Scribd
Upload
51 views

Unit 3 - Spyware

Spyware has become a major problem for businesses according to IT managers and security firms. It is estimated that 70% of computers at one company encountered spyware in the past 18 months, slowing systems and requiring many staff hours to fix. Another company reported dealing with 8-10 spyware incidents per week, taking 2 hours to a full day to resolve each one. Microsoft is working to address spyware with tools included with newer versions of Windows, but migration to the Firefox browser may also help as it is seen as more resistant to spyware than Internet Explorer. Regardless of how systems get infected, the effects of spyware like performance issues and security vulnerabilities cost businesses time and money to address.

Uploaded by

chunkymonkey323
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
51 views

Unit 3 - Spyware

Spyware has become a major problem for businesses according to IT managers and security firms. It is estimated that 70% of computers at one company encountered spyware in the past 18 months, slowing systems and requiring many staff hours to fix. Another company reported dealing with 8-10 spyware incidents per week, taking 2 hours to a full day to resolve each one. Microsoft is working to address spyware with tools included with newer versions of Windows, but migration to the Firefox browser may also help as it is seen as more resistant to spyware than Internet Explorer. Regardless of how systems get infected, the effects of spyware like performance issues and security vulnerabilities cost businesses time and money to address.

Uploaded by

chunkymonkey323
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Spyware: IT's public enemy No.

1
(by Guest Contributor | Jan 20, 2005 3:45:00 PM TAGS: Guest Contributor Source:
TechRepublic.com )
What's the biggest threat to business networks in 2005? Front-line IT managers and security firms increasingly
peg spyware as public enemy No. 1.

"We now often scan for spyware before we check for viruses"
-- Dave Higgins, Saturn Electronics & Engineering

At Saturn Electronics & Engineering, a Detroit-based provider of manufacturing outsourcing services, the
problems began last summer. The company's 500 users noticed that Web browsing was sometimes slow. Very
slow. IT Manager Dave Higgins suspected virus activity, but manual virus scans turned up nothing. He then
scoured the machines with Lavasoft's Ad-Aware and found the culprit: spyware. Once removed, the systems
returned to normal operation.
"We now often scan for spyware before we check for viruses," Higgins said. "We are currently seeing Bargain
Buddy, GAIN, b3d projector, Gator, n-Case, SaveNow, Search Toolbar, Webhancer, (and) Search Assistant."
Putting spyware first may become standard operating procedure this year. Businesses report spyware incidents
rising sharply in recent months, and many IT departments have been on the receiving end of a nasty wake-up
call. Typically associated with unprotected home PCs, spyware could soon qualify as the top security headache
in the corporate world.

"An incredible problem"


At Southwire, a producer of building wire and utility cable, at least 70 percent of the company's 2,500 computer
users encountered some form of spyware in the last 18 months. That's according to Tim Powers, a senior

network administrator at the Carrollton, GA, firm. "Spyware is becoming a larger and larger problem for our
desktop support staff," he said.
It's a similar situation at Time Warner Cable in Greensboro, N.C. "We get all kinds of spyware problems," said
Sanjeev Shetty, director of information technology services for the 450-user location. "We had one PC that had
1,400 pieces of spyware on it." Shetty estimated that his staff deals with 8-10 spyware-related incidents per
week. "It can take anywhere from two hours to all day to fix these. With a limited staff, this can really tie up
resources."
Spyware poses challenges for other kinds of institutions as well. At Marist College in Poughkeepsie, NY, the IT
department devotes upwards of 90 percent of its resources to combating spyware and issues related to it,
according to Analyst Dave Hughes in the school's ResNet department. "ResNet as a whole has spent thousands
of hours running spyware scans and other removal tools," he said.
"It's an incredible problem," added Kathleen LaBarbera, Marist's manager of operations and ResNet. "Spyware
on a PC can be just as dangerous as having a virus. Most PC users have heard of spyware, but don't really know
what it is or does."

Do you mean adware, malware, Trojans?


