As the first antispyware bill is being considered by the House and Utah became the first state to pass a spyware...
law (though it's since hit legal roadblocks), it's obvious the antispyware movement is gaining momentum.
The Utah legislation requires spyware makers to disclose to potential users what information it collects and how it's used. Yet experts say foreign companies, and users who don't read licensing agreements, can thwart the best of intentions.
New enterprise antispyware tools should further help security managers eradicate this malware. While antispyware tools already exist, including the well-regarded and free Spybot Search & Destroy, new products -- such as Carlisle, Penn.-based PestPatrol's Corporate Edition and Boulder, Colo.-based Webroot's Spy Sweeper Enterprise -- add features, such as centralized management tools.
PestPatrol's Corporate Edition, for example, "is totally managed by the administrator, so it doesn't create more work [for users] -- just cleans the network," said Roger Thompson, PestPatrol's vice president of product development. Now one administrator can deploy and manage all antispyware, and remotely quarantine discovered malware or allow exceptions.
Consumer antispyware software has been available since 2002, so what delayed its enterprise cousin? Analysts cite lack of demand and difficulty defining spyware -- broadly defined malicious code designed to steal information.
Demand aside, organizations are at risk. With persistent browser vulnerabilities leading to drive-by downloads -- software downloaded and run automatically without the user's permission -- and spyware's stealth, "the level of control over enterprise desktops is tentative, mostly because of scale," noted Boston-based Yankee Group analyst Phebe Waterfield in a recent research brief. Many "free" game, music and peer-to-peer applications are spyware conduits, and employees contribute to spyware proliferation by renaming such prohibited software to evade security managers' scanning tools.
Anecdotal evidence shows more help desk calls are spyware-related, so controlling it could save money. On the other hand, some companies may be purposefully waiting. "The argument ... for wait and see is that the antivirus vendors are really starting to build this in," said analyst Jan Sundgren of Forrester Research in Cambridge, Mass. Antivirus companies will soon make "a land grab, so they can establish market share."
Symantec announced it will add enterprise antispyware tools to its antivirus suites this year. Symantec, Trend Micro, McAfee and Sophos can also identify some types of spyware.
Whether or not companies buy specialized tools, Sundgren said they should deal proactively with the problem. That includes "patching their computers and running personal firewalls -- especially on remote and mobile computers," as well as educating users and locking down browsers against drive-by downloads.
Yankee's Waterfield recommends companies adjust security policies to prohibit use of P2P applications, block pop-up advertisements and scan the network for P2P protocols using tools from such vendors as Q1 Labs, Mazu Networks or Apreo, which also offers a free audit.
Since mobile computers can introduce unsafe, spyware-prone software into the enterprise, Waterfield noted that software from remote service providers, including GoRemote (formerly GRIC), Fiberlink and iPass, can verify remote computers' compliance with security policies -- and up-to-date antivirus patterns -- before allowing any network connections.