CMP Network Computing
Log In to Network Computing
   Techweb
 
Top 11 List Security Channel SpamOmeter Internet Threat Level
Live Lab Cams Storage Channel IT Pro Downloads Network Design Manual
 Site Map |  What's New |  Current Issue |  Past Issues |  Article Index |  Newsletters |  Content Feeds |  Subscribe
Welcome to Network Computing Networking News Product Reviews, Sneak Previews, Analysis Workshops, Primers, Tutorials Site Content According to Technology Covered Forums, Blogs, Opinions Site Tools for IT Professionals Centerfold Case Studies Interactive Buyer's Guides


IT Knowledge Made Simple
Stay on top of strategic IT infrastructure trends with our special IT StrategyCenter, powered by StudioOne Networks.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Threat Intelligence / Spam and Viruses

Don't Let Spyware Give You the Slip

From the Editors of ITSC

How big of a headache are spyware, adware, and bot infections for today's IT operations and security managers? According to the META Group, they are now a top concern, and the researcher estimates that cleaning infected clients can consume 20 percent or more of a help desk's overall effort. Spyware, which was a low-priority item on many IT security agendas a year ago, has quickly evolved from an annoyance to a substantial security and support burden. This article looks at the ways enterprises can evaluate security risks from spyware, and the means by which those risks can be mitigated.

The scope of the problem

Spyware gathers confidential information by logging keystrokes, performing screen captures, and monitoring email correspondence and Instant Messaging conversations. Once the information is obtained, spyware programs such as Gator, Hotbar, and Cydoor use various methods to provide the data to another party, often for monetary gain. Because spyware captures sensitive information before it is encrypted for transmission, it can bypass security measures and forward the text in an easily readable format.

Bots, such as Gaobot, Spybot, and RxBot, are programs that are covertly installed on a targeted system, allowing an unauthorized user to remotely control the computer for a wide variety of purposes. Attackers often coordinate large groups of bot-controlled systems, or bot networks, to scan for vulnerable systems and use them to increase the speed and breadth of their attacks. Bot networks create unique problems for organizations because they can be remotely upgraded with new exploits very quickly, potentially allowing attackers to outpace an organization's security efforts to patch vulnerable systems. According to the most recent edition of the Symantec Internet Security Threat Report, over the first six months of 2004, the number of monitored bots rose from less than 2,000 computers to more than 30,000.

Internet Service Provider (ISP) EarthLink recently announced that it detected approximately 116.5 million instances of spyware, adware, and other potentially unwanted software among its customers in 2004. The ISP's latest SpyAudit report, released earlier this month, found that instances of spyware monitoring software among its customers rose 230 percent last year.
 
Rating security risks

Some programs classified as spyware are commercially released programs that can be used in a variety of ways. Because some of these uses have the potential to introduce risks to the privacy, confidentiality, integrity, and availability of a system and personal information, users need the ability to detect them. In particular, organizations that must comply with various regulations -- such as HIPAA or Sarbanes-Oxley -- need to be sure that the protection of confidential information is consistent with the requirements of these acts.

A program is considered high risk if it attempts to conceal its presence -- for example, a program that hides from the Task Manager or does not have a user interface. Sending out confidential, sensitive information such as password, credit card data, or other personal information is deemed high-risk behavior as well. Likewise, a measurable impact on system stability or performance is classified as high risk (for example, opening multiple windows, or spawning processes). Programs that deliberately avoid being uninstalled are often characterized by watchdog processes that reinstall removed programs, duplicate file storage, or store files in unusual or hard to find areas; such functionality is considered to indicate high-risk behavior. Finally, programs are rated high risk if they possess functionality that conducts or assists in redirection of users to spoofed Web sites, or non-requested Web sites.

Programs having functionality that is shown to result in easily repairable damage or that track user actions are considered medium risk. The exhibition of pop-up windows or engaging partially in stealth mode is considered medium risk. Tracking Web browsing with no privacy policy (or one that conflicts with the program functionality) is also considered medium risk behavior.

Programs with functionality classified as low risk are those that track benign user action,have an End User License Agreement (EULA), and can be easily uninstalled. Such functionality has little or minimal privacy infringement.

Mitigating risks

The most effective way to reduce risks from programs classified as security risks is to use a complete security solution that deals with a wide range of threats. In particular, enterprises need a solution that categorizes programs according to their functionality and allows them to choose an acceptable risk level. Integrated technologies (antivirus, firewall, and intrusion protection) should work together to provide defense in depth. For example, while an antivirus solution works to protect a system against spyware, a firewall allows an organization to create a list of recipients of personal information and to block unwanted advertisements. Furthermore, when a firewall detects that an application is trying to establish an outbound network communication (as a spyware program would to relay information to the outside world) it should automatically close the port and prevent the transmission.

Other issues to consider: the number of spyware definitions supported by a particular solution, the process used for finding new spyware programs, and how the definitions are updated.

In addition to the use of strong technologies, there are policy measures that can help organizations reduce their risks. For example, make sure that you know and trust the authenticity of any software before you download it and install it. Read the EULAs of software programs to make sure you know what you are getting, and make sure that you understand, and agree with, the program's functionality. Examine EULAs carefully to make sure they are in agreement with your security policy. Also, as some spyware is installed using ActiveX controls, consider requiring a prompt for ActiveX to execute within Web browsers.

A burgeoning problem

Programs that are classified as security risks, including spyware, adware, and bots, have the potential to compromise personal information and privacy. These programs have a wide range of functionality and are increasing in prevalence globally.

As a result, Forrester Research Inc. now predicts that 65 percent of companies will either purchase or upgrade anti-spyware software this year, making it the most popular security technology of 2005. According to Forrester, spyware has surpassed spam and identity theft on the list of threats that security managers are most concerned about.

Clearly, tools designed to fend off this rising security threat will be closely scrutinized by enterprise buyers in 2005.

 

IT Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Spam and Viruses
Preparedness
Strategies
Related Content

Features

View More


Metrics

View More

Fast Fact

"Wireless is a convenient and relatively inexpensive option for hospitals to deploy."
Sponsor Tools

White Papers

View More


Resources
Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Mobile and Malicious
Playtime: 10 min 10 sec



Download | Subscribe

Copyright © 2008 Studio One Networks. All rights reserved.
Advertisement
Site Navigation
Home | Article Index | Newsletters | RSS Feeds | Site Map | IT Tools | Reviews | Technologies | Workshops/Tutorials | News | Forums/Blogs/Opinion | Bookstore | Jobs | RFP/RFQs | White Papers | Audio | Downloads | Editors | Webmaster | Sales and Marketing | Magazine Media Kit | Online Media Kit | Events | Reprints | Editorial Calendar
Technology News and Opinion
Small Business Pipeline | IT Utility Pipeline | Business Intelligence Pipeline | Desktop Pipeline | Compliance Pipeline | Server Pipeline | Storage Pipeline | Security Pipline | Mobile Pipeline | Linux Pipeline | Advanced IP Pipeline
Companion Sites
Independent Testing Services | Network Magazine | IT Pro Downloads | UnixWorld | Interactive Buyer's Guide | InternetWeek | InformationWeek | Transform Magazine | Pipeline Technology Sites | Intelligent Enterprise | TechWeb | Shop-Marketplace.com



TechWeb is brought to you by CMP Media LLC, Copyright © 2004
Privacy Statement | Terms Of Service