Omniquad AntiSpy Enterprise Edition
Omniquad's AntiSpy is one component of the company's Enterprise Manager framework. The other components—Surfwall (Web content filtering), Inventory Tracker, Instant Remote Control, Activity Monitor, and network-security tools—are available separately. I followed the instructions in the HTML-format Install Guide to install AntiSpy on my server and clients. The documentation is extremely thorough and even includes XP SP2 client-configuration instructions. Omniquad AntiSpy Enterprise Edition uses a database back-end for which you can use either a Microsoft SQL Server or Jet database engine. I used an existing SQL Server implementation to host the AntiSpy databases, which the setup program configured.
After setting up and launching the Omniquad Enterprise Manager, which Figure 3 shows, a message prompted me to install the Desktop Control Client component. On XP, Win2K, and NT clients, you can use the Omniquad Deployment Assistant to automatically push the client out, and on Win9x clients, you can run an executable manually or via a logon script to install the client. I used the Omniquad Deployment Assistant to push the client out to my test systems. This helpful, automated deployment tool provides a lot of flexibility for targeting systems for installation. To assist with troubleshooting and asset management, the product also provides an inventory tool that creates a brief HTML hardware and software inventory list for client systems.
I performed a quick manual scan of the test client using Report Only mode, and Omniquad AntiSpy Enterprise Edition found most of the threats on the system. I used the Reports feature to see the threats that were identified on each system. Reports are available only in HTML format, but they're available to others in your enterprise without requiring additional software installation. To apply a desired set of antispyware rules, Omniquad AntiSpy Enterprise Edition uses policies targeted to usernames and computer names. Unfortunately, because of some confusion regarding groups of users and computers and an incorrect icon in the Administrator's Guide, this step required an inordinate about of time to figure out. It turns out that the product permits only one group (proprietary to this tool), to which you can add the users or computers that will apply the settings you specify.
After creating a group policy (not to be confused with Windows' Group Policy), I added my test systems and configured a scheduled scan, setting options for threat deletion and real-time protection. The product sends the policy to clients immediately unless you cancel it. In my testing, all the clients ran the scheduled scan and I viewed a report to verify that they detected and removed known spyware.
Omniquad AntiSpy Enterprise Edition performed as expected, but elements of the UI are a bit cumbersome. The product lacks some desired enterprise-level features, such as alerting and flexible reporting. On the plus side, the built-in inventory tool will be very useful to some organizations.
CounterSpy Enterprise
Sunbelt Software was preparing a CounterSpy Enterprise release candidate at deadline time, so I tested the beta 2 version of the product. When you run the CounterSpy Enterprise installation program, you can choose to perform a complete installation or install only the CounterSpy Enterprise Admin Console. I installed the full CounterSpy Enterprise Server on my test system, and the software prompted me to reboot upon completion.
To deploy and prepare the software in my test environment, I consulted the "Quick Start Guide" section of the PDF-format User's Guide for CounterSpy Enterprise. From the Admin Console, which Figure 4 shows, I added my test clients to the default policy and confirmed the deployment of the agent to those systems. The software deployed the agent to XP SP1 systems without incident, but on the system running SP2 I had to configure the firewall to enable file and printer sharing before the remote installation could succeed. The agent is also available as a Windows Installer (.msi) file that you can install by using other deployment mechanisms. After installing the agent, I performed a manual scan on the test systems, and because Quarantine was set as the default action for detected spyware, the product quarantined all the threats.
You can manage quarantined items on a machine-by-machine basis, or you can work with all items by accessing the Quarantine page. On the Quarantine page, I could view all quarantined items for the test systems. From there, I could drill down to get more information about each threat, including in which areas of a system it appeared. I could also perform Unquarantine and Delete operations on the quarantined objects, either systemwide or on individual machines. CounterSpy Enterprise also offers useful reports for monitoring and analyzing threats and keeping track of your progress in removing them.
You can apply different sets of rules to groups of systems by creating Policies, then applying the settings you want for each Policy. For example, I created a Policy called Delete All Threats and placed my test systems into that Policy. Then, I configured a custom scan schedule and scan settings, instructing the software to remove all threats by default. You can also configure parameters such as email notifications and allowed threats at the policy level.
I found CounterSpy Enterprise's interface to be fairly intuitive and powerful for managing antispyware protection for Windows clients. The product is designed to be an enterprise-class system and appears to have the groundwork to succeed in that category. I suffered only a couple of minor problems while testing the beta version, but nothing impeded CounterSpy Enterprise's effectiveness at spyware control.
Register
