You've heard the horror stories.

The poor widow whose bank account was stripped of its last cent or the unfortunate fellow that's trying to repair his credit after a fraudster used his personal information to score flat screen TVs, expensive gadgets and a luxury car or two.

stock 
photography
Spyware took her life's savings. Now it's after your corporate secrets.
Spyware is more than just a resource-hogging annoyance; it can expose your PC, and your activities, to snoops. And it's not just Web tracking, some spyware packages contain full-blown backdoors.

Home users are just now discovering that anti-virus software alone doesn't provide complete online protection. So as they download and install Adaware and/or Spybot in record numbers, corporations are lagging behind, according to a new study courtesy of Webroot.

How's that for role reversal!

As damaging as it can be to an individual, for a business the aftermath can be downright catastrophic. Customer/employee records, business plans, confidential IMs... all potential targets if spyware gains a foothold on your network. Is it a perceived dearth of centrally managed apps that's keeping businesses from taking spyware seriously?

Learn how IT personnel are gearing up to battle spyware and how it factors into their security administration priorities.


Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.

This Week's Spotlight Thread:
Study: Few corporations use anti-spyware tools.

After whatthe alerts the group to some troubling news, Spyder32 summarizes the thinking that governs some corporate IT departments' attitude toward spyware.

Not many companies (at least from my perspective) consider spyware to be a big enough, legit problem. Sure it's legit, but they don't classify it as something they need to be aware of and something that is harmful/dangerous.
MsMittens delves deeper...
I wonder if there are a few of issues here:

1) How many administrators are under the impression that spyware can only be dealt with on a computer-by-computer basis? That is, they are unaware that there are products out there designed to deal with spyware before it hits the user.

2) And finally, how many administrators believe that spyware only tracks things like where you go rather than taking over a machine (a la trojan).

It wouldn't be surprising that few implement even simplistic fixes for IE on their users machines. The idea that it takes too long often seems to override the security need. And yet, time and again, it's been proven that implementing most security measures reduce administrative time.

Interesting nonetheless. We probably won't see major shifts in this until AV manufacturers include it as part of their products (I'm surprised they don't) and/or until there is a major public breach based on spyware.

Spyder32 shares his experiences in battling spyware in the workplace.
Until the advent of the Bleeding Snort Malware rules, I would deal with it when I found it but wasn't really too concerned with it from the POV that locking the systems too hard keeps my equally, if not more busy [admins], dealing with the "I can't do [insert issue here]" problems.

Since implementing the rules, (which are a very limited set of the whole but seem to catch the most common and intrusive), I have had a change of heart.

For the last couple of months I have been waging a war against this [stuff].... and there's plenty of it out there. My public access machines were obviously the worst...

Then there are my "underworked" company employees who manage to find this [stuff]...

That's all changed.

The public access boxes have been locked down quite significantly, (I'd love to only allow certain web sites to be accessible but I have to allow a great amount of flexibility due to what the users are supposed to be doing on them.

Unfortunately, it's not a silver bullet because the spyware seems to find a way to hijack the start page, though it has cut down their ability to riddle the box with rubbish as I witnessed today.

The underworked employees are getting a single chance. When their box is heavily infected, (indicating non-work related activity), I clean it and ask them to clean up their Internet use. If they come back up on the Snort box and prove to be heavily infected again, their Internet access will be restricted and they can explain it to their supervisor if they can't perform their jobs. If it happens again, Internet access is blocked outright.

The positive thing: So far I have cut the T1 use by some 20-25%.

Hogfly provides a list of some of the considerations that may be holding enterprise spyware detection back.
There are some caveats for large environments when it comes to deploying a new package. The cost of supporting yet another application can be immense and no one spyware application catches everything.
  • We would have to get the helpdesk trained so they can answer support calls.
  • We would have to educate the userbase about the utility.
  • We would have to train the netadmins if the utility is to be centrally managed.
  • There would be a cost in documenting the procedures to combat spyware.

It's a costly move, but it will happen eventually I am sure.

Are you battling spyware and winning? Tell your tale here.


What is AntiOnline?

AntiOnline (AO) is home to many of the most popular network security discussion forums online. Here, participants engage in candid, thought-provoking and enlightening exchanges on the latest hazards and how to protect your systems against them.

We invite you to join the AO community (it's free!), share your wisdom and learn a few things in the process.