Snagging Spyware

By Jeanette James

(Back to article)

It all started with adware, that pesky software intended to track online movements in order to make marketing more targeted. But today, adware has spawned spyware, a serious and growing problem for CIOs across the country.

Today's spyware observes and captures corporate data, network-access information and product secrets, rather than just serving up unwanted online advertisements.

As the Gartner Group put it in a report last year, spyware has evolved from "an occasional nuisance to something that wastes IT-user and technical-support resources, and compromises the integrity of corporate systems, applications and data."

Spyware usually involves an executable file that infects computers either through a visit to a particular Web site or through an e-mail attachment. It often includes a Trojan horse or keystroke logger.

In addition to revealing company secrets, a bad case of spyware can disrupt corporate productivity at companies that use a browser to access CRM or ERP applications.

"If the delivery platform is compromised by spyware, it can make the enterprise application unusable," said Andreas Antonopoulos, a senior vice president at Nemertes Research in New York.

In its recent benchmark survey, which included dozens of in-depth interviews, most IT executives said spyware is a "growing problem." More than four-fifths of IT executives said spyware is a pressing issue that makes it difficult for the IT staff to manage desktops. Further, nearly a quarter of executives interviewed identified spyware as a "serious problem."

Some CIOs are reacting. According to Forrester Research, 65% of companies will invest in anti-spyware tools this year. But finding the right application and managing it properly can be challenging, given the sophistication of today's spyware.

"Spyware has appeared on the information security scene suddenly, and many companies aren't sure how to address the problem." Nemertes concludes in its benchmark survey.

Spy Catching

Companies with a high percentage of remote users are often at the greatest risk because employees log-in from non-enterprise computers without adequate spyware protection.

"Our main concern was our remote users using non-managed systems, that may have been compromised and then used to connect to our remote access solution, said Michael Roberti, information-systems security manager at the Melbourne, Fla.-office of Harris Corp., a large international communications-equipment company.

"We want users to be able to access Harris from anywhere to check mail and get work done."

But software meant to protect users from spyware often relies on "signatures" that are collected globally as spyware attacks occur. Such software can't protect companies from so-called "zero-hour" attacks that occur before a spyware application's signature can be noted, tracked or blocked, however.

To get around this, Harris went with Confidence Online, a zero-hour security solution from WholeSecurity of Austin.

"Because Spyware is relatively new and is not very noticeable, a behavior-based solution is necessary," Harris said, referring to the way Confidence Online analyzes online behavior to spot so-called "malware" (which includes things such as viruses, keystroke loggers and Trojan horses). "You're always worried about zero-day attacks."

Today, Harris runs ConfidenceOnline on 6,000 internal machines and is rolling it out to 6,000 more. A pilot test for 12,000 external, remote users is scheduled to begin in June.

Words to the Wise

For CIOs who think spyware is not an issue on their network, it would be wise to think again.

"Take it seriously," Roberti advises. "It's probably a problem for CIOs even if they don't know it. If you're susceptible to adware, you're definitely susceptible to spyware. Even if you use two-factor authentication, spyware can still monitor data going across the network."

If it's hard to get the budget to deal with spyware, Nemertes recommends configuring help-desks to track "spyware" as a problem category in order to weigh its impact more accurately. That may help you get the funds you need.

Roberti recommends that CIOs head off potential resistance from users with education and the option to run the corporate anti-spyware application on home machines that are used to access the corporate network.

"Sell it as a benefit to users," Roberti said. "Put a positive spin and explain it to them so they will embrace it."

Of course, a spyware solution won't solve all of a CIO's security concerns and should be used in conjunction with other security solutions.

When choosing among solutions, most firms currently prefer an exceptional one-off solutions to a big-name, all-in-one option, according to Forrester. About two-thirds of companies Forrester surveyed this year said they prefer best-of-breed anti-spyware products.

As the market consolidates, however, more companies will turn to integrated suites, Forrester predicts, noting that consolidation among spyware vendors is already underway with Trend Micro's recent $15 million acquisition of InterMute (the maker of SpySubtract).

To be sure, the spyware-protection market is still young and subject to major changes. CIOs can protect themselves with short licensing contracts of one year. That way, new buying decisions can be made as better solutions become available.