There was a time when spyware was low on an IT department’s priority
list. End users thought to be lugging around lots of spyware were simply
pointed toward one of several good (and free) desktop spyware-scan sites
and told to take it easy on the games, screen savers, and other likely
culprits.
But that time is long gone.
Today, spyware is a serious productivity drag — the bane of all help
desks, and a potential threat to data security. For these reasons, IT
organizations are stepping up their anti-spyware efforts by educating
users, locking down desktops, and considering enterprise-grade software
that not only finds existing spyware, but blocks new infections.
A Job for IT
A useful definition of spyware is: A piece of code that monitors computer
users’ actions without their genuine consent. The word ”genuine” is
important because frequently, users click an ”I Agree” box indicating
that they understand what they’re getting — but almost nobody reads the
contract. Adware is frequently viewed as less malicious than spyware, but
it usually includes components that track end-user information, so IT
managers should consider it spyware as well.
However spyware makes its way to a computer — piggybacking on a free
screensaver download, sent via email as a virus, or through a deceptive
pop-up ad — it brings several negative side effects. PCs infected with
key-logging spyware, for example, could potentially be used by corporate
spies or identity thieves to steal company or personal information.
But the most common impact of spyware, by far, is slow performance. And
that’s where IT comes in.
The number and percentage of help desk calls related to spyware has gone
through the roof in recent years. Depending on which analyst firm or
large company you ask, 20 percent to 33 percent of all help desk calls
are spyware-related.
At the Alaska Native Medical Center, the problem reached critical mass
late last year. ”We were spending an inordinate amount of time cleaning
up PCs,” says Chris Deason, network manager at the Anchorage hospital,
which has about 1,400 PCs. ”I can think of one tech who spent 10 to 20
hours a week” on the task, she adds.
Until quite recently, many company help desks steered end users to one of
many good spyware-cleanup programs — which, ironically, are often
available as free downloads themselves.
However, those programs have limitations. They may reduce the burden on
help desks, but they don’t eliminate it.
”You still sort of walk the user through the install and help them run
[anti-spyware programs],” says Richard Stiennon, vice-president of
threat research at Webroot Software, a spyware-blocking vendor. ”You
cannot rely on the user to run the scan,” agrees Deason.
Moreover, a typical free spyware scan finds and eliminates existing
spyware, but does nothing to prevent new infections.
Dealing with the Threat
Once you decide to handle spyware at the enterprise level, what’s the
next step? Experts say you need more than just a new products (though
that may be part of the solution). A multi-faceted approach works best:
sites known to be spyware hotbeds (such as pornography, gambling, and
peer-to-peer file-sharing sites) may not make you popular, but it will
certainly cut down on the help desk’s cleanup duties. However, some
flexibility is required. ”Power users” who want freedom to download
useful software programs are often some of the most productive employees
in a company. IT must weigh this freedom and productivity against the
benefits of lockdown.
suspicious [email] attachments,” points out a recent Forrester Research
Inc. report. David Friedlander, a Forrester analyst and author of the
report, says if organizations work continuously to teach end users about
the risks surrounding spyware, similar results are possible.
rein over their Web browser settings. But according to Friedlander, if
the security setting is not ‘medium’ or higher, ”any site can install a
signed Active X control, including spyware, without triggering a warning
dialog box.”
often exploits known security holes. According to both Forrester and
Webroot’s Stiennon, paying attention to patch management can
significantly cut down on spyware threats.
solid downloads available to scan and eliminate spyware at the individual
desktop level. Lavasoft’s Ad-Aware and PepiMK Software’s SpyBot Search
and Destroy are examples. But free versions of these tools, designed
originally for consumers, lack both central management and proactive
capabilities. Several vendors have set out to fill this void, including
Webroot (SpySweeper Enterprise); Computer Associates International
(eTrust PestPatrol); TechAssist (Omniquad AntiSpy Enterprise Edition);
and InterMute (SpySubtract Enterprise Edition).
For IT, the major benefit offered by these products is their ability to
proactively ”blacklist” known spyware types. At the Alaska Native
Medical Center, Deason recently purchased InterMute’s SpySubtract. She
says she and the help desk noticed an astonishing change almost
immediately. ”In the first 10 days we’ve had it, I cleaned up close to
30,000 threats,” Deason says, including 1,600 on a single PC.
What impressed her, though, was the tool’s ability to keep those threats
from returning. ”It really is a set-it-and-forget-it deal,” Deason
adds.
Most vendors of enterprise-grade anti-spyware applications upgrade
their databases weekly or immediately after a new threat is discovered.
There’s no reason to believe that the people who create and distribute
adware and spyware plan to quit anytime soon. For that reason, IT
organizations need to recognize spyware as a genuine threat — and defend
themselves accordingly.
For more information on spyware protection and removal, visit Intranet Journal’s Spyware Guide.