Posts Tagged ‘what is spyware’

Mitigating the Risk

The main technologies available to mitigate against the risks associated with “Spyware” within the enterprise environment are discussed below.

Mitigation techniques are two-tiered or two-part – at the gateway and at the desktop level.

Desktop Protection

At the desktop or client there are notably three technologies available to mitigate against the risks posed by “Spyware”. These are personal firewalls, dedicated anti-spyware programs, and traditional desktop anti-virus (AV) tools.

AV

In some respects forms of “Spyware” strongly resemble viruses. They are uniquely identifiable, can be detected by scanning the client machine and are sometimes packaged as a set of files that can be removed to clean up the infected system. However many forms of “Spyware” do not reside on disk as persistent files – such as hostile ActiveX and Java applets. The motives, delivery mechanisms and often the removal of “Spyware” is different however from the protocols followed for viruses and worms.

“Spyware” is also different in that there is no one definition agreed on what constitutes “Spyware”. Some programs that might be classed as “Spyware” – such as Microsoft’s Windows Update Notifications – are useful, disclose their tracking capabilities, do not disrupt desktop operation impacting user productivity, and are distributed by responsible companies. “Spyware” therefore needs to be classified and identified by the actions it performs and the level of risk – complicating detection and removal, as the users must be given a choice over what is permitted.

AV vendors – notably Trend Micro, McAfee and Symantec – already have software that is very good at scanning files before they execute. The software also has mature enterprise management suites and the vendors have support teams in place to handle enterprise customers’ needs. However the AV vendors have been slow at adding anti-spyware capabilities to their products. The AV vendors however will catch up  – Trend Micro acquired private start-up InterMute in May of this year, the first acquisition the company has ever made. In 2004 CA acquired PestPatrol and added PestPatrol to the eTrust suite.

Independent reviews and tests show repeatedly that AV tools are not as good at catching “Spyware” as dedicated anti-spyware programs. Whilst AV tools may detect 99% of viruses this number falls considerably to perhaps 70% – when considering “Spyware” programs.

Using the next releases of desktop AV tools to protect desktops against “Spyware” is extremely attractive to enterprises. There is no need to deploy yet another software agent on every machine within the desktop population, there is no need to monitor yet another ‘console’. AV already incorporates the management features that enterprises require – such as ‘headless operation’ and centralised reporting. Enterprises achieve greater consistency with standardisation on a smaller number of vendors, leading ultimately to cost efficiencies.

Dedicated Anti-Spyware Programs

There is an ever-increasing list of dedicated anti-spyware programs available from vendors including Webroot (who have just secured $108million in venture capital funding), LavaSoft and PC Tools. Ad-Aware from LavaSoft is the most popular product with some 128 million downloads to date. Other notable products include SpyBot Search and Destroy, CounterSpy and Spyware Eliminator. Microsoft has also entered the market with Windows Antispyware – available as a beta for download from their web site – following their acquisition of Giant Company Software.

Whilst dedicated anti-spyware programs are more effective today at detecting and removing Spyware than AV products this will change over the forthcoming quarters. Most of the dedicated anti-spyware offerings are available as free downloads aimed at consumers / individual users and not at large enterprises. Site licensing is rarely available for example. Some of the emerging vendors, including FBA Software and Tenebril, have enterprise offerings on their roadmaps. However these companies are small, lack corporate / financial stability in some cases, and typically do not have the support teams and infrastructure in place to handle large enterprise customers.

Orthus are of the view that many standalone dedicated anti-spyware programs will cease to exist in the relatively near future and the dedicated anti-spyware market will not be significant in years to come as established vendors offer integrated AV/anti-spyware/personal firewall products.

Personal Firewalls

Just as AV tools now include some “Spyware” protection so many of the personal firewalls available offer a level of protection as well. These include McAfee, Check Point (following the acquisition of Zone Labs in early 2004 and the subsequent release of the Integrity product) and Internet Security Systems (ISS) with the release of Proventia Desktop in March 2005. Sygate is following a similar path to Check Point and ISS.

