You've probably seen the buzz in both the trade and consumer press about the threat spyware applications pose to user privacy. Have you considered how these threats might impact your enterprise and what you're going to do about it?
Quite simply, spyware consists of applications that contain chunks of code that (in addition to legitimate functions) monitor user activity. These applications, remarkably similar to Trojan horses, can perform many types of monitoring and reporting, ranging from merely monitoring use of the target application to full-scale invasions of privacy such as Web logging and keystroke monitoring. Some of these applications openly advise users that they're performing this monitoring, while others do so in a surreptitious fashion.
The implications to individual user privacy are clear – you certainly wouldn't want your credit card number or other sensitive information logged by a spyware application and reported back to spyware central. Enterprise users face similar risks – confidential corporate information can easily be detected by these systems. Enterprise users also face the detrimental impact that a large number of clients sending spyware reports over the Internet could have on bandwidth utilization.
MORE INFORMATION ON SPYWARE:
- Malware guru Ed Skoudis offers
- more suggestions for fighting browser-based spyware in this tip.
- SearchSecurity Expert Ed Yakabovicz comments on the possibility of network slow down caused by spyware.
- Learn how some companies are using spyware to monitor employees' behavior.
So what's an enterprise security administrator to do? Chances are that you already have (or are entitled to have) some level of spyware protection based upon your current antivirus license agreement. If you're using Symantec's AntiVirus Corporate Edition, the new Expanded Threat Detection and Threat Categorization feature allows you to detect (but not eliminate) spyware on your network. McAfee's VirusScan Enterprise edition has similar functionality.
You also may have come across more versatile applications like LavaSoft's Ad-Aware, Webroot's Spy Sweeper and McAfee's AntiSpyware that can both detect and eliminate spyware applications. However, until recently, the major drawback to these applications was their inability to scale to the enterprise. Most are $30 desktop systems that are capable of monitoring and protecting individual workstations but don't allow for integration into an enterprise-wide solution.
Two newer applications take a more comprehensive approach to spyware. ZoneLabs' Integrity Enterprise Endpoint Security is capable of not only detecting spyware but also blocking spyware traffic from leaving the client system. PestPatrol, the makers of a popular desktop anti-spyware solution, recently released PestPatrol Corporate Edition, a scalable enterprise solution that can detect and eradicate spyware across a large enterprise.
Now that the major players in the security software field are starting to catch up with the spyware threat, it's time to look at your enterprise's vulnerability and research appropriate solutions to protect your data and bandwidth.
About the author
Mike Chapple, CISSP, currently serves as Chief Information Officer of the Brand Institute, a Miami-based marketing consultancy. He previously worked as an information security researcher for the U.S. National Security Agency. His publishing credits include the TICSA Training Guide from Que Publishing, the CISSP Study Guide from Sybex and the upcoming SANS GSEC Prep Guide from John Wiley. He's also the About.com Guide to Databases.
This was first published in July 2004