Spyware -- a longstanding issue with privacy advocates and legislators -- is drawing increasing attention from
security personnel who must contend with the security and productivity problems it poses.
Spyware is an umbrella term for two primary applications: annoying but legitimate adware programs, and clearly malicious tools like keystroke loggers, backdoors and sophisticated Trojans. The common characteristic among these programs is that they give third parties unauthorized access to a company's PCs and, by extension, its network.
As with all security issues, fighting spyware needs to be a classic combination of technology, policy, process and people. Enterprise-caliber products are new to the market, and corporations are just now paying serious attention to the problem.
Consider the available options:
Policy and education
Organizations that promote a strong security culture, with clear acceptable use policies, an aggressive user education program and, when needed, appropriate disciplinary action for noncompliance, are in better shape than most. Acceptable use policies should prohibit browsing Web sites that aren't work-related, installing unauthorized applications and, of course, opening suspicious or unsolicited e-mail attachments.
These restrictions are critical. Spyware frequently doesn't ask permission, not even deep within EULAs or in misleading pop-up downloads. "Drive-by downloads" install merely by visiting a Web site, installing an application or viewing an HTML e-mail message.
The problem is complicated by the growing number of remote users with high-speed Internet connections, wireless capability and easy remote LAN/WAN access. They use company equipment or home computers, which may not have reasonable security precautions in place, such as AV and personal firewalls.
In addition to user policies, security policies should include regular reviews of firewall policies to block unauthorized outbound traffic. Users' browser settings should be configured to restrict access to suspect sites and limit or prohibit ActiveX controls.
If you think your enterprise AV product is protecting your desktops against spyware, think again. In an Information Security lab test, traditional AV products did a dismal job detecting spyware and popular backdoor tools. Several vendors were reluctant to even touch adware because user consent raises liability issues over treating it as malware.
This isn't the case with antispyware vendors, whose products target everything from tracking cookies to keystroke loggers. There are a number of desktop products whose colorful names leave no doubt to their purpose: Spyware Eliminator by Aluria; AntiSpy by OmiQuad; SpySubtract by Intermute; SpyRemover by Infoworks Technology Company; SpyHunter by Enigma Software Group; and BPS Spyware Remover by Bullet Proof Soft. Patrick Kolla's Spybot-Search & Destroy is a popular freeware tool.
But, even these specialized products have only partial success. Some spyware is notoriously difficult to remove. For example, they'll install multiple copies or even reinstall deleted files. Your best strategy is to install multiple security products to create a layered defense.
These solutions are designed for home users or individual corporate desktops. And, like early desktop AV, they lack the enterprise management tools that companies require.
Some companies are filling this gap. PestPatrol Corporate Edition and Webroot's Spy Sweeper Enterprise each feature a management console that controls installation, deployment and administration. Ad-Aware Pro also includes central management features.
McAfee and Symantec, the 800-pound gorillas in the AV market, are giving spyware serious attention. McAfee has released a stand-alone desktop product, McAfee Antispyware, and Symantec is incorporating antispyware technology into its newest release of Norton Internet Security.
In addition, the proliferation of Web-based attacks and remote users has spawned a growing market of endpoint products that check security compliance before letting remote and/or LAN-based computers on the network.
With all that can be done about spyware, it's disheartening to point out that it's yet another security issue that needs attention. Enterprises should add spyware to the list of security threats to be addressed by their endpoint security products.
This tip was excerpted from an article in our sister publication, Information Security. Read the full article here.
About the author
David Geer (David@GeerCom.com) is a freelance technology writer based in Ohio.