Personal firewalls are recommended for particularly mobile clients that are regularly taken outside of the corporate perimeter and used to access corporate systems from DSL connections in the home and public WLAN hotspots, where typically direct Internet access is also allowed. They are also recommended for fixed desktop and mobile clients in smaller locations where there is little or no gateway level protection in place and where again direct Internet access is available from those locations.

Gateway Protection

Desktop protection is only half of the story when it comes to “Spyware” protection. Gateway level protection is also available.

Blue Coat offer a range of proxy appliances that, in conjunction with popular URL filtering solutions, offer a strong defence against “Spyware”. “Spyware” often secretly installs via “drive-by” installers, which install “Spyware” in the background without any user interaction. Blue Coat combats this with anti-spyware policy controls that inspect, filter and block web content associated with “Spyware” installation software. This preventive approach is critical when “Spyware” originates from an unknown web site – not yet categorised within URL filtering solutions – and when there is no known signature available to detect the malicious program.

Gateway protection incorporating a strong URL filtering solution is particularly good in preventing programs on infected systems from sending information back to “Spyware” sites, mitigating against the productivity impact of Adware but also the more serious privacy and data leakage concerns associated with more malicious code. URL filtering solutions also offer some protection from infection in the first place by preventing users from visiting known infected sites.

Gateway solutions typically incorporate logging and reporting features that can be used to identify infected systems thus facilitating a targeted “Spyware” clean-up periodically. This capability is also useful to target mobile clients (notebook PCs) that are not protected with Personal Firewalls that become infected whilst outside the corporate perimeter.

Recommendations

In light of the above Orthus suggest that enterprises take the following approach to mitigating the risks posed by “Spyware” today :

• deploy gateway “Spyware” protection to prevent back-channel communication by infected systems augemented with a leading URL filtering solution.
• use granular reporting capabilities from gateway solutions to identify infected systems and choose a dedicated anti-spyware tool to clean-up infected systems on a case-by-case / ad hoc basis.
• do not deploy dedicated anti-spyware programs across the desktop population – instead wait for AV vendors to add strong anti-spyware capabilities in future releases.
• force remote office branch office based systems to access the Internet via the corporate gateway (where gateway anti-spyware protection exists).
• for remote and mobile clients, in addition to AV, install a recognised personal firewall to increase protection.

educate staff making them aware of the risks of “Spyware”, how systems are typically infected and how to close pop

Sean Bennett is Commercial Director at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats, addressing issues including data leakage, sabotage and fraud; External Threats (http://www.orthus.com/dr_overview.htm) including wireless security, penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).

Article Source:http://www.articlesbase.com/security-articles/spyware-understanding-and-addressing-the-risks-part-two-981993.html

Technorati Tags: spyware risk, understand spyware, what are the risks of spyware, what is spyware

Spyware and adware are two different animals. Each has the ability to make your life a mess.

If you rely on the internet for anything or you rely on your computer for anything, it is a must that you fully understand what these things are and how they work.

The first key to protecting yourself from these things is to fully understand what they are. That will allow you to know how to not make common mistakes that cause spyware to get into your computer.

Unfortunately, many people have been lead to believe that all types of this software are bad and should be avoided. But, that’s not always the case. The fact is you may want to have certain types of this software to use.

Remember, to make it spyware it has to be downloaded to your computer without your consent.

Why would you want to have spyware that tracks your personal information?
Why would you want those advertisements?

You may actually sign up for a service online and when you do you may also agree to receive targeted ads.
Companies like this find it helpful to track where you go online and what you do in order to provide you with ads that are targeted to your interests.

Instead of seeing ads that don’t have anything to do with you, you’ll see ads that are based on the places you’ve visited online.

If you like more FREE Info, I recommend this
FREE Ebook!

Technorati Tags: about spyware, spyware and adware, what is adware, what is spyware