Review: Security Blanket For Vista PCs


Microsoft Windows Vista was expected to solve many of the security problems found in the vendor's earlier operating systems. While Microsoft's latest OS does improve security, it is far from truly secure.

Some consider that fact a glaring oversight, but in reality, the lack of integrated antimalware technologies creates opportunity for system builders and integrators to add on other pieces to create full Vista solutions.

Now, more than ever, it is critical to leverage third-party security products to protect the end user from malware. For the neophyte end user, Vista provides a false sense of security with its warning messages and account controls. In fact, Microsoft's latest OS requires additional protection in the form of third-party security applications, such as antivirus, antispam, antispyware and other security tools.

Trend Micro, Cupertino, Calif., aims to solve those security woes with its Client Server Messaging Security for SMB, which is now in version 3.6.

The product, dubbed CSM, combines several security technologies to create a blanket of protection for network-attached Vista PCs. What's more, when deployed on a small-business network, CSM watches over all connected PCs, allowing solution providers to offer protection to their customers' PCs while still transitioning over to Vista.

Starting at $241 per year for five PCs, CSM includes protection against multiple Internet threats. The product also supports all flavors of Windows, including Vista.

CSM 3.6 offers a comprehensive feature set for the solution provider. CRN Test Center engineers found support for pretty much any security threat that can impact Vista or any other Windows-based system. The product offers protection from spam, spyware, viruses, phishing, rootkits, bots, inappropriate content and hackers. It also provides vulnerability assessment services.

The inclusion of spam filtering is an important feature since spam can be a source of viruses and other malware. CSM accurately filters spam, but there is a significant downside: The product only offers comprehensive spam filtering when paired with a Microsoft Exchange server. That leaves users relying on Web mail or other mail server clients without adequate protection.

Solution providers selling CSM will want to make sure that their clients are using Microsoft Exchange to fully take advantage of the product.

As the name implies, CSM is installed as a client/server solution. The management and deployment portion of the product (or the server) is installed on a Windows network server (Windows Server 2000 or 2003), as is the Security DashBoard, a browser-based management console.

On the client side of the equation, two security agents are used. The client security agent installs on network PCs and integrates with the server portion of the product. A second security agent is specifically designed to handle e-mail-borne malware and scans Exchange-based mail boxes.

Engineers found the initial installation of the product straightforward, thanks to the wizard-based installation. There are several steps involved, and although the process is easy, solution providers will want to account for the time installation takes, which varies depending on the complexity of the environment.

Installation on client PCs is even easier; the agents are pushed down to the attached PCs from the Security DashBoard via an automated process. Administrators need to do little more than define groups and then select target PCs for the remote installation of the security client.

In practice, the product operates as advertised, effectively blocking infections and informing end users of potential problems with e-mails, attachments or even infected Web sites.

Beyond detection and notification, the product also can block or remove malware, and an automated update powered by a software/support subscription keeps signatures and other antimalware technologies up to date. That proves to be key to helping customers keep pace with today's rapidly evolving spyware and scams.

Constant updates to the product also provide protection against the so-called zero-day threats that are becoming the scourge of the Internet today.

Next: The Bottom LineThe product operates with little impact on the end user. Engineers found that the client portion of the product had minimal effect on performance, while the server side of the software impacted CPU utilization by only a couple of percentage points.

In other words, the product offers effective protection without burdening servers and PCs with excessive overhead.

Testing also showed that CSM was quick to identify e-mail-borne problems and take the appropriate action, which can be defined by policies. Administrators have numerous choices to enforce how the product interacts in the user environment. E-mail, desktops and Web sites can be scanned for problems, blocked or discarded, or passed through with a notification to the end user.

CSM 3.6's biggest strength comes from how effectively it handles spam when paired with an Exchange server. The product quickly identifies it and can quarantine spam at the mail-server level before it has a chance to infect a user's mailbox.

With many antispam products, false positives (legitimate e-mails that are misidentified as spam) can be a problem. The product's integrated heuristics effectively reduce that problem. Engineers encountered no false positives during testing: Out of the few thousand test messages sent to the system, the product properly identified spam messages and legitimate messages, handling both accordingly.

Out of the box, CSM employs common policies and settings that should meet the needs of the majority of small businesses.

That ease of use may be a boon for the end user but does little for solution providers that want to build long-term revenue around consulting and security services. That low services potential, combined with Trend Micro's direct-sales presence for renewals, led to its two-star channel rating.

But for VARs looking to avoid the hassles of maintaining a security product or to do an "install and forget," CSM may be the right choice.

In short, Trend Micro's CSM 3.6 proves to be an effective product for handling many forms of malware, but solution providers are still advised to take a layered approach to security and combine it with other security products—including firewalls, VPNs, content filtering appliances and intrusion detection/prevention—to effectively close all the doors and windows to intruders and unwanted content.