Key spyware call: Where to protect?

With spyware threatening corporate networks, whether it be adware hogging bandwidth or malicious code logging personal data, network executives are being forced to define their defensive strategies.

Lots of tools and software have hit the market recently, and network executives are left to decide which weapon works best - typically less-expensive gateway-based filters or more-expensive but possibly more-effective desktop software or, even more costly, a combination of the two.

Also: McAfee, Tech Assist top anti-spyware test

The Network World Clear Choice Test of enterprise spyware suggests the gateway approach might be the best starting point for IT managers wanting to shore up defense quickly.

A gateway can filter out spyware at least as well as desktop software, based on the test of 18 products. Tester Barry Nance found gateways easier to administer than desktop machines. Plus, "users can't fool with it," as they might with their desktop software, Nance says.

Analysts weighing the pros and cons of the basic strategies also point out that the cost to install a gateway in many instances is going to be low in comparison with installing anti-spyware software on the desktop.

"The gateway alternative works reasonably well to reduce the impact of spyware, is less expensive to operate and maintain than desktop mitigation, consumes fewer overall resources and is readily controlled," says a security report titled "Enterprise Strategies for Defending Against Spyware" from Burton Group.

But Burton Group's stance toward anti-spyware gateways comes with several provisos. One is that organizations might want to deploy anti-spyware software on desktops if they have a substantial number of mobile desktops that can become infected. Burton Group urges IT managers buying for desktops to make sure anti-spyware products integrate with other technologies, such as network admission controls and anti-virus defense.

Using both gateway and desktop software anti-spyware will increase protection but clearly adds costs that could be hard to justify under a tight budget, a Burton Group report notes. "The added cost and inconvenience of running redundant systems may not be justifiable for the low-risk systems associated with spyware," the report says.

In all, Burton Group says any organization that considers its network environment "low-risk" may want to forgo buying anti-spyware protection at all. That's because the anti-spyware market is still young. Industry consolidation is expected to occur quickly.

There are an estimated 35,000 species of spyware, with more spawned every day. But security vendors don't have the same name or classification systems. At Symantec, whose traditional strength has been anti-virus, the Trojans, bots and worms are classified as "malicious code." But "spyware" is simply "any program you probably don't want on your machine," whether it be dialers or adware, says Symantec's director of security response, David Cole.

He notes this definition is different from that accepted by the "pure play" anti-spyware product vendors without the anti-virus background, which classify bots, Trojans and keyloggers as spyware.