|Editor's introduction:- No matter how
much storage you've got - one thing you don't want on it is any program which
has illegally installed itself and is not working in your best interests.
Unlike a virus - whose presence is immediately obvious when it stops some part of your computer working - Spyware and Adware are stealthier and harder to notice.
This article by Paul Myer tells us about the level of threat, what these malware programs actually do, and describes what his company 8e6 Technologies is doing to learn more about these parasites so they can be kept out of your storage systems.
|Spyware, Adware &
by Paul Myer, President 8e6 Technologies - June 22, 2005
2005: Spyware is Public Enemy #1
Web advertising networks are lobbying strong to make sure that the anti-Spyware bill known as the "Spy Act" is watered down a bit before passage (Bill H.R. 29). These tenacious Washington insiders are concerned that the law as written could restrict their ability to do their job - that is, to infiltrate corporate computer networks, to reduce employee productivity and to slow down corporate networks.
These same lobbyists won a victory by stalling similar legislation in the Senate last year. But, let's not feel too sorry for these lobbyists.
It reaches far beyond politics into the financial and security resources of small and large corporate networks alike. Recent surveys of IT managers around the world have identified Spyware as the number one threat faced by corporate security managers. A 2004 survey by Internet service provider Earthlink found that 90% of PCs in the U.S. are infested with some sort of Spyware. On average, each machine in the survey harbored 28 separate spyware programs.
Spyware, Adware, Malware? Unaware.
Unless you have lived in a cave for the past two years, you have been the victim of Spyware at one point. But, corporations and government institutions are not always aware of the negative fiscal impact, decrease in productivity, and heightened security risk to the company when Spyware is allowed to infiltrate the enterprise.
In Oklahoma City in February 2005, the FBI was called to investigate the installation of surveillance software on all the computers at the Oklahoma County Sheriff's Office - allowing access to homeland security issues, personnel files and prisoner information. The same week, a Sheriff's Office in Kentucky found similar Spyware on its system. These incidents serve as a microcosm of how accessible such important and sensitive data can be to outside intruders.
You Say Potato
Spyware is often used as a broad term. It is important to point out that there are really three types of applications that fall under the generic term Spyware. Let's take a look at the three main categories of intruder:
Whether it's Spyware, Adware or Malware, it is just plain dangerous and costly. Corporate enterprise managers are understandably concerned. Let's take a look at some of the different breeds that live and thrive in our computers.
Spyware is an application that loads onto the PC - generally through a non-threatening application such as a screen saver or helper application. This application will collect information about the computer, the user's surfing habits and sometimes far more sensitive data such as keyboard logging. This information will be sent to a data collection facility in the Internet heavens.
Spyware is an executable program with a single objective: to secretly monitor a computer and surreptitiously report information on activity to anyone willing to pay for it. It is an ideal tool for corrupting or stealing the sensitive business data residing on corporate PCs and systems. Spyware can also degrade performance, reduce employee productivity, and impose extensive administrative expenses.
Adware will monitor the surfing habits of a user, and present advertising or pop-up pages in relation to what the user is surfing. For example, user goes to expedia.com; the adware will detect this and throw up a few pop-ups related to travel sites.
Malware and malicious code is code within a web page that seeks to do damage to the user's computer or infect the user's computer with a virus or other software application. No wonder IT managers around the world identify this breed of threat as the most dynamic and threatening technology to corporate enterprise in 2005.
A good rule of thumb - never download it.
The Gremlin Effect
The Gremlin Effect refers to the fact that individuals, at some point, choose to break the rules and invite seemingly innocuous code into the network. It is initially a human problem, not a technology problem. Follow the rules and nobody gets hurt. But, employees will continue to visit chat rooms and download screen savers and other files. These are indeed invited guests into the corporate network.
Remember the movie Gremlins?
It was the 1980s classic about those furry little creatures that turned from one cute critter to an ill-behaved, hell-raising mob. The only rule given to its master was "don't feed him after midnight" and "never give him water." Of course, like many day-to-day computer-users in the workplace, the simplest rules are broken and chaos ensues within the organization: Gremlin code is invited into the computer by employees to take over large parts of the network.
Things very quickly get out of control. And, without the Hollywood ending.
There is no single solution for fighting Spyware and the most effective defense is a combination of user education and technology safety net.
8e6 Technologies' filtering and reporting appliances assist organizations in the fight against spyware, malware, adware, and other vicious external threats. Denying access to restricted, company-deemed "illegal" Web-sites, the 8e6 R3000 Enterprise Filter provides administrators a tool to manage an employee's Internet actions, thereby ensuring that users are not hitting spyware-filled Web sites and inadvertently downloading threats onto the network.
Going hand-in-hand with the R3000 is the 8e6 Enterprise Reporter 3.0, the industry's only stand-alone appliance that reports on Internet usage without compromising filtering speed or any other server functions. The Enterprise Reporter identifies which machines are infected with these kinds of threats by identifying "phone-home" spyware transfers. With this capability, IT managers are able to directly work with the infected computers, as opposed to a whole network, saving them much grief and time. All in all, both the R3000 and the Enterprise Reporter aid organizations to increase worker productivity, prevent company information leakage, and avoid negative fiscal impact.
So how does 8e6 Technologies know so much about Spyware?
8e6 has created an internal "flytrap" security system to determine which URLs are visited with a plethora of intruders. Once these URLs are verified, they are added to the 8e6 Spyware & Malicious Code Library. Once the URL is added to the library, the intruder application will not be able to "phone home" - sending sensitive information outside the network.
In order to keep the flytrap up-to-date, the 8e6 URL Collection Facility serves as a thriving dish of electronic microbes, constantly updated by monitoring for newer versions of Spyware at several information sites including spywareguide.com and spyware.co.uk.
This laboratory setting allows us to isolate and study the various strains across the Web, but this is not enough. Mounting an effective defense against Spyware means developing and disseminating a clear acceptable usage policy for employees - it also means backing it up with a mix of technology focusing on prevention and entrapment.
Stealth makes Spyware inherently difficult to defend against. That's why a more comprehensive Anti-Spyware strategy should be at the top of every IT manager's list of priorities, especially those who understand it is biggest threat of 2005.
The Next Step
Spyware, malware, adware-and other Web-based threats-are growing in number, complexity, and cost to organizations daily. Users must treat the Internet like a stray animal-who knows if it is friendly or if it will bite? In any case, administrators need to canvass the importance of staying away from suspicious downloads and other services that seem too good to be true. The best way to reinforce this urgency? By implementing a sound and effective Internet Filtering and Reporting system that makes an IT administrator know when a user's computer is infected, and allows him or her to stop even the most prolific malware agents from infiltrating an organization's network. ...8e6 Technologies profile
|STORAGEsearch is published by ACSL|