Many analysts and administrators agree that while spyware's impact is rising, its definition remains elusive.
The umbrella term most commonly refers to a wide range of unethical software, from difficult-to-uninstall
toolbars to home-page hijackers and pop-up window generators. In a new poll of security administrators and IT
managers, conducted by security firm WatchGuard Technologies, 50 percent of respondents said the vast
majority of users don't know what spyware is.
Two-thirds of respondents said they feel less protected against spyware than against phishing or viruses. And
the kicker: 67 percent of the IT professionals in WatchGuard's survey cited spyware as the greatest security
threat to their networks in 2005.

The problem has become so serious that Microsoft is working to combat it at the OS level. With 2004's release
of Windows XP SP2, the company retrofitted Internet Explorer with a pop-up blocker and gave users a morerobust firewall. In early January, Microsoft unveiled Windows AntiSpyware for Windows 2000, XP, and Server
2003. The software is a rebranded collection of utilities from Giant Software, which Microsoft purchased late
last year. The package promises not only spyware detection and removal but also real-time protection. (Many
other free utilities must be run manually.) Currently in beta, Windows AntiSpyware will be free until July, at
which time Microsoft is expected to charge for the software and service.

The Firefox solution


What remains to be seen is whether these efforts can keep users from migrating to Mozilla's Firefox. Part of the
attraction of the open-source browser is its reputation as being significantly more spyware-proof than Internet
Explorer. Corporations have been slower than individuals to change browsers, citing compatibility concerns,
but many IT departments are taking a close look at Firefox.
"We have been evaluating Firefox as a more secure browser to help prevent all malware infections," said
Higgins of Saturn Electronics. "Currently, it runs about 90 percent of our intranet applications."
"Internet Explorer is an inherently vulnerable browser, partly because it has such a high user base and also due
to poor coding by Microsoft," said Hughes. "Here at Marist, we recommend that users use (it) only for Internet
Explorer-specific tasks, such as Windows Update, and use Mozilla Firefox for all other browsing."
With spyware attacks now coming from even the most innocuous-seeming software, enterprises may decide to
follow suit. Security researchers at Panda Software recently discovered a pair of Trojans -- programs that let
outsiders make changes to a user's PC, including loading other spyware -- that leverage DRM (digital rights
management) technology built into Windows Media Player. When a user attempts to download a license
requested by WMP, the Trojans redirect the browser to a Web site that attacks the user's system with a barrage
of spyware.

"Spyware costs money"


Regardless of how a PC gets infected, the results can be serious: compromised company security, overloaded
networks, and significant user downtime and inconvenience. Although the symptoms of a system that's
overwhelmed with spyware vary, the primary indicators include sluggish performance, broken Internet
connections, and possibly even an unusable PC.
"We've seen individual issues ranging from hijacked home pages and pop-ups to aggravatingly slow
performance to completely unstable platforms," said Nick Twentyfive, senior network analyst for CTG, an IT
and outsourcing solutions company in Buffalo, N.Y. "Back doors installed by spyware can be used by third
parties for more serious security breaches. Lost network bandwidth and computer performance reduces
productivity. Basically, spyware costs money."
And the problem isn't going away anytime soon. "Spyware's getting harder and harder to remove," he said.
"Some of the spyware variants out now have forced anti-spyware companies to make targeted plug-ins to
properly deal with them. That's just evil."

"Businesses have the talent and budget to create and enforce policies that
prevent staffers from installing things themselves."
--Jeff Duntemann, author

Perhaps unsurprisingly, as of mid-January a pair of anti-spyware utilities -- Lavasoft's Ad-Aware SE and


PepiMK Software's Spybot Search & Destroy -- ranked as the No. 1 and No. 2 most popular downloads at CNET
Download.com. But at least one observer thinks the spyware epidemic is overblown, at least where corporations
are concerned.
"Much or even most spyware comes from consumers installing 'free' content or software that they shouldn't,"
said Jeff Duntemann, author of Degunking Your Email, Spam, and Viruses. "At the enterprise level, businesses
have the talent and budget to create and enforce policies that prevent staffers from installing things
themselves."
Southwire's Tim Powers disagrees: "Misspell a common domain name and you are likely to land on a domain
that will inject spyware into your PC." For users today, he said, "It is difficult to avoid getting spyware if you
surf the Internet at all."

You might also like