June 21st, 2005, 06:06 PM
Preventing Malware: behavior detecting products vs system freeze
I would like some help in evaluating two different types of host based malware prevention products.
My company has close to 300 users and we are looking at preventative software to put onto the host machines.
The two types of software we are looking at are DeepFreeze and Cisco Security Agent.
DeepFreeze will lock the machine down so that on reboot the machine will return to its original state. This is great for keeping multiple machines in a consistent state and users who basically destroy their machine with spyware which I have had the pleasure of spending several hours removing manually. My problem with this type of product is that if a day-zero malware hits the systems will still be infected and will propagate the bad code until all of the machines are rebooted. Also there will be a lot of administration involved in deploying the software for the type of configuration we want. We will have to set up a separate unfrozen partition for user information such as documents, desktop, ost files, virus signatures and the like. For this we will need to bring every machine back in and rebuild it and to install any new printers or software remotely we will have to unfreeze, reboot, install, refreeze, and reboot again.
Cisco Security Agent seems to be a better product to deploy and manage with better preventative results against attacks and spyware. From what I understand the security agent acts on malware while it is installing itself and carefully watches the system for code that tries to access vital system components. It will also prevent any already installed malware programs from executing and propagating through the network. We would not have to bring in every machine to reinstall and reconfigure it to deploy the Cisco Security Agent. Lastly I think that we could install this on our servers also where as I donít think that it would be a good idea to freeze them.
I have only been able to evaluate the DeepFreeze Enterprise edition so far so I may be biased in my opinion. If I am totally off on any of this let me know.
Please any positive or negative feed back form people with experience on these products would be appreciated.