CounterSpy Enterprise 1.5
Price: Starting at $255 for 10 users
The swift emergence of spyware as a serious business problem has forced organizations to divert money and resources to address the threat. Traditional AV
In this fledgling market, Sunbelt Software's CounterSpy Enterprise 1.5 is an attractive option for a host-based spyware solution.
CounterSpy's greatest asset is its comprehensive threat signature database, compiled by its researchers and from customers. Also, Sunbelt has access to Microsoft's definitions until July 2007 under its licensing agreement with Giant Anti-Spyware, which has since been purchased by Redmond.
Administrators may also whitelist specific signatures enterprise-wide, or for specific policy groups. This is helpful, for example, if your IT staff uses administrative tools that could be construed as spyware.
In addition to scanning for signatures, CounterSpy's Active Protection technology monitors the system for changes characteristic of spyware--such as ActiveX installations, Browser Helper Objects and host file changes--to counter unidentified threats.
In our lab, CounterSpy detected the vast majority of the spyware we threw at it, including keyloggers and adware. It failed to detect one keylogger, although other spyware products we ran also failed to detect it.
Centralized administration and management is solid. Managers can group systems according to various policies based on operational requirements. CounterSpy provides loose integration with Active Directory by allowing the assignment of an MSI installer to a Group Policy Object, but we'd like to see future versions include tighter integration, such as assigning policies directly to AD groups.
CounterSpy offers many of the reports you'd expect to see in a malware filter. You can slice and dice the numbers in enough ways to keep even the geekiest report jockey happy, or simply turn to one of the seven excellent predefined reports.
We were especially impressed with the one-page Executive Summary that uses attractive visuals to present a high-level view of the proportion of infected machines on the network, the severity of those infections, the overall threat landscape, and the top offending machines and spyware programs.
CounterSpy offers several flexible deployment options, including directly pushing the agent to clients through the administration console, Active Directory GPOs, Microsoft Installer packages or .exe distributions for client-side installation.
Some organizations may prefer to keep an eye on products integrated with traditional AV solutions and the developing market for antispyware appliances. Alternatively, CounterSpy Enterprise is a viable option for organizations that want a robust antispyware tool and are prepared to deploy another desktop client.
This product review originally appears in the September 2005 issue of Information Security magazine.