by Eric Brooks

Created on: May 06, 2009   Last Updated: July 08, 2009

Securing a network against malware and spyware is arguably one of the most important and challenging tasks for a system administrator. Fortunately there is a number of third-party products specifically designed to handle this task, but the challenge then lies in selecting the appropriate product for the specific needs of the network and then implementing that solution. Given the prevalence of antivirus and anti-spyware packages on the market, an analysis of their features, strengths, and weaknesses can help to simply the decision. This article will offer such an analysis of Symantec Endpoint Protection, CA Threat Manager, and McAfee Total Protection.

SYMANTEC ENDPOINT PROTECTION

The current 11.0 version of Endpoint Protection provides traditional antivirus protection as well as access control and zero-day virus protection managed through a single administrative interface. Key features of this product include:

Single Agent, Single Console Symantec has created a single client agent that is used for a number of their products. These agents then interact with a single administrative console that provides a unified interface for reporting, license management, and software updates. By providing this single interface, Symantec hopes to reduce the amount of administrative overhead necessary to manage Endpoint Protection as well as any other Symantec products.

Proactive Threat Scanning the TruScan utility analyzes newly installed applications and rates them based on good and bad behaviors. This rating is then used to assess the application as either malware or a desired piece of software. An improvement over older heuristic processes, TruScan provides protection against zero-day threats before specific virus definitions are released and also reduces the number of false positives raised for desired software.

Rootkit Detection and Removal by employing the Veritas Mapping Service (VxMS) Endpoint Protection is able to access the system at a layer below the operating system. Doing so allows the software to detect and remove rootkits, even when they have deeply embedded themselves in the OS. Previously, such threats could only be removed by re-imaging the system, creating higher administrative overhead and system downtown.

Application Control going beyond simple malware detection and removal, Endpoint Protection can be used to restrict user activities. This can be used to control access to processes, files, and folders by both

• 1
• 2
• 3
• 4
• 5
• Next Page >>