Tip

Tools for combating spyware in the enterprise

You've probably seen the buzz in both the trade and consumer press about the threat spyware applications pose to user privacy. Have you considered how these threats might impact your enterprise and what you're going to do about it?

Quite simply, spyware consists of applications that contain chunks of code that (in addition to legitimate functions) monitor user activity. These applications, remarkably similar to Trojan horses, can perform many types of monitoring and reporting, ranging from merely monitoring use of the target application to full-scale invasions of privacy such as Web logging and keystroke monitoring. Some of these applications openly advise users that they're performing this monitoring, while others do so in a surreptitious fashion.

The implications to individual user privacy are clear – you certainly wouldn't want your credit card number or other sensitive information logged by a spyware application and reported back to spyware central. Enterprise users face similar risks – confidential corporate information can easily be detected by these systems. Enterprise users also face the detrimental impact that a large number of clients sending spyware reports over the Internet could have on bandwidth utilization.


MORE INFORMATION ON SPYWARE:
  • Malware guru Ed Skoudis offers

    Requires Free Membership to View


So what's an enterprise security administrator to do? Chances are that you already have (or are entitled to have) some level of spyware protection based upon your current antivirus license agreement. If you're using Symantec's AntiVirus Corporate Edition, the new Expanded Threat Detection and Threat Categorization feature allows you to detect (but not eliminate) spyware on your network. McAfee's VirusScan Enterprise edition has similar functionality.

You also may have come across more versatile applications like LavaSoft's Ad-Aware, Webroot's Spy Sweeper and McAfee's AntiSpyware that can both detect and eliminate spyware applications. However, until recently, the major drawback to these applications was their inability to scale to the enterprise. Most are $30 desktop systems that are capable of monitoring and protecting individual workstations but don't allow for integration into an enterprise-wide solution.

Two newer applications take a more comprehensive approach to spyware. ZoneLabs' Integrity Enterprise Endpoint Security is capable of not only detecting spyware but also blocking spyware traffic from leaving the client system. PestPatrol, the makers of a popular desktop anti-spyware solution, recently released PestPatrol Corporate Edition, a scalable enterprise solution that can detect and eradicate spyware across a large enterprise.

Now that the major players in the security software field are starting to catch up with the spyware threat, it's time to look at your enterprise's vulnerability and research appropriate solutions to protect your data and bandwidth.

About the author
Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a Miami-based marketing consultancy. He previously worked as an information security researcher for the U.S. National Security Agency. His publishing credits include the TICSA Training Guide from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep Guide from John Wiley. He's also the About.com Guide to Databases.


This was first published in July 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.