Product Reviews

Data security is a key issue with today's PCs, especially with the growing popularity of always-on Internet connections. However, as well as protecting against malicious attacks from Web-based assailants, protecting the data on your physical hardware from unauthorised access is also crucial, particularly in the case of mobile devices such as notebooks. The Spy Killer Suite from Calyx is an access-control solution that aims to prevent misuse and misappropriation of data, through a combination of hardware and software.

Although access control is the primary function of Spy Killer, it goes much further than this, with facilities to limit who can do what - and when - on a PC or notebook running a Windows OS. It also majors on support for biometrics and hardware-based security tokens, providing a high level of protection in a format that's easier to understand and use than some products we've come across in the past.

Spy Killer supports a wide variety of security devices, including smart cards, USB keys and fingerprint scanners, which can be integrated into keyboards or mice to save space. It can also store and use electronic credentials - for example, user names, passwords and encryption keys - on smart cards and hardware tokens designed to plug into a USB port. Tokens from Rainbow and Aladdin can both be used, and for the purposes of this review we used a pair of Aladdin eTokens, provided by UK distributor Open Seas UK.

The actual level of access control that can be achieved using Spy Killer depends greatly on the modules purchased, with five options available in the current release. The simplest of these is SKpc, which prevents local access to a desktop or server without a valid key, smart card or fingerprint scan. In addition to this, a PIN number - stored in the key or smart card - is also required, with the hard disk rendered unreadable/unbootable

ADVERTISEMENT

and access to the floppy drive denied if the correct credentials aren't given.

Other SKpc options included the ability to limit the amount of time a user can be logged on, with time credits that can be stored in the hardware key. A special screensaver then protects the system when unattended, while access to specific Windows features, such as the Control Panel and Run commands, can also be made dependent on the access rights of the user involved.

Add the SKlogon module, and multiple logon details and more complex passwords can be stored on the USB key or smart card. Users can then log onto multiple Windows NT or 2000 server systems simply by presenting their card or token when requested. Following this, access to specific applications such as SAP or Notes can be restricted using the SKappliance module and Internet use restricted using SKweb. Access to particular sites and protocols can also be blocked and time constraints placed on surfing activities.

Finally, the SKprotect module uses encryption to protect data held in specific folders - particularly useful if you hold sensitive data on your PC or notebook. A variety of encryption algorithms can be employed, including 3DES, with keys of up to 160 bits stored on the USB tokens or smart cards.

Configuration of all five modules is achieved using an application called Profiles Manager. This allows security profiles to be applied to individuals and groups, with a similar optional module for central management on a LAN. The interface is much the same in both cases and fairly straightforward. However, the documentation provided is actually a translation from the original French language document and isn't always clear. We also found the Windows interface slightly awkward in places. There was no facility, for instance, to resize the main management window.

Some experimentation is also required to get to grips with the package - there's a lot of functionality on offer, the purpose of which isn't always obvious. Consideration must also be given to integration with other security measures; for example, there's no specific support for public key encryption and digital certificates. However, Spy Killer can be used alongside PKI authentication systems.

The implementation of biometrics and token technologies is neatly done and, despite a few rough edges, Spy Killer Suite 5.2 succeeds in its aim of providing affordable and easy-to-use access control.