Spies in Every Corner

So you will hear a lot about spyware these days - how to penetrate a system, slow as a snails pace computer, open a dangerous security vulnerabilities. So what is spyware? In its narrowest definition, spyware tracking software is installed without adequate notice, consent or control of the user. This is the official definition of the provision of the new anti-Spyware Coalition (ASC), a group of software and hardware vendors, academics and consumer groups that have joined forces to tackle this growing threat.

Today, the majority of anti-spyware tools against individual users. Microsoft anti-spyware software (now called Windows defender), is a good example - its a local operation process is personal to each machine. If your organization has the number of PCs, but after, you will be more interested in things you can manage from a central location, through specific policies. This is the concentrated solution included in the review.

we have contacted a number of vendors have enterprise-class anti-spyware software solutions. 4 to product evaluation - Computer Associates pests patrol Enterprise Edition, Lavasoft Ad - Aware of enterprises, enterprises and Sunbelt software counterspy Trend Micro anti-spyware for SMEs. Others refused to participate.

And Webroots software did not participate, my company an interesting way to update its phileas threat research system (ptrs). Phileas fogg named after the hero of Jules Verne around the world in 80 days, ptrs is webbot can scan pages around the world to identify potential threats, and to update its spyware definition files.

Most vendors integrate research into spyware its virus research system. For example, Sunbelt Software companies threatnet software used, a global network of gathering threat, as users identify. Lavasoft also adopted a system based on user-submitted lavasoft research through its portal. Computer Associates support its security products developed by the CA Security Advisor, which provides vulnerability and configuration research, on - on a 24-hour monitoring and protection against malicious code, spyware and blended threats. Like other centres, CA Security Advisor also maintains an online database of spyware threats, and offers users free advice on how to delete malicious code and prevent infection.

Although the products reviewed here , it is the spy-oriented, you may wish to integrate anti-virus and anti-spyware management tool. We note that the potential of combining these two features are possible. There are two schools of thought on this topic. Integration of the first two features to simplify system management and administration. The second option Individual tools, in order to increase the coverage of the potential. Both are effective approach.

Test environment and methodology test environment is a # 160 Windows-based network running Windows Server 2003 and Windows of XP. All machines are so far in the service packs, patches and the software and security updates.

We reset all testing machines, to clean countries, we test. Once we have set up a system of each anti-spyware, we focused on testing equipment and known malicious Web sites. Well, they threw us a few spyware programs, and they have to look at how each of these anti-spyware packages will detect and remove malicious code. Circumstances, malicious blocked and the purpose is to see how good security system will be the elimination of harmful procedures.

We used a famous one The so-called spy marketscore (also known as netsetter). This one is particularly bad because it promotes itself by claiming to speed up Internet browsing marketscore agents can use the Internet. In reality, it provides little or no actual acceleration.

Marketscore what it is to monitor and record all activities, and even activities use Secure Sockets Layer (SSL), with a view protected sites, such as banks or commercial sites. This means that marketscore can capture any private data exchange a website. (Installation agreements, and at the national small print of this tool can monitor your activities in the web browser).

Any tools to protect our system by more than 95 per cent of the espionage tactics, which have exposed the system scored high in our book. Since all the procedures in this list made this degree of protection, we focus on the characteristics of enterprises - features such as as installation, deployment to the client system and remote management. The key to protection is to update the malicious software and installation definition files. Any system that allows you to fully automate critical functions and control, from a central location it is also ranked high. s ETrust Pest patrol Enterprise Computer Associates, Pest patrol, has long been a popular anti-spyware tools individuals. Recently purchased by Computer Associates (calcium), it is now part of the eTrust Threat Management suite. Enterprise Edition pests patrol, a central console running on a server and a client component. Console lets you manage customer policies, and distribute updated definition files. Client both can be fully agent or a basic command-line agents.

Environment and less than 500 machine , you simply install the console, configuration server, and then by scanning clients. Data files as a known pest updated automatically installed on the server, so you know when you are outside, timely. It will be very good if all the updated files are merged into a download, but it is good to know that the server is the latest version before you Firstly, it was the first time. Once the server is configured correctly, its time to scan the client (see Figure 1). When you first do, the client agent is automatically installed, which makes the deployment of instant. Pest patrol utilization of the Active Directory (AD) and Web browsers find customers, but also simplify the procedures. If you have the machine in the advertisement, and then pest patrol will find them all on the first permit. If not, we have a little more complicated, but still not a major task.

Figure 1. Pest patrol, there is a simple interface with you all the configuration and administrative operations. (Click image View larger version).

According to pest patrol best practices, the use of default only if you have not less than 500 customers, the deployment may be necessary longer, and more than 500 customers. Under such circumstances, you need to change the default command-line agent with the agent. The agents will not automatically deploy pest patrol. You need to do it as a separate software components through another deployment tools. In addition, the command line is estate planning agent (Generation Expansion), and not a Windows installation package (belt. MSI Extension), so you need for a third-party tools, such as Microsoft Systems Management Server, or even software delivery.

