Feature

Sunbelt Software's CounterSpy Enterprise 1.5 Product Review

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: What's the best IT security advice you've ever received?."

Download it now to read this article plus other related content.

Sunbelt Software's CounterSpy Enterprise 1.5
Sunbelt Software
Price: Starting at $255 for 10 users

    Requires Free Membership to View

Sunbelt Software's CounterSpy Enterprise 1.5

 

The swift emergence of spyware as a serious business problem has forced organizations to divert money and resources to address the threat. Traditional AV companies are incorporating antispyware technology into their product lines, while antispyware vendors upgrade their home-user products to enterprise-caliber.

In this fledgling market, Sunbelt Software's Count-erSpy Enterprise 1.5 is an attractive option for a host-based spyware solution.

CounterSpy's greatest asset is its comprehensive threat signature database, compiled by its researchers and from customers. Also, Sunbelt has access to Micro-soft's definitions until July 2007 under its licensing agreement with Giant Anti-Spyware, which has since been purchased by Redmond.

Administrators may also whitelist specific signatures enterprise-wide, or for specific policy groups. This is helpful, for example, if your IT staff uses administrative tools that could be construed as spyware.

In addition to scanning for signatures, CounterSpy's Active Protection technology monitors the system for changes characteristic of spyware--such as ActiveX installations, Browser Helper Objects and host file changes--to counter unidentified threats.

In our lab, CounterSpy detected the vast majority of the spyware we threw at it, including keyloggers and adware. It failed to detect one keylogger, although other spyware products we ran also failed to detect it.

Centralized administration and management is solid. Managers can group systems according to various policies based on operational requirements. CounterSpy provides loose integration with Active Directory by allowing the assignment of an MSI installer to a Group Policy Object, but we'd like to see future versions include tighter integration, such as assigning policies directly to AD groups.

CounterSpy offers many of the reports you'd expect to see in a malware filter. You can slice and dice the numbers in enough ways to keep even the geekiest report jockey happy, or simply turn to one of the seven excellent predefined reports.

We were especially impressed with the one-page Executive Summary that uses attractive visuals to present a high-level view of the proportion of infected machines on the network, the severity of those infections, the overall threat landscape, and the top offending machines and spyware programs.

CounterSpy offers several flexible deployment op-tions, including directly pushing the agent to clients through the administration console, Active Directory GPOs, Microsoft Installer packages or .exe distributions for client-side installation.

This was first published in August 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: