Letter #7: Managing spyware protection for remote employees
Reader: Perry J.
Remote Access Engineer
San Diego, Calif.
Environment: I support remote access for 45,000 employees' work and home computers. All systems are running Windows XP or 2000 Professional. All other versions of Windows are banned.
Spyware dilemma: We must have both home and work machines protected from spyware in the event that an employee connects into work from home. This philosophy extends to antivirus and other standard applications within our organization. In the event that a machine is completely polluted with spyware, generally speaking our process would be to slick and rebuild. If a home user "declines" to go along with our suggested fixes and udpates, we deny remote access to that user.
Antispyware solution: Webroot's Spy Sweeper and Zone Labs Integrity
Centralized management, reporting, audit and control are all aspects we considered when selecting an end-point security solution. My organization chose Spy Sweeper and purchased 90,000 licenses to cover all of the desktop systems within our company as well as one personal computer system for each employee.
We run a full Zone Labs Integrity solution for our organization. The Integrity client has some privacy settings that help preclude spyware's effectiveness or information exposure.
Some people complained that their systems stopped working when they loaded the suite of products that includes Zone. We discovered that their systems were so polluted with spyware and adware that their machines effectively locked up when Zone blocked the outbound traffic. The Integrity client essentially acted like a spyware detector. The spyware would normally run the CPU up to 100%. Once the spyware was removed, the systems ran normally with Zone installed.
For more letters to the editor, click for the complete series.