It's Time IT Seriously Battles Spyware

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
There was a time when spyware was low on an IT department's prioritylist. End users thought to be lugging around lots of spyware were simplypointed toward one of several good (and free) desktop spyware-scan sitesand told to take it easy on the games, screen savers, and other likelyculprits.

But that time is long gone.

Today, spyware is a serious productivity drag -- the bane of all helpdesks, and a potential threat to data security. For these reasons, ITorganizations are stepping up their anti-spyware efforts by educatingusers, locking down desktops, and considering enterprise-grade softwarethat not only finds existing spyware, but blocks new infections.

A Job for IT

A useful definition of spyware is: A piece of code that monitors computerusers' actions without their genuine consent. The word ''genuine'' isimportant because frequently, users click an ''I Agree'' box indicatingthat they understand what they're getting -- but almost nobody reads thecontract. Adware is frequently viewed as less malicious than spyware, butit usually includes components that track end-user information, so ITmanagers should consider it spyware as well.

However spyware makes its way to a computer -- piggybacking on a freescreensaver download, sent via email as a virus, or through a deceptivepop-up ad -- it brings several negative side effects. PCs infected withkey-logging spyware, for example, could potentially be used by corporatespies or identity thieves to steal company or personal information.

But the most common impact of spyware, by far, is slow performance. Andthat's where IT comes in.

The number and percentage of help desk calls related to spyware has gonethrough the roof in recent years. Depending on which analyst firm orlarge company you ask, 20 percent to 33 percent of all help desk callsare spyware-related.

At the Alaska Native Medical Center, the problem reached critical masslate last year. ''We were spending an inordinate amount of time cleaningup PCs,'' says Chris Deason, network manager at the Anchorage hospital,which has about 1,400 PCs. ''I can think of one tech who spent 10 to 20hours a week'' on the task, she adds.

Until quite recently, many company help desks steered end users to one ofmany good spyware-cleanup programs -- which, ironically, are oftenavailable as free downloads themselves.

However, those programs have limitations. They may reduce the burden onhelp desks, but they don't eliminate it.

''You still sort of walk the user through the install and help them run[anti-spyware programs],'' says Richard Stiennon, vice-president ofthreat research at Webroot Software, a spyware-blocking vendor. ''Youcannot rely on the user to run the scan,'' agrees Deason.

Moreover, a typical free spyware scan finds and eliminates existingspyware, but does nothing to prevent new infections.

Dealing with the Threat

Once you decide to handle spyware at the enterprise level, what's thenext step? Experts say you need more than just a new products (thoughthat may be part of the solution). A multi-faceted approach works best:

  • Lock it down. Limiting users' ability to visit certain Websites known to be spyware hotbeds (such as pornography, gambling, andpeer-to-peer file-sharing sites) may not make you popular, but it willcertainly cut down on the help desk's cleanup duties. However, someflexibility is required. ''Power users'' who want freedom to downloaduseful software programs are often some of the most productive employeesin a company. IT must weigh this freedom and productivity against thebenefits of lockdown.
  • User education. ''Over time, users have learned not to opensuspicious [email] attachments,'' points out a recent Forrester ResearchInc. report. David Friedlander, a Forrester analyst and author of thereport, says if organizations work continuously to teach end users aboutthe risks surrounding spyware, similar results are possible.
  • Browser security settings. Most enterprises give users freerein over their Web browser settings. But according to Friedlander, ifthe security setting is not 'medium' or higher, ''any site can install asigned Active X control, including spyware, without triggering a warningdialog box.''
  • Patch it up. Spyware, like viruses and other malicious code,often exploits known security holes. According to both Forrester andWebroot's Stiennon, paying attention to patch management cansignificantly cut down on spyware threats.
  • Evaluate enterprise-grade products. As noted above, there aresolid downloads available to scan and eliminate spyware at the individualdesktop level. Lavasoft's Ad-Aware and PepiMK Software's SpyBot Searchand Destroy are examples. But free versions of these tools, designedoriginally for consumers, lack both central management and proactivecapabilities. Several vendors have set out to fill this void, includingWebroot (SpySweeper Enterprise); Computer Associates International(eTrust PestPatrol); TechAssist (Omniquad AntiSpy Enterprise Edition);and InterMute (SpySubtract Enterprise Edition).

    For IT, the major benefit offered by these products is their ability toproactively ''blacklist'' known spyware types. At the Alaska NativeMedical Center, Deason recently purchased InterMute's SpySubtract. Shesays she and the help desk noticed an astonishing change almostimmediately. ''In the first 10 days we've had it, I cleaned up close to30,000 threats,'' Deason says, including 1,600 on a single PC.

    What impressed her, though, was the tool's ability to keep those threatsfrom returning. ''It really is a set-it-and-forget-it deal,'' Deasonadds.

    Most vendors of enterprise-grade anti-spyware applications upgradetheir databases weekly or immediately after a new threat is discovered.

    There's no reason to believe that the people who create and distributeadware and spyware plan to quit anytime soon. For that reason, ITorganizations need to recognize spyware as a genuine threat -- and defendthemselves accordingly.

    For more information on spyware protection and removal, visit Intranet Journal's Spyware Guide.


    Loading Comments...