Tuesday, December 10, 2024

It’s Time IT Seriously Battles Spyware

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

There was a time when spyware was low on an IT department’s priority

list. End users thought to be lugging around lots of spyware were simply

pointed toward one of several good (and free) desktop spyware-scan sites

and told to take it easy on the games, screen savers, and other likely

culprits.

But that time is long gone.

Today, spyware is a serious productivity drag — the bane of all help

desks, and a potential threat to data security. For these reasons, IT

organizations are stepping up their anti-spyware efforts by educating

users, locking down desktops, and considering enterprise-grade software

that not only finds existing spyware, but blocks new infections.

A Job for IT

A useful definition of spyware is: A piece of code that monitors computer

users’ actions without their genuine consent. The word ”genuine” is

important because frequently, users click an ”I Agree” box indicating

that they understand what they’re getting — but almost nobody reads the

contract. Adware is frequently viewed as less malicious than spyware, but

it usually includes components that track end-user information, so IT

managers should consider it spyware as well.

However spyware makes its way to a computer — piggybacking on a free

screensaver download, sent via email as a virus, or through a deceptive

pop-up ad — it brings several negative side effects. PCs infected with

key-logging spyware, for example, could potentially be used by corporate

spies or identity thieves to steal company or personal information.

But the most common impact of spyware, by far, is slow performance. And

that’s where IT comes in.

The number and percentage of help desk calls related to spyware has gone

through the roof in recent years. Depending on which analyst firm or

large company you ask, 20 percent to 33 percent of all help desk calls

are spyware-related.

At the Alaska Native Medical Center, the problem reached critical mass

late last year. ”We were spending an inordinate amount of time cleaning

up PCs,” says Chris Deason, network manager at the Anchorage hospital,

which has about 1,400 PCs. ”I can think of one tech who spent 10 to 20

hours a week” on the task, she adds.

Until quite recently, many company help desks steered end users to one of

many good spyware-cleanup programs — which, ironically, are often

available as free downloads themselves.

However, those programs have limitations. They may reduce the burden on

help desks, but they don’t eliminate it.

”You still sort of walk the user through the install and help them run

[anti-spyware programs],” says Richard Stiennon, vice-president of

threat research at Webroot Software, a spyware-blocking vendor. ”You

cannot rely on the user to run the scan,” agrees Deason.

Moreover, a typical free spyware scan finds and eliminates existing

spyware, but does nothing to prevent new infections.

Dealing with the Threat

Once you decide to handle spyware at the enterprise level, what’s the

next step? Experts say you need more than just a new products (though

that may be part of the solution). A multi-faceted approach works best:

  • Lock it down. Limiting users’ ability to visit certain Web

    sites known to be spyware hotbeds (such as pornography, gambling, and

    peer-to-peer file-sharing sites) may not make you popular, but it will

    certainly cut down on the help desk’s cleanup duties. However, some

    flexibility is required. ”Power users” who want freedom to download

    useful software programs are often some of the most productive employees

    in a company. IT must weigh this freedom and productivity against the

    benefits of lockdown.

  • User education. ”Over time, users have learned not to open

    suspicious [email] attachments,” points out a recent Forrester Research

    Inc. report. David Friedlander, a Forrester analyst and author of the

    report, says if organizations work continuously to teach end users about

    the risks surrounding spyware, similar results are possible.

  • Browser security settings. Most enterprises give users free

    rein over their Web browser settings. But according to Friedlander, if

    the security setting is not ‘medium’ or higher, ”any site can install a

    signed Active X control, including spyware, without triggering a warning

    dialog box.”

  • Patch it up. Spyware, like viruses and other malicious code,

    often exploits known security holes. According to both Forrester and

    Webroot’s Stiennon, paying attention to patch management can

    significantly cut down on spyware threats.

  • Evaluate enterprise-grade products. As noted above, there are

    solid downloads available to scan and eliminate spyware at the individual

    desktop level. Lavasoft’s Ad-Aware and PepiMK Software’s SpyBot Search

    and Destroy are examples. But free versions of these tools, designed

    originally for consumers, lack both central management and proactive

    capabilities. Several vendors have set out to fill this void, including

    Webroot (SpySweeper Enterprise); Computer Associates International

    (eTrust PestPatrol); TechAssist (Omniquad AntiSpy Enterprise Edition);

    and InterMute (SpySubtract Enterprise Edition).

    For IT, the major benefit offered by these products is their ability to

    proactively ”blacklist” known spyware types. At the Alaska Native

    Medical Center, Deason recently purchased InterMute’s SpySubtract. She

    says she and the help desk noticed an astonishing change almost

    immediately. ”In the first 10 days we’ve had it, I cleaned up close to

    30,000 threats,” Deason says, including 1,600 on a single PC.

    What impressed her, though, was the tool’s ability to keep those threats

    from returning. ”It really is a set-it-and-forget-it deal,” Deason

    adds.

    Most vendors of enterprise-grade anti-spyware applications upgrade

    their databases weekly or immediately after a new threat is discovered.

    There’s no reason to believe that the people who create and distribute

    adware and spyware plan to quit anytime soon. For that reason, IT

    organizations need to recognize spyware as a genuine threat — and defend

    themselves accordingly.

    For more information on spyware protection and removal, visit Intranet Journal’s Spyware Guide.

  • Subscribe to Data Insider

    Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

    Similar articles

    Get the Free Newsletter!

    Subscribe to Data Insider for top news, trends & analysis

    Latest Articles