If you prefer to use Active Directory, you must use the package into an MSI first. Taken tool you use, be sure to actually perform such a deployment before you scan any machine. Scanning their agents will be installed by default, you should not have two pairs of the same machine.

Pest patrols and actively support scanning. This means that agents will be provided continuous scanning for any threat, in the systems operation. Make this the most effective way, though, you should run a preliminary scan before any pest Speaking about the positive protection. Thus, it can remove any existing spyware, and then it started operation continued protection to make it more simple, with fewer resources.

When it found suspicious espionage, pest patrol, delete or quarantine files. You might prefer to quarantine any item found so that you can see them before they are deleted. You can be resumed any element of isolation, if you determine it is not spyware. After a while, you may want to set the system to delete all files of unknown, and that is what you want to keep in the exclusion list.

Another pest patrol, the most it is good to restart the client, conducted on a regular basis because some spyware is not completely removed until you push that reduction.

Pest patrol is very simple to install and operation, in particular, is less than 500. A larger network, you have two choices: move to the command-line agent or the deployment of a multinational servers - for each group of 500 customers. Said, the default agent with more than 500 groups, but its performance has begun to decline at that level. In addition, more than one central server defeats the purpose, there is a central location for enterprise management.

Pest patrol determined, but not fully Elimination marketscore. For this special espionage, counter-espionage calcium recommendations unloading site either through Add / Remove Programs components of the control panel or through a special command-line settings.

(click Image View larger version).

own ad hoc Perception Enterprise lavasoft corporate version of the advertisement is almost identical to that of the professional version. The only major difference between the two ad hoc axis central management console.

Installation and deployment of ad hoc perception itself enterprises is relatively simple. The first reason is the axis on the deployment of ad hoc central management server. And the deployment of ad hoc axis client components and the rest of the ad hoc sensing system to your customer. All components are used on Windows installation process, so you can use Active Directory or third party deployment tools. Only in this way can we truly catch up in the process is to determine through the port of the client and server connectivity. By default, this is the TCP port number 10020, therefore, if you choose the default, it is necessary to ensure that it is open in your firewall, so you can control the customers activities.

Set up an ad hoc central axis only console moment. Ensure that the definition files, as of now, to update in real time. Well, you schedule two events (see chart 2). The first time was when and how to recover definition files distributed to the client system. Second, we need to regularly scan your system. Is that simple. In fact, the entire help file, the console has not more than 13.

Figure 2. You use ad hoc axis console to manage advertising network know that you download the updated definition files and scheduling, periodic inspections. (Click image View larger version).

the most interesting part of that is advertising code sequence identification (CSI) technology. Unlike initiative group, you may know, the television, this initiative before the crime, take the initiative to scan any untoward incident, and for your machine. Initiative will be able to offer to lock sections of the registry, block cookies and even a pop-up window. Favorite anti-spyware system, the initiative relies on definition files to identify spyware, but it can also prevent unknown variants are looking for that type of behavior, you will expect from spyware. This is a very good initiative management technology. After all, the updated definition files are usually only after the spyware has been identified.

If you lock your system and advertising awareness, but still want to allow some changes to the registration, you can edit rules so that certain types of activities, while protecting the system from all other countries.

Ad hoc perception, but also include a Special analytical tool, the so-called process, which lets you view the process of running any computer, the scanning process, known spyware, check components with a process, and killed or terminate any running process. This is a very useful real-time scanning.

Overall, advertising awareness is the very simple to use and deployment. It might be better if the ad hoc axis awareness and advertising professionals were more integrated deployment purposes.

For newcomers, this is not very obvious All you need to deploy two separate tools to your advertising awareness enterprises to normal work, in your network.

A Nice, will ensure that Whenever initiatives Station unknown variants, it immediately report to the central console and lavasoft research portal, in order to better track the current spyware. For, it seems that, you need to report on their own. Perception ad hoc recognition, but did not completely wipe out the marketscore. You have to manually delete all the components of the document, so as to completely remove it from your system.

Counterspy enterprises Sunbelt Software Sunbelt Softwares counterspy enterprises are made three different components: a management console, server and client management agent. Again, if you have ads, you can use it find customers and promoting agent from the console directly to the client system. You can also use their own third-party delivery system to promote customer agents.

Because it is so easy to make, in the management console, you may be better-off doing it this way. Of course, you need to have remote management capabilities, can be on the target system to promote the use of the console tool.

Counterspy business is simple to install and deployment, as it also comes a Windows installation files. It also uses TCP port for communication, but this time you have seven port configuration. By default, it uses port 18082 to 18089, which covered everything from agent to each of the communications console management processes counterspy. This means that a large number of open ports on the firewall. In addition, the counterspy is the only anti-spyware tool, the need to reboot the server.

Counterspy works through policy. Define a policy on the server and the server, will be distributed to all customers. As long as the policy in place, the clients behaviour was modified to meet the requirement that the central policies. One drawback is that this agent, it seems entirely dependent on the definition document provides a Sunbelt Software Corporation.

, On the other hand, configuration election to the rules-based policy is very effective (see Figure 3). For example, when you can take the initiative to monitor, you have a whole series of events, you can control. These include whether to allow ActiveX installations, INI file mapping, Browser Helper Object, such as context menu items. Its a very extensive list, you can set up each quickly to allow or prevent the default action.

Figure 3. The management console counterspy numerous configuration options for the establishment and deployment policies. (Click image View larger version).

policy pattern is very amiable, perhaps the best of all the products that. You only need for each tab interface. You can even copy of the policy, you only need to make some changes. You can also use the Export feature backup policies, and import feature, in order to restore them. This means that you can create and test policy, in a laboratory environment, and then they moved to the production environment, in a few simple steps. This is certainly a convenient function.

Counterspy is one of the only tools This runs counter to check with a local database. The default is the Microsoft Access database with all its inherent limitations, but you can change it to run SQL Server 2000. Counterspy provide good protection is easy to deploy and are in place, especially if you are using the arrears. It has a good interface, it seems to give you more control over than other tools to be reviewed.

Counterspy identify and eliminate marketscore. Have nowhere to leave it after removal. Counterspy also available for free download to remove this particular threat. Anti-spyware, SMB Trend Like other anti-spyware tools reviewed here, Trend Micros anti-spyware software for the SMB (small to medium-sized enterprises) is a client - server applications. It relies on a database to store status information and other data, and network server operating requirements, the interface is based entirely on the WEB. Because of its design and operation of Windows, but the strange thing is, whether it is the network or database server from Microsoft.

Instead of using the Microsoft SQL Server Desktop Engine (MSDE instance), counter-espionage, for the SMB use MySQL. Rather than use the Internet Information Services (IIS), anti-spyware, SMB installed Apache Web server, even illegal immigrants who have been in your system. This may be a major obstacle in the exclusive shops running Windows or Microsoft software.

(Click image View larger version).

although this unusual combination of easy to install. Installed server is the first step. Database and Apache server installation in the background tips to users. It should be noted that the accounts of anti-spyware software for SMEs operators need domain administrator privileges, which is a bit unusual. Anti-spyware software running on port 8088 by default, but you can change this situation. A good thing is that it not only requires you to open a single port in the firewall.

Trend Micros anti-spyware Some is made up of numerous components, including network console, which feed a well-off society in the database, Web services running on a server. Server management agents definition updates, and submitted to the trend of scientific and technological research center spyware, when it found new spyware. This agent is also responsible for the management of all communications with the client agent. In fact, Acting components clean, and protection systems. This includes a couple of small parts. Venus is the first spy traps, and actively monitoring and protection system on the basis of documents provided a definition of the server. The second is cwshredder. This is specifically designed to eliminate CoolWeb mutation of the espionage threat.

Deployment of agents is very easy , as long as the proxy configuration policies to automatically install agent after the discovery of a new machine (see Figure 4). You can use the default (global_default), or establish a new policy for specific groups of machines. Once you set a policy, you only need to monitor events, and to ensure that definition files are up to date. You also can be installed through MSI and advertising agents or third party deployment tools. Like others, the use of simple tools, and has set up a. To see whether it meets your Windows network, it depends on the standards and strategy, you must be put in place.

Figure 4. You deployment and management, Trend Micros anti-spyware software for small and medium enterprises, mainly from a single screen. Set to automatically deploy, we must ensure that any exclusion is the establishment of an independent screen and you do. (Click image View larger version).

Trend Micro anti-spyware software to determine, but it will not automatically deleted marketscore. You need to follow specific procedures in order to completely eliminate it, which involves all of the victims have been detected by anti-spyware software, anti-spyware and then running again to complete the relocation. Spy on the spies All of these tools provide qualified anti-spyware protection. Not any internal integration of the four anti-virus suites. Of course, you can see that as an advantage, because it allows you to use the best of breed anti-spyware tools, regardless of which anti-virus software, you are being used. However, a fully integrated products, use the same agents and definition files may easier to administer.

Trend is the cheapest technology However, we think that it makes sense in Windows-centric shops. Sunbelt Softwares counterspy with the most complete configuration interface of the four. CAs pest patrols, nor did a great job seekers simplified installation and configuration, and maintain administrative activities and straightforward.

However, it is basically scanning and protect your engine pursuit. All of these products work well done, can detect and remove spyware, in any species, but a proactive scanning engine, left a deep impression, the most important thing is LavaSofts. Of the four countries, it is the only one which includes scanning unknown threats. Initiative can actually start locking sections of the Registry, the articles do not necessarily protect you from being in the definition of a document. This seems like a bonus for anyone interested in the full and complete spyware protection.

Real problem with spyware is unauthorized software facilities. If the desktop is locked down, user workstations operating in user mode, there is no executive power, then you should not have too much anti-spyware problem.

Thus, how to become spyware number one problem in the malicious software? One answer is that many organizations treated like Windows 98, Windows XP, and to give their users local administrator privileges. If you continue to use this type of policy, you will never see the end of the spyware problem.