We collected a suite of 100 malware samples, including adware, trojans and rootkits, which we moved to an isolated, quarantined network.

The quarantined network consisted of three subnets. Subnet 1 had 25 client machines with a variety of operating systems, including Windows NT, 98, 2000, 2003, ME, XP, Vista, Red Hat Linux and Macintosh OS X. The FCS agent ran on all but Windows NT, 98, ME and of course Linux and Mac OS X. The FCS console ran on a Vista-based Dell Latitude notebook.

Subnet 2 contained three Web servers (Microsoft IIS, Netscape Enterprise Server and Apache), three e-mail servers (Exchange, Notes and Sendmail), two file servers (Windows 2003 Advanced Server and NetWare) and two database servers (Oracle 8i and Microsoft SQL Server).

Finally, Subnet 3 had Web servers that contained the malware instances and which sported “bad guy” IP addresses and URLs. Systems on the first two subnets accessed the third subnet as if it were the real Internet.

Client and server machines started off in a pristine state for each test. Our clients and servers attempted to download malware from the simulated "Internet." We noted how well FCS identified malware, removed the malware and, before its removal, blocked attempts by the malware to send data back to the source. We gauged success or failure by examining each machine for malware after each test.

We looked for running malware processes, new program files (EXE, DLL or OCX, possibly marked with the “Hidden” attribute) new directories and Registry and Start Menu changes. We focused a good deal of our evaluation on Management Console’s ease of administration and its reports. We tested Security Agents for reliable no-crash behavior and ease of deployment.