Zero-latency approach gives FaceTime edge

Ridding a desktop or server of malware is like trying to kill kudzu, an out-of-control vine in the South that can grow 12 inches a day. Rootkit-based spyware is especially tenacious. Using Task Manager doesn't help, because the spyware process inserts Registry entries that cause the spyware to restart automatically. Using the Registry Edit tool to remove autorestart insertions doesn't work, because the instance quickly reinserts the autorestart Registry entries before you can use Task Manager to end the process.

Using Task Manager doesn't help, because the spyware process inserts Registry entries that cause the spyware to restart automatically. Using the Registry Edit tool to remove autorestart insertions doesn't work, because the instance quickly reinserts the autorestart Registry entries before you can use Task Manager to end the process.

An Internet gateway that prevents malware from reaching clients and servers is a much better approach than installing antispyware tools on each device. To find the best gateway-based system (either software or appliance), we invited several vendors to our lab for testing.

We received FaceTime Enterprise Edition (RTG 500 device, IM Auditor software and Greynet Enterprise Manager), eSoft's ThreatWall 200 appliance and Gateway Anti-Spyware SoftPak, Barracuda Networks' Barracuda Web Filter 310, Aladdin Knowledge Systems' eSafe Gateway/Web/Mail V5.2 appliance and Web Security Pack, Trend Micro's InterScan Web Security Appliance 2500 and CP Secure's Content Security Gateway 1500 V2.0 with WebSense's Web Security Suite V6.2 (combination offering).

FaceTime Enterprise Edition

We also downloaded Secure Computing's WebWasher Anti-Virus 5.3 and Secure Anti-Malware product. Three vendors (Sophos, Bluecoat and IronPort) were developing new product versions during our test cycle, and McAfee said it is retooling its antimalware appliances.

All products tested fared well, with FaceTime Enterprise Edition edging out a strong field (three products tied for second with 4.1 scores). FaceTime earns a Clear Choice Award for its zero latency and easy-to-use central console for managing multiple appliances. The table below summarizes the success rates and performance results for each product (see How we did it, page 54). See related story on new approaches to malware.

State of the antimalware market

For all the tested products, documentation was comprehensive and clear. Installing each product essentially involved connecting it to our network and assigning an IP address.

All the products worked well in our tests. Because of its excellent accuracy rate and zero latency through the clever use of the TCP Reset command, as well as the central console which improves scalability, FaceTime edged out the formidable competition.

Using one of these gateways can prevent kudzulike malware from infesting your network. The success rates and quick performance of these appliances led us to conclude that 2006 is the year the antimalware vendors have finally drawn even with the bad guys.

Nance runs Network Testing Labs and is the author of Introduction to Networking, 4th edition, and Client/Server LAN Programming. He can be reached at barryn@erols.com.

NW Lab Alliance

Nance is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry, each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to www.networkworld.com/alliance.


Next: New approaches on attacking malware >

Learn more about this topic

Antispyware buyer's guide

Samsung site hijacked as malware host

09/08/06

Trojan malware takes a bite out of BlackBerry

08/08/06

Security vendor detects aggressive mobile worm variant

08/04/06

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Now read: Getting grounded in IoT