowing the assignment of an MSI installer to a Group Policy Object, but we'd like to see future versions include tighter integration, such as assigning policies directly to AD groups.
CounterSpy offers many of the reports you'd expect to see in a malware filter. You can slice and dice the numbers in enough ways to keep even the geekiest report jockey happy, or simply turn to one of the seven excellent predefined reports.
We were especially impressed with the one-page Executive Summary that uses attractive visuals to present a high-level view of the proportion of infected machines on the network, the severity of those infections, the overall threat landscape, and the top offending machines and spyware programs.
CounterSpy offers several flexible deployment op-tions, including directly pushing the agent to clients through the administration console, Active Directory GPOs, Microsoft Installer packages or .exe distributions for client-side installation.
This was first published in August 2005