Identity Theft is the fastest growing crime in the US according to the FBI
 

Spyware – Understanding and Addressing The Risks – Part Two

Written by OSAblog on Friday, June 19th, 2009

Mitigating the Risk

The main technologies available to mitigate against the risks associated with “Spyware” within the enterprise environment are discussed below.

Mitigation techniques are two-tiered or two-part – at the gateway and at the desktop level.

Desktop Protection

At the desktop or client there are notably three technologies available to mitigate against the risks posed by “Spyware”. These are personal firewalls, dedicated anti-spyware programs, and traditional desktop anti-virus (AV) tools.

AV

In some respects forms of “Spyware” strongly resemble viruses. They are uniquely identifiable, can be detected by scanning the client machine and are sometimes packaged as a set of files that can be removed to clean up the infected system. However many forms of “Spyware” do not reside on disk as persistent files – such as hostile ActiveX and Java applets. The motives, delivery mechanisms and often the removal of “Spyware” is different however from the protocols followed for viruses and worms.

 

“Spyware” is also different in that there is no one definition agreed on what constitutes “Spyware”. Some programs that might be classed as “Spyware” – such as Microsoft’s Windows Update Notifications – are useful, disclose their tracking capabilities, do not disrupt desktop operation impacting user productivity, and are distributed by responsible companies. “Spyware” therefore needs to be classified and identified by the actions it performs and the level of risk – complicating detection and removal, as the users must be given a choice over what is permitted.

AV vendors – notably Trend Micro, McAfee and Symantec – already have software that is very good at scanning files before they execute. The software also has mature enterprise management suites and the vendors have support teams in place to handle enterprise customers’ needs. However the AV vendors have been slow at adding anti-spyware capabilities to their products. The AV vendors however will catch up  – Trend Micro acquired private start-up InterMute in May of this year, the first acquisition the company has ever made. In 2004 CA acquired PestPatrol and added PestPatrol to the eTrust suite.

Independent reviews and tests show repeatedly that AV tools are not as good at catching “Spyware” as dedicated anti-spyware programs. Whilst AV tools may detect 99% of viruses this number falls considerably to perhaps 70% – when considering “Spyware” programs.

Using the next releases of desktop AV tools to protect desktops against “Spyware” is extremely attractive to enterprises. There is no need to deploy yet another software agent on every machine within the desktop population, there is no need to monitor yet another ‘console’. AV already incorporates the management features that enterprises require – such as ‘headless operation’ and centralised reporting. Enterprises achieve greater consistency with standardisation on a smaller number of vendors, leading ultimately to cost efficiencies.

Dedicated Anti-Spyware Programs

There is an ever-increasing list of dedicated anti-spyware programs available from vendors including Webroot (who have just secured $108million in venture capital funding), LavaSoft and PC Tools. Ad-Aware from LavaSoft is the most popular product with some 128 million downloads to date. Other notable products include SpyBot Search and Destroy, CounterSpy and Spyware Eliminator. Microsoft has also entered the market with Windows Antispyware – available as a beta for download from their web site – following their acquisition of Giant Company Software.

Whilst dedicated anti-spyware programs are more effective today at detecting and removing Spyware than AV products this will change over the forthcoming quarters. Most of the dedicated anti-spyware offerings are available as free downloads aimed at consumers / individual users and not at large enterprises. Site licensing is rarely available for example. Some of the emerging vendors, including FBA Software and Tenebril, have enterprise offerings on their roadmaps. However these companies are small, lack corporate / financial stability in some cases, and typically do not have the support teams and infrastructure in place to handle large enterprise customers.

Orthus are of the view that many standalone dedicated anti-spyware programs will cease to exist in the relatively near future and the dedicated anti-spyware market will not be significant in years to come as established vendors offer integrated AV/anti-spyware/personal firewall products.

Personal Firewalls

Just as AV tools now include some “Spyware” protection so many of the personal firewalls available offer a level of protection as well. These include McAfee, Check Point (following the acquisition of Zone Labs in early 2004 and the subsequent release of the Integrity product) and Internet Security Systems (ISS) with the release of Proventia Desktop in March 2005. Sygate is following a similar path to Check Point and ISS.

Personal firewalls are recommended for particularly mobile clients that are regularly taken outside of the corporate perimeter and used to access corporate systems from DSL connections in the home and public WLAN hotspots, where typically direct Internet access is also allowed. They are also recommended for fixed desktop and mobile clients in smaller locations where there is little or no gateway level protection in place and where again direct Internet access is available from those locations.

Gateway Protection

Desktop protection is only half of the story when it comes to “Spyware” protection. Gateway level protection is also available.

Blue Coat offer a range of proxy appliances that, in conjunction with popular URL filtering solutions, offer a strong defence against “Spyware”. “Spyware” often secretly installs via “drive-by” installers, which install “Spyware” in the background without any user interaction. Blue Coat combats this with anti-spyware policy controls that inspect, filter and block web content associated with “Spyware” installation software. This preventive approach is critical when “Spyware” originates from an unknown web site – not yet categorised within URL filtering solutions – and when there is no known signature available to detect the malicious program.

Gateway protection incorporating a strong URL filtering solution is particularly good in preventing programs on infected systems from sending information back to “Spyware” sites, mitigating against the productivity impact of Adware but also the more serious privacy and data leakage concerns associated with more malicious code. URL filtering solutions also offer some protection from infection in the first place by preventing users from visiting known infected sites.

Gateway solutions typically incorporate logging and reporting features that can be used to identify infected systems thus facilitating a targeted “Spyware” clean-up periodically. This capability is also useful to target mobile clients (notebook PCs) that are not protected with Personal Firewalls that become infected whilst outside the corporate perimeter.

Recommendations

In light of the above Orthus suggest that enterprises take the following approach to mitigating the risks posed by “Spyware” today :

  • deploy gateway “Spyware” protection to prevent back-channel communication by infected systems augemented with a leading URL filtering solution.
  • use granular reporting capabilities from gateway solutions to identify infected systems and choose a dedicated anti-spyware tool to clean-up infected systems on a case-by-case / ad hoc basis.
  • do not deploy dedicated anti-spyware programs across the desktop population – instead wait for AV vendors to add strong anti-spyware capabilities in future releases.
  • force remote office branch office based systems to access the Internet via the corporate gateway (where gateway anti-spyware protection exists).
  • for remote and mobile clients, in addition to AV, install a recognised personal firewall to increase protection.

educate staff making them aware of the risks of “Spyware”, how systems are typically infected and how to close pop

Sean Bennett is Commercial Director at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats, addressing issues including data leakage, sabotage and fraud; External Threats (http://www.orthus.com/dr_overview.htm) including wireless security, penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).

Article Source:http://www.articlesbase.com/security-articles/spyware-understanding-and-addressing-the-risks-part-two-981993.html

Share and Enjoy:
  • Digg
  • del.icio.us
  • Facebook
  • NewsVine
  • Reddit
  • StumbleUpon
  • Google Bookmarks
  • Yahoo! Buzz
  • Twitter
  • Technorati
  • Live
  • LinkedIn
  • MySpace
  • E-mail this story to a friend!
  • RSS
  • Turn this article into a PDF!

Welcome back! You may want to subscribe to my RSS feed. Thanks for visiting!

  • Share/Bookmark

If you enjoyed this post, make sure you subscribe to my RSS feed!

Blog Traffic Exchange Related Posts
  • Spyware Programs Protection Spywares are software that are kept hidden, deployed secretly and executed transparently in your system. These spywares collect data from your computer, and send it to a remote database using your own Internet connection. Spyware creators are constantly changing their applications to avoid detection. Spyware can also gather information about......
  • AV Antispyware is Just Another Rogue Are you being flooded with pop-up ads attempting to convince you to download AV Antispyware to remove infections on your PC? This is another rogue application that is designed to take your money by giving you misleading information. This fake, like all of the others, cannot detect infections or parasites......
  • Protect Your PC From The Conficker Virus In the history of the use of the Internet, users all over the globe have faced tremendous attacks that has wrecked their businesses and rendered them financially bankrupt. To forestall the reoccurence of such experiences and aid internet users and computer users alike to accomplish their purpose for using......
  • Why Antivirus Programs Are Most Important in Computers Your computer and laptop has to clash with malware every day. This brings your abundant collection ransomed on your method's firm travel beneath danger. Malware agnate virus and spyware are avenging programs that can spoliation functionality of your organisation accomplished a tracheophyte of adverse anatomy including sending virus accomplished telecommunicate......
  • How Can LANdesk Increase Efficiency What is unique about LANdesk software is that it remotely performs tasks such as automatically rebooting computers, transferring files and executing programs. It also allows a computer operator to perform functions such as screen drawings as well as block out remote keyboards. Another positive benefit of LANdesk software is its......
Blog Traffic Exchange Related Websites
  • mattressWhy Certificates of Deposit Are A Good Idea Today's article is written by guest blogger Jim of Bargaineering. If you've saved up a few dollars and aren't sure if you should put them in the stock market or stick them in your mattress, let me give you another suggestion: put your funds into a certificate of deposit (CD).......
  • Why most anti-spam systems dont work and how to get an effective anti-spam solution The problem of spam has been getting worse. In recent years spam has been an annoying nuisance such as advertising. During 2006 there has been a considerable worsening of the problem with an enormous increase in the number and sophistication of fraud, being perpetrated through spam.I first became aware......
  • line9 Steps for Establishing Credit Credit is the catch all term for the act of lending money. It can take the form of a credit card, in which the lender buys the things you want and you pay them back. Loans are where you have the money given to you with the promise to pay......
  • SIP Trunking Solution - PBX and VoIP Phone Systems A SIP trunking solution is a workable approach to the change-over from a PBX system to VoIP telecommunications. A PBX phone system is a regular addition to many offices. Starting life as a simple switchboard and evolving to offer a much higher standard of technology over the years, the PBX......
  • Skype For Business Analysis Compared to Skype2PBX For further information on the subject, we invite you to read the analysis performed by the CISSP on potential Skype vulnerabilities.Technically speaking, Skype is very similar to P2P file sharing applications that have been a constant threat to corporate networks over the years.To make telephone calls at reduced costs......
 

Leave a Comment

CommentLuv Enabled

« Removing Malware Catcher 2009 | Home | Spyware – Understanding and Addressing The Risk – Part One »