Jun 27 2010

PC Protection

Trend Micro antimalware suite reduces risk with pattern file management and web reputation services.

Trend Micro Enterprise
Security for Endpoints ADVANCED

Organizations seeking greater flexibility in the protection of endpoints
should consider the Trend Micro Enterprise Security for Endpoints Advanced
software suite, which secures PCs, Macs, Linux boxes and smartphones by guarding
against malware.

End-User Advantages

Like most manufacturers of anti-malware programs, Trend Micro compares a
file's binary contents with various patterns that are signatures of
malware. But scanning against all of those patterns can slow performance.

Trend Micro has introduced two new features to offload a portion of that
processing from endpoints and move it to the data center. The first, called
File Reputation, pushes some of that intensive scanning back to a server.
My workstation did a quick analysis of a test file, sending key parts back
to a server to determine whether the file was infected.

The second feature, Smart Query Filter, serves as a whitelist by allowing
a workstation to determine whether a file is infected before it even talks
to the server.

I tested the product on Windows XP, Windows 7, Windows 2003 and Windows 2008,
but Trend Micro also works with Mac OS, popular Linux distributions and Novell

Why It Works for IT

Enterprise Security for Endpoints Advanced integrates with Microsoft Windows
Active Directory, allowing administrators to craft policies for different
Organizational Units (which could represent different types of servers or

The endpoint security product also offers web protection. Every time a user
accesses a new website, the software checks the URL against a list of suspect
websites; if it finds a match, the user is prevented from accessing that site.
To test this feature, I disabled the phishing filter in Internet Explorer
and navigated to the Microsoft Contoso phishing test site, which Trend Micro
blocked. I even went so far as to test some of the phishing attack e-mails
in my junk e-mail bin, and it caught every one.

1.5 seconds
Frequency at which unique new malware patterns surface

Source: Trend Micro

The product also comes with role-based administration, which allows IT to
delegate some operations to Tier-1 or help-desk support. System administration
is granular almost to a fault -- just about every element in the graphical
user interface can be controlled.

There's also a plug-in architecture that allows users to add functionality
to the endpoints from a central console. For example, say a new zero-day exploit
has recently come out that is triggered by a website whose URL is more than
1,000 characters in length. You can simply instruct the clients to reject
any URL over 1,000 characters until the pattern file comes out that protects
against that particular exploit, all from the central console.


Enterprise Security for Endpoints Advanced includes a mobile client that
comes with standard malware protection and a firewall, but it doesn't
yet support the Apple iPhone.

Also, the Active Directory policy integration considers only computer objects
in Active Directory, not users. Hence, you can't deploy a policy based
on the user who has logged onto the system, only on the system itself. However,
this issue likely affects only users who are in a shared computer environment.

You may also find that the software does not work properly on Novell Open
Enterprise Server platforms. Trend Micro's support staff has worked
through these issues and can assist you.