Gambling, Porn in Workplace Breed Spyware

Some security experts say 50 percent of spyware on corporate networks is caused by workers visiting pornographic and gambling sites while on the job. What should you do?
Some security pros estimate that half of all spyware on corporate networks comes from employees going to pornographic and gambling Websites on company computers.

''I think a lot of companies are blissfully unaware of what their employees do on their networks,'' says Ken van Wyk, principal consultant for KRvW Associates, LLC and a columnist for eSecurityPlanet. ''If you take generic commercial America, a pretty good percentage of sites don't spend a lot of time and energy monitoring what their employees are doing. It's still seen as somewhat of a stigma. People are on an honor system. If you believe those statistics, apparently the honor system isn't working.''

And van Wyk says this can mean trouble, since spyware is no longer the nuisance it used to be.

''I think the potential for spyware to do really bad things is certainly out there,'' he adds. ''The potential for danger is pretty daunting. I certainly wouldn't want any of that sitting on my network.''

Bob Hansmann, a senior manager at Trend Micro Inc., which has its U.S. headquarters in Cupertino, Calif., says spyware is increasingly troublesome for companies. And he says employees largely are to blame for it.

IT administrators instantly would be able to reduce spyware by as much as 50 percent if they could keep users from visiting pornographic and gambling Websites while on the job, says Hansmann. He notes that when customers start using URL filtering software, blocking porn and gambling sites, their spyware problem has been cut in half.

Hansmann tells the story of some IT professionals working to patch their network. While they were waiting for the patches to download, they would use another machine to surf the Net, visiting pornographic sites. The IT people actually became the source of the company's spyware infections while they were in the process of following a good security practice.

User Complacency

Ken Dunham, a senior engineer for VeriSign iDefense Intelligence based in Mountain View, Calif., says most users are visiting these Websites because they don't think they'll ever be caught. They also might think it would be better to be caught on these Websites at work than at home.

''There's a certain degree of complacency. They wouldn't do it at home because they're afraid of what [malware] they might get. But they'll surf at work because it's not their system, and they don't think they have to worry about it... It's like owning a house or renting a house.''

When someone visits many of the online gambling or porn sites, they might get legally installed spyware or they might be silently infected with illegal spyware or adware. Some sites will alert the user that a program is going to be downloaded and asks for the OK. Other sites will illegally reroute the user to another site without their knowledge where a bunch of spyware will be installed silently and without the user's permission.

''To view a site, you might have to install an ActiveX object to view what's on that site,'' explains Dunham. ''Or you might have to install some code. A lot of porn sites require you to download an executable so you can view the pictures or the movies. That executable should be seen as quite suspect. It's an executable. They'd have spyware attached. That might even be a legal installation, but it was presented and someone clicked on it being OK.

''The user might run an application and not realize it's installing stuff you don't know about,'' he adds. ''There are a lot of installations where you have no idea what you're getting. You think you're just getting this pornography package but there might be a bunch of things being installed with it and you have no idea.''

Blocking Porn and Gambling

So why don't IT administrators just block pornographic and gambling sites?

Well, it's not as easy, or effective, as it might seem.

van wyk says IT admin need to combine technology with a strong policy to have any chance of making it work. He recommends trying a URL blocker that would sit in line with the firewall. And then he says the company needs to come up with a strict policy that states that the company's computers and network are to be used for legitimate business purposes only. It also needs to spell out that workers will be monitored, there should be no expectation of privacy and there will be repercussions if the rules are broken.

''You have to realize that this is not a trivial thing,'' says van Wyk. ''If you go looking for something, you better be prepared to act on it. There is an administrative burden in following through on that.''






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.