Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Sunbelt Software's CounterSpy Enterprise 1.5 Product Review

In this product review, get the pros and cons of Sunbelt Software's CounterSpy Enterprise 1.5 features, such as antispyware scanning, centralized logging and reporting.

Sunbelt Software's CounterSpy Enterprise 1.5
Sunbelt Software
Price: Starting at $255 for 10 users

Sunbelt Software's CounterSpy Enterprise 1.5


The swift emergence of spyware as a serious business problem has forced organizations to divert money and resources to address the threat. Traditional AV companies are incorporating antispyware technology into their product lines, while antispyware vendors upgrade their home-user products to enterprise-caliber.

In this fledgling market, Sunbelt Software's Count-erSpy Enterprise 1.5 is an attractive option for a host-based spyware solution.

CounterSpy's greatest asset is its comprehensive threat signature database, compiled by its researchers and from customers. Also, Sunbelt has access to Micro-soft's definitions until July 2007 under its licensing agreement with Giant Anti-Spyware, which has since been purchased by Redmond.

Administrators may also whitelist specific signatures enterprise-wide, or for specific policy groups. This is helpful, for example, if your IT staff uses administrative tools that could be construed as spyware.

In addition to scanning for signatures, CounterSpy's Active Protection technology monitors the system for changes characteristic of spyware--such as ActiveX installations, Browser Helper Objects and host file changes--to counter unidentified threats.

In our lab, CounterSpy detected the vast majority of the spyware we threw at it, including keyloggers and adware. It failed to detect one keylogger, although other spyware products we ran also failed to detect it.

Centralized administration and management is solid. Managers can group systems according to various policies based on operational requirements. CounterSpy provides loose integration with Active Directory by allowing the assignment of an MSI installer to a Group Policy Object, but we'd like to see future versions include tighter integration, such as assigning policies directly to AD groups.

CounterSpy offers many of the reports you'd expect to see in a malware filter. You can slice and dice the numbers in enough ways to keep even the geekiest report jockey happy, or simply turn to one of the seven excellent predefined reports.

We were especially impressed with the one-page Executive Summary that uses attractive visuals to present a high-level view of the proportion of infected machines on the network, the severity of those infections, the overall threat landscape, and the top offending machines and spyware programs.

CounterSpy offers several flexible deployment op-tions, including directly pushing the agent to clients through the administration console, Active Directory GPOs, Microsoft Installer packages or .exe distributions for client-side installation.

Some organizations may prefer to keep an eye on products integrated with traditional AV solutions and the developing market for antispyware appliances. Alternatively, CounterSpy Enterprise is a viable option for organizations that want a robust antispyware tool and are prepared to deploy another desktop client.


Article 3 of 13

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All