Identity Theft is the fastest growing crime in the US according to the FBI
 

Spyware – Understanding and Addressing The Risks – Part Two

Written by OSAblog on Friday, June 19th, 2009

Mitigating the Risk

The main technologies available to mitigate against the risks associated with “Spyware” within the enterprise environment are discussed below.

Mitigation techniques are two-tiered or two-part – at the gateway and at the desktop level.

Desktop Protection

At the desktop or client there are notably three technologies available to mitigate against the risks posed by “Spyware”. These are personal firewalls, dedicated anti-spyware programs, and traditional desktop anti-virus (AV) tools.

AV

In some respects forms of “Spyware” strongly resemble viruses. They are uniquely identifiable, can be detected by scanning the client machine and are sometimes packaged as a set of files that can be removed to clean up the infected system. However many forms of “Spyware” do not reside on disk as persistent files – such as hostile ActiveX and Java applets. The motives, delivery mechanisms and often the removal of “Spyware” is different however from the protocols followed for viruses and worms.

 

“Spyware” is also different in that there is no one definition agreed on what constitutes “Spyware”. Some programs that might be classed as “Spyware” – such as Microsoft’s Windows Update Notifications – are useful, disclose their tracking capabilities, do not disrupt desktop operation impacting user productivity, and are distributed by responsible companies. “Spyware” therefore needs to be classified and identified by the actions it performs and the level of risk – complicating detection and removal, as the users must be given a choice over what is permitted.

AV vendors – notably Trend Micro, McAfee and Symantec – already have software that is very good at scanning files before they execute. The software also has mature enterprise management suites and the vendors have support teams in place to handle enterprise customers’ needs. However the AV vendors have been slow at adding anti-spyware capabilities to their products. The AV vendors however will catch up  – Trend Micro acquired private start-up InterMute in May of this year, the first acquisition the company has ever made. In 2004 CA acquired PestPatrol and added PestPatrol to the eTrust suite.

Independent reviews and tests show repeatedly that AV tools are not as good at catching “Spyware” as dedicated anti-spyware programs. Whilst AV tools may detect 99% of viruses this number falls considerably to perhaps 70% – when considering “Spyware” programs.

Using the next releases of desktop AV tools to protect desktops against “Spyware” is extremely attractive to enterprises. There is no need to deploy yet another software agent on every machine within the desktop population, there is no need to monitor yet another ‘console’. AV already incorporates the management features that enterprises require – such as ‘headless operation’ and centralised reporting. Enterprises achieve greater consistency with standardisation on a smaller number of vendors, leading ultimately to cost efficiencies.

Dedicated Anti-Spyware Programs

There is an ever-increasing list of dedicated anti-spyware programs available from vendors including Webroot (who have just secured $108million in venture capital funding), LavaSoft and PC Tools. Ad-Aware from LavaSoft is the most popular product with some 128 million downloads to date. Other notable products include SpyBot Search and Destroy, CounterSpy and Spyware Eliminator. Microsoft has also entered the market with Windows Antispyware – available as a beta for download from their web site – following their acquisition of Giant Company Software.

Whilst dedicated anti-spyware programs are more effective today at detecting and removing Spyware than AV products this will change over the forthcoming quarters. Most of the dedicated anti-spyware offerings are available as free downloads aimed at consumers / individual users and not at large enterprises. Site licensing is rarely available for example. Some of the emerging vendors, including FBA Software and Tenebril, have enterprise offerings on their roadmaps. However these companies are small, lack corporate / financial stability in some cases, and typically do not have the support teams and infrastructure in place to handle large enterprise customers.

Orthus are of the view that many standalone dedicated anti-spyware programs will cease to exist in the relatively near future and the dedicated anti-spyware market will not be significant in years to come as established vendors offer integrated AV/anti-spyware/personal firewall products.

Personal Firewalls

Just as AV tools now include some “Spyware” protection so many of the personal firewalls available offer a level of protection as well. These include McAfee, Check Point (following the acquisition of Zone Labs in early 2004 and the subsequent release of the Integrity product) and Internet Security Systems (ISS) with the release of Proventia Desktop in March 2005. Sygate is following a similar path to Check Point and ISS.

Personal firewalls are recommended for particularly mobile clients that are regularly taken outside of the corporate perimeter and used to access corporate systems from DSL connections in the home and public WLAN hotspots, where typically direct Internet access is also allowed. They are also recommended for fixed desktop and mobile clients in smaller locations where there is little or no gateway level protection in place and where again direct Internet access is available from those locations.

Gateway Protection

Desktop protection is only half of the story when it comes to “Spyware” protection. Gateway level protection is also available.

Blue Coat offer a range of proxy appliances that, in conjunction with popular URL filtering solutions, offer a strong defence against “Spyware”. “Spyware” often secretly installs via “drive-by” installers, which install “Spyware” in the background without any user interaction. Blue Coat combats this with anti-spyware policy controls that inspect, filter and block web content associated with “Spyware” installation software. This preventive approach is critical when “Spyware” originates from an unknown web site – not yet categorised within URL filtering solutions – and when there is no known signature available to detect the malicious program.

