In order to adequately address and prevent the problems associated with spyware, a company must first define what it means to them and work outward from that definition. For some organisations, spyware refers to any application a user has installed that hasn’t been approved by IT, Human Resources, or the Legal department. It doesn’t matter what it does, nor is it relevant as to whether the spyware is ‘legitimate’ or ‘illegitimate’– if it hasn’t been approved, the application would have no reason to be on the desktop. It is also common to confuse the term ‘spyware’ with alternate vectors for well-known viral attacks such as worms, Trojans, or RATs. Although anti-virus vendors have rushed to capitalise on this misconception, there are key differentiators between spyware and malicious applications designed to wreak havoc. Spyware is an executable program covertly installed onto the desktop – and then the network – with or without the user’s permission. It monitors a person or organisation without their consent, broadcasting back information to an outside party controlling the program. Worms and Trojans don’t share this characteristic.
If spyware were merely defined as unauthorised installation of unapproved applications, then traditional anti-virