Spyware Sneaking into the Enterprise


Once considered strictly a consumer issue, spyware is sneaking into the
enterprise, eating up bandwidth, pumping out unwanted pop-ups, crashing
employee computers and potentially posing a risk to sensitive corporate
data.


“It’s rapidly turning into a very serious problem. Last year, it was mostly
annoying with all the pop-ups, but now it’s leaving behind more serious
problems,” Gartner analyst John Pescatore told
internetnews.com. “In the last six months, it’s one of the top
questions we’re getting.”


Spyware is an all-inclusive term for surreptitious programs that often
piggyback onto a user’s computer on an otherwise authorized download. The
most benign form is adware, which collects personal data and reports
Internet traffic patterns to advertisers.


Marketers claim permissions-based adware holds great potential for targeted
advertising. A number of major advertisers have dabbled with adware as a
means to reach Web surfers.


The more dangerous forms of spyware capture keystrokes or hijack homepages
to serve as platforms to steal passwords and e-mail, as well as to pry into corporate
records.


Compounding the problem is the fact that firewalls don’t prevent spyware from
being installed, although they can keep the uninvited program from sending
out any information it has gathered. Anti-virus programs do not detect the
presence of spyware.


“Employees often download precisely the kinds of applications that include
spyware,” a recent Forrester research report states.
“Surveys of IT staff reveal that spyware is not only present on corporate
PCs but that it is causing problems, as well.”


“There are more options in the enterprise to stop it, but it’s something
enterprises are starting to worry about,” Jan Sundgren, the author of the report, told internetnews.com.
“A lot of employees might have it on
their desktops. Even if it is not sending out information, there can
still be all sorts of related issues, like bandwidth and the use of
resources.”


According to Sundgren, the main problems associated with adware include
unwanted advertising traffic sucking up valuable bandwidth; loss of employee
productivity as users fight pop-ups; and balky, infested browsers resulting in more
work for beleaguered help desks.


“Increased workload [for help desk personnel] is the main effect of adware,”
Gartner’s Pescatore said. “The more malicious form of spyware is where the
real risk is to the enterprise.


“The potential of competitive intelligence and/or regulated
information being stolen by targeted spyware attacks is obviously a serious
threat,” added Sundgren.


In addition to spyware threats from within the firewall, both Sundgren and
Pescatore said the increase in at-home and mobile employees is bringing even
more spyware into the enterprise. Without a personal firewall, keystroke-logging
programs steal employee passwords, which allows bad actors to dance
right into the enterprise.


State legislatures, the Federal Trade Commission (FTC), the U.S. Congress
and the private sector are all stepping into the breach.


The FTC says the
solution is
better technology and training and education about spyware, not state or
federal legislation. Ignoring that advice, Utah has already passed an
anti-spyware bill and
federal
legislation
is currently cooking in Congress.


The consumer anti-spyware programs the FTC has recommended have been
available for several years, but enterprise versions are just now reaching
the market. The industrial-strength programs provide for centralized
administration and reporting, allowing security administrators to establish,
monitor and enforce policies across all desktops.


Symantec and Network Associates
are both adding anti-spyware components to their
enterprise packages. And in early June, PestPatrol, a consumer anti-spyware dealer, released
what it calls the “industry’s first centrally managed anti-spyware solution
for corporate networks.”


“With this version, we separated the management interface from the scanning
engine, which allows the administrator to scan entire network desktops with
extremely compact and efficient executables,” said Roger Thompson, vice president
of product development for PestPatrol.


According to Thompson, at least “50 to 60 percent” of enterprise systems have
unsolicited adware embedded on user computers. Detection and removal require
specialized programs, because another insidious effect of spyware is that it
installs itself very deeply in a system, sometimes creating thousands of
registry entries.


“It reminds me of the early days of the anti-virus industry,” Thompson said.
“People know something about it, but not a lot. There is no doubt it is a
corporate issue. We can see the pull by the number of companies wanting to
know more about it.”


Thompson said he supports a combination of legislation and technology to
harness the spyware problem for both consumers and corporations.


“Four years ago, spam was just a nuisance. Now, without legislation and
technology, most people’s e-mail systems would be unusable,” he said.
“Maybe people just need to be smacked a bit.”

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web