Shopping for Antispyware Solutions

1
Shopping for Antispyware Solutions

• Jonathan Hassell
• jhassell_at_gmail.com

2
About Jon

• Books
• RADIUS, OReilly and Associates, October 2002
• Hardening Windows, Apress, March 2004 (2nd
  edition forthcoming 11/2005)
• Learning Windows Server 2003, OReilly and
  Associates, December 2004 (2nd edition
  forthcoming 1/2006)
• Using Windows Small Business Server 2003, Apress,
  April 2005
• Articles
• SearchSecurity.com
• SecurityFocus
• PC Pro Windows .NET Magazine Network
• TechNet Magazine

3
Agenda

• Does your company need an antispyware solution?
  If so, why?
• Are current AV systems effective in fighting
  spyware?
• How is the marketplace changing due to AV vendors
  introducing spyware scanning?
• Does freeware have a place in the suite of
  detection technologies?
• How do the various antispyware products stack up
  against each other?
• What are the pros and cons of acquiring a spyware
  product as Microsoft begins to bake antispyware
  technology into its offerings?

4
OneDo You Need a Solution?

• And why or why not?

5
The scope of the problem

• More than 80 of corporate PCs are infected with
  spyware
• 300,000 unique URLs distributing spyware/adware
  content
• Quadrupled since start of 2005
• Webroot Softwares Spyware Report
• Strained IT resources

6
What are we defending against?

• Varying descriptions and definitions
• WhatIs.com any technology that aids in
  gathering information about a person or an
  organization without their knowledge.
• Doxdesk.com program that gets installed on your
  computer which you never asked for, and which
  does something you probably dont want it to, for
  someone elses profit.
• Other parasites
• Cookies?
• Keyloggers?
• Misbehaving applications?

7
TwoWhat about current antivirus systems?

• Are they effective in fighting spyware?

8
AV vs. Spyware

• AV doesnt work for this
• How does fighting spyware differ from fighting
  other malware such as viruses and worms?
• Nature of spyware
• Methods of infestation
• Where does AV fit in an antispyware strategy?
• Two separate issues
• Integrated solutions (as youll see later) not up
  to challenge as yet
• Is it best to buy spyware bundled with AV or as a
  separate product?

9
Specific AV challenges

• Mass signature update
• Depending on vendors
• Corrupted downloads?
• Detecting Trojans
• Their inherent nature and method of spreading
  makes detection difficult
• Spotting malware (spyware, adware, etc.)
• Adware needs your system to work properly
• Can be disguised more easily since destructive
  capability is typically limited

10
ThreeThe AntiX Marketplace

• Traditional AV market players now introducing and
  revising antispyware offerings

11
Products

• LANDesk - LANDesk Security Suite
• McAfee - Anti-Spyware Enterprise Edition Module
• Omniquad - Antispy Enterprise
• Shavlik - Shavlik NetChk Spyware
• Sunbelt Software - CounterSpy Enterprise
• SurfControl plc - Workstation PolicySheild
• Symantec - Symantec AntiVirus Corporate Edition
• Symantec - Symantec Client Security
• Tenebril Inc. - SpyCatcher Enterprise
• Trend Micro Inc. - OfficeScan Corporate Edition
• Websense - Web Security Suite - Lockdown Edition
• Webroot Software - Spy Sweeper Enterprise

• Aluria Software - Spyware Eliminator
• Blue Coat Systems - ProxySG/ProxyAV
• Citadel Security Software Hercules
• Computer Associates - eTrust PestPatrol
  Anti-Spyware Corporate Edition
• EMCO Software Ltd. - EMCO Network Malware Cleaner
• Finjan - Vital Security Appliance Series NG-5000
  and NG-8000
• Finjan - Vital Security for Clients
• Finjan - Internet 1Box
• FutureSoft Inc. - DynaComm iscan SpySubtract
  Enterprise Edition
• InterMute Inc. - SpySubtract Enterprise Edition

12
Characteristics in current antiX offerings

• Active Directory support
• Reporting features
• Agent-based detection, with simple deployment
• Real-time protection
• Licensing
• Per user
• Subscription for updates

13
FourIs there such a thing as a free lunch?

• Does freeware have a place in your suite of
  detection and prevention technologies?

14
Absolutely!
15
Some examples of freeware

• SpywareBlaster
• http//www.javacoolsoftware.com/sbdownload.html
• Free for personal and educational use,
  inexpensive otherwise
• CWShredder
• http//www.spywareinfo.com/merijn/downloads.html
• Kills Coolwatch
• Kill2Me
• Kills other common, popular spyware
• http//www.majorgeeks.com/download4166.html

16
With limitations and exceptions, of course

• Very little, or even no, support
• Centralized management?
• Vetting of the tools
• Robustness
• Ease of use

17
FiveHow The Products Stack Up

• Similarities and Differences

18
Selling points

• Anti-malware solutions use active protection
• Dont just look at files on a disk
  (signature-based guarding)
• Profile running programs and their activities
• Options will include integrated suite
• Bad idea for now
• Automatic hardening of host system
• Prevention of infestation in the first place

19
What to look for, part II

• Solid manufacturer
• Frequent updates
• Robust updates
• Constant evaluation and competitiveness
• Dog-eat-dog
• Annual revisions
• Responding to new types of threats
• Centralized management
• Absolutely critical
• Elimination of sneakernet
• Reduces per-client support cost

20
Products

• LANDesk - LANDesk Security Suite
• McAfee - Anti-Spyware Enterprise Edition Module
• Omniquad - Antispy Enterprise
• Shavlik - Shavlik NetChk Spyware
• Sunbelt Software - CounterSpy Enterprise
• SurfControl plc - Workstation PolicySheild
• Symantec - Symantec AntiVirus Corporate Edition
• Symantec - Symantec Client Security
• Tenebril Inc. - SpyCatcher Enterprise
• Trend Micro Inc. - OfficeScan Corporate Edition
• Websense - Web Security Suite - Lockdown Edition
• Webroot Software - Spy Sweeper Enterprise

• Aluria Software - Spyware Eliminator
• Blue Coat Systems - ProxySG/ProxyAV
• Citadel Security Software Hercules
• Computer Associates - eTrust PestPatrol
  Anti-Spyware Corporate Edition
• EMCO Software Ltd. - EMCO Network Malware Cleaner
• Finjan - Vital Security Appliance Series NG-5000
  and NG-8000
• Finjan - Vital Security for Clients
• Finjan - Internet 1Box
• FutureSoft Inc. - DynaComm iscan SpySubtract
  Enterprise Edition
• InterMute Inc. - SpySubtract Enterprise Edition

21
SixWhat about Microsoft?

• The pros and cons of acquiring a spyware product
  as Microsoft begins to bake antispyware
  technology into its offerings

22
What about Microsoft?

• MS Antispyware
• Acquired from Giant
• Client-only offering
• No enterprise features
• MS OneCare
• Consumer-based
• Other disaster recovery tools
• Antivirus currently offered
• Subscription based
• Enterprise efforts?
• 2006Separate products
• Windows Vista
• Longhorn Server