Gateway protection incorporating a strong URL filtering solution is particularly good in preventing programs on infected systems from sending information back to “Spyware” sites, mitigating against the productivity impact of Adware but also the more serious privacy and data leakage concerns associated with more malicious code. URL filtering solutions also offer some protection from infection in the first place by preventing users from visiting known infected sites.

Gateway solutions typically incorporate logging and reporting features that can be used to identify infected systems thus facilitating a targeted “Spyware” clean-up periodically. This capability is also useful to target mobile clients (notebook PCs) that are not protected with Personal Firewalls that become infected whilst outside the corporate perimeter.

Recommendations

In light of the above Orthus suggest that enterprises take the following approach to mitigating the risks posed by “Spyware” today :

  • deploy gateway “Spyware” protection to prevent back-channel communication by infected systems augemented with a leading URL filtering solution.
  • use granular reporting capabilities from gateway solutions to identify infected systems and choose a dedicated anti-spyware tool to clean-up infected systems on a case-by-case / ad hoc basis.
  • do not deploy dedicated anti-spyware programs across the desktop population – instead wait for AV vendors to add strong anti-spyware capabilities in future releases.
  • force remote office branch office based systems to access the Internet via the corporate gateway (where gateway anti-spyware protection exists).
  • for remote and mobile clients, in addition to AV, install a recognised personal firewall to increase protection.

educate staff making them aware of the risks of “Spyware”, how systems are typically infected and how to close pop

Sean Bennett is Commercial Director at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats, addressing issues including data leakage, sabotage and fraud; External Threats (http://www.orthus.com/dr_overview.htm) including wireless security, penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).

Article Source:http://www.articlesbase.com/security-articles/spyware-understanding-and-addressing-the-risks-part-two-981993.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • Don't Trust VirusBye to Protect Your Security VirusBye is a rogue security program that presents itself as a reliable security tool to the user.  As with most other malicious software applications, this one displays exaggerated security threat alerts in order to frighten the user into purchasing the product to solve their problem, which usually does not even......
  • Why Antivirus Programs Are Most Important in Computers Your computer and laptop has to clash with malware every day. This brings your abundant collection ransomed on your method's firm travel beneath danger. Malware agnate virus and spyware are avenging programs that can spoliation functionality of your organisation accomplished a tracheophyte of adverse anatomy including sending virus accomplished telecommunicate......
  • Spyware Programs Protection Spywares are software that are kept hidden, deployed secretly and executed transparently in your system. These spywares collect data from your computer, and send it to a remote database using your own Internet connection. Spyware creators are constantly changing their applications to avoid detection. Spyware can also gather information about......
  • Protect Your PC From The Conficker Virus In the history of the use of the Internet, users all over the globe have faced tremendous attacks that has wrecked their businesses and rendered them financially bankrupt. To forestall the reoccurence of such experiences and aid internet users and computer users alike to accomplish their purpose for using......
  • How Can LANdesk Increase Efficiency What is unique about LANdesk software is that it remotely performs tasks such as automatically rebooting computers, transferring files and executing programs. It also allows a computer operator to perform functions such as screen drawings as well as block out remote keyboards. Another positive benefit of LANdesk software is its......
Blog Traffic Exchange Related Websites
  • Microsoft to deliver free anti-malware to Windows users News from Microsoft - the company is to offer no-cost anti-malware to Windows users and phase-out sales of Windows Live OneCare subscription. Code-named “Morro,” the product, which is scheduled for release during the second half of 2009, will offer protection against viruses, spyware, rootkits and Trojans. From the press release: As......
  • Is Your PC Freezing Or Crashing? Learn How to Fix it Today For FREE! One of the most irritating things that can happen to you while you're trying to rush a project for school or work is your PC Freezing or crashing. PC Freezing can be caused by a confluence of related or unrelated software and hardware glitches in your system. Spotting the main......
  • spyware-blasterBest Free Spyware protection for your browser Spyware is everywhere on the internet. Trying to control your machine in some way, or tracking data about you - these pests can be stopped. One way to stop most threats is by using Spyware Blaster, which prevents the installation of spyware and other potentially unwanted software! Latest protection updates......
  • line9 Steps for Establishing Credit Credit is the catch all term for the act of lending money. It can take the form of a credit card, in which the lender buys the things you want and you pay them back. Loans are where you have the money given to you with the promise to pay......
  • Position Free Recommendations Web & Search Engine Marketing - Security Best Practices, Not Firewalls - Reverse Engineering A Brand With Google - Successful SEO Optimization Strategies - SEO and Dynamic Web Pages - Google’s Page Rank Formula - Choosing a Web Hosting Company - Choosing an SEO Consultant The Adsense Position Security Best......
 

Leave a Comment

CommentLuv Enabled

« Removing Malware Catcher 2009 | Home | Spyware – Understanding and Addressing The Risk – Part One »