Introduction

         I chose Spytech SecurityWorks 2003 for several reasons. First, it is advertised as a suite of security programs not all of which are defensive in nature. Second, it is an C|NET editors pick and last but not least, it has been downloaded by 14,056 people since it was added to C|NET download, so it seemed to have something going for it. The software is free to try for 30 days and can be purchased for a one-time [low?] price of $100. After deciding to investigate this software, I quickly downloaded the zip file and installed it onto my desktop PC at home in only a few minutes. Once installed, I was offered a window with icons to each of the six programs, the license and an uninstaller.          
        Spytech SecurityWorks 2003 offers users six different programs in one package. They are (1) Spyagent - a PC surveillance tool; (2) Popupagent - a tool to suppress popup windows; (3) SpamAgent - a tool to filter spam; (4) WebEradicator - allows users to erase evidence of file and website use; (5) Spylock - a desktop security function; and (6) Password Lock - a program to secure passwords in an encrypted list. All of the software programs have nicely looking but not very self explanatory menus to configure and control the software. These tools are aimed at the consumer and small business markets and include measures to protect PC's attached to a network. Since security is the main issue of this investigation, I am only examining three of the tools, Spylock, Spyagent, and Password Lock.

Description and Analysis

SpyLock

        The Spylock configuration window offered four choices, password set, configuration options, scheduling, and logging with the latter two choices used to schedule lockdown times by the hour and review a log of the action during a lockdown. After selecting a password, I had the choice of configuring Spylock to lockout the various system components (including the control panel, DOS, the network and Login), the Internet Explorer (browser controls and toolbars) or various Windows components (start menu, active desktop and taskbar) by hiding or disabling access to them. Once the choices were made and accepted, clicking a button entitled "Lockdown" enabled the security to begin.
        How well did it work? Before I answer that, it must be noted that a warning appears on the setting pages that essentially some of the settings will be activated immediately, however, others will require a computer reboot. Unfortunately, there was no way of knowing which one required a boot except by trail and error. Options such as the control panel and Internet Explorer lockouts seemed to require a reboot before they would operate. Of the things that I did get to work overall, I had mixed results. For example, while I was successful in locking out the taskbar, a function that removes it from the screen, once started, I was no longer able to successfully use the other choices. In most cases but not all, this seems to have been caused by the need to reboot, however, the software gave no indication one way or the other. More importantly, although I could make the windows taskbar disappear and re-appear by clicking the lockdown button, I was not able to disable this function once it started. Therefore every time I initiated the lockdown, the task bar would disappear even though it thought this function had been turned off. In addition, upon booting up my computer now asks me to choose a password even though I never asked for this function. This software, in my opinion, does seem to work however, it is not very straightforward or simple to execute and users are never really sure what is working or not except thorough trail and error.

Password Lock

        The Password Lock program is designed to provide an encrypted file for the various and ever growing numbers of required passwords. While a useful idea, the implementation in this package left a little to be desired. First, the ease of interacting with the interface did not match the ease of the other interfaces in the suite, in fact it was down right clunky. Secondly, Once I saved the passwords into the encrypted file (.pll), I had trouble determining exactly how to open them again. Eventually I learned that the "load" button allowed me to reload all the saved password files. On a positive note, after re-opening the file, the passwords were there as advertised. To further test this software, I clicked on the individual file without first initializing the software and it immediately enabled the password utility. While a good idea for easy access, I thought it might be a bad idea in that it specifically identifies this file as a password container. It seems to me that a better alternative would be to offer a standard prompt for the user to choose a program to open this file with. Because nothing prevented me from coping and pasting this file to a disk, alerting someone that a file is a storage container for passwords would permit them to copy and remove the file to another location to crack it at their leisure, most likely by breaking the password. I feel that, although this software, at a basic level, did provide a secure container for passwords, the overall protection afforded might not measure up to a crafty person with plenty of time on their hands.

Spyagent

        Spyagent is the last program of the suite that I investigated. It is designed to "spy" on the activities taking place on a particular computer. Of all the programs available in this suite, Spyagent worked the most flawlessly. It did everything from create logs of my internet activity, logging which sites I visited and when, who I instant messaged and what we said, it also created and saved screenshots of the sites and logged which files I opened. In other words, this really puts the "spy" in "Spytech!" It also seems to be the reason behind the second statement in the license agreement that states, "you may only install this software on a computer that you own, or on a computer from which you have consent of from the owner to install this software."
        One of the most brilliant things it did was to track my keystrokes in conjunction with the application or web page that they were entered. This included capturing all my passwords from my e-mail to the ones that I typed in for the Spytech utility itself. Therein lies the question, "what part of security does this fall into?" From my point of view this is an invasive program used to invade the security of others and has little to do with security, as I would think about it. I even tried to think of scenarios where this might be utilized for security, but found it difficult to justify. The main reason is that if the goal was to protect a personal computer, it would be simplest to limit access by logging it offline. If it is a public computer, such as library might have, it should not contain any "secure" information, anyhow. I could possibly see it used to catch someone who was abusing the use of a public computer. That said, I strongly feel that this program serves to invade rather than secure a computer.

Conclusion

        The Spytech SecurityWorks 2003 software offers easy installation, programming from menus, and a wide range of utilities. The suite has tools for both security and intrusion all of which can be run in "stealth mode" to prevent potential system users from knowing that the software is active. Although I had success using some of the utilities such as Spyagent, others, such as the Password Lock and a Spylock fell short of expectations. Overall I feel that because of the problems I found with the functionality, the cost outweighs the benefits and I would not recommend purchasing this software. Additionally, the software package seems to primarily geared to those who want to spy on others without their knowledge and less with securing a system from someone looking to steal information. With this in mind, a name change to "Spytech SpyWorks 2003" may be in order.