Spyware looks set to take over the top spot from spam as the biggest threat to business productivity and security. The deluge of spam has resulted in a wide range of software products and appliance-based solutions to combat this menace, but up until recently most anti-spyware solutions have been aimed at the consumer market. Enterprises are just as vulnerable and we are now starting to see vendors taking the threat of spyware at the corporate level just as seriously and vying for a piece of this lucrative market.
Along with its standalone and SMB versions, CA now brings its PestPatrol Anti-Spyware software to big businesses. The Corporate Edition on review differs substantially from its smaller brethren as it is designed to be managed and deployed from a single administrative console. A key feature of PestPatrol is its ease of use – the software is, indeed, very simple to install and swift to deploy.
The central console opens with a list of all available workgroups and domains on the network along with four tabbed folders for easy access to the various settings and controls.
Agent deployment on similar anti-spyware products such as Webroot Spy Sweeper Enterprise 2 is generally handled by login scripts, AD group policies or manually, but you do not need to use any of these because PestPatrol automates the whole process.
The list of computers and servers can be customized by using different profiles, making it easy to select multiple systems. From the Interactive Scan tab, for example, you can select groups or individual systems and start an on-demand scan. Progress is shown in a simple log window at the bottom of the main interface. Any scan errors or detected spyware will change the icon for the relevant system to alert you to any problems.
When a manual scan is started for the first time, PestPatrol simply downloads the agent without any user intervention. It is copied to a directory on the system's local hard disk and started remotely whenever a scan is requested.
Users can try removing the software, but PestPatrol checks to see whether the agent is already installed on the next manual scan and simply copies it back down.
Real-time protection can also be deployed from the console. Just select the systems you want to activate this for and PestPatrol loads two new services on the target systems, which will scan memory and all cookies and delete anything deemed spyware.
Processes that fit its spyware profile will also be killed. Systems running Windows 98, ME or XP Home do not support this technology, however, and can only be protected using PestPatrol's command line scanner.
The beauty of the PestPatrol method is that your users will be completely unaware their systems are being protected.
For manual scans, you can elect to include or exclude memory, the registry, cookies and common file locations. You can also add your own paths and select all hard disks as well. Multiple file and folder exclusions can be made by editing a text file used by PestPatrol on the management system.
Three actions are available, so you can leave PestPatrol in passive mode where it logs all activity, or you can have all spyware deleted or moved to a quarantine area.
A scheduler is also provided for running scans on selected profiles, groups and systems at regular intervals. The same criteria for manual scans can be applied.
Reporting facilities are fairly basic, but you can generate custom reports on all detected spyware or select a pest from a huge list or specific categories such as adware, dialers or trojans.
Testing was conducted on a Windows domain with a mixture of 2000, XP and 2003 members.
We accessed websites known to deliver spyware and also seeded systems with nasties including key loggers, trojans, adware and search hijackers.
Manually scanning each infected system was swift, with PestPatrol taking between 90 seconds and two minutes for each client.
Identification was good – PestPatrol picked all the spyware and listed them in its log file. Cleaning was not so effective, because although it removed the more dangerous spyware, it did leave behind some adware processes and a few registry entries.
As a comparison, we also used Webroot Spy Sweeper Enterprise 2, which was more effective. Spy Sweeper's scanning process took much longer, with an average of around five minutes per system.
Admittedly, one method of dealing with spyware is to enforce an acceptable use policy (AUP) for web access, but this can be costly for an enterprise to implement.
Although CA's PestPatrol is more basic that some competing products, it does represent good value, is totally transparent, and is very simple to both deploy and configure, making it easier to manage on large networks.