Letter #1: Fighting spyware in the outback
Reader: David Alford
Local Government Association of the Northern Territory
Environment: At headquarters, we support 10 servers and approximately 30 PCs, most of which run Windows XP SP2 with a couple running Windows 2000 Professional. For clients, we support 3,400 PC's on Windows 98 and higher, a few Macintosh and Linux boxes, and a few servers.
Spyware dilemma: We look after about 60 remote sites in the Australian bush. When I say remote, some of them are cut off by floods for up to three months at a time. Others are 300 miles from the nearest town. As you can imagine, we only get out to some of them once or twice a year, so it's difficult to ensure that each client is doing the necessary housework and keeping antispyware definitions up to date. We've managed to educate them on keeping virus definitions updated, but they often look puzzled when we try to explain antispyware. To them we're talking about viruses, and they've already got protection against that, haven't they?
Antispyware solution: Ad-Aware SE Personal (free), Spybot-Search and Destroy (free), XoftSpy (purchased), Microsoft AntiSpyware (beta), Computer Associates' eTrust PestPatrol (purchased)
To determine the best mix of product for our clients, I am currently running five different antispyware products. We are looking for a corporate "one-stop" solution but nothing seems to fit the bill. I repeatedly find that two or three programs will indicate that a PC is clean, but another will find something else wrong. Having said that, some (such as PestPatrol) are a lot more thorough than others, and they all seem to be looking for slightly different bugs.
I think eventually you will be able to confidently deploy a single antispyware product, but it won't happen until the antispyware companies gain the same "maturity" shown by the big antivirus companies. I think antispyware protection is a more difficult task than virus protection.
David's quick tip for cleaning an infected spyware machine: One trick that we're finding absolutely vital in cleaning an infected machine is to temporarily disable system restore. If you don't, the "nasties" often get restored as soon as they're removed. It's most frustrating!
For more letters to the editor, click for the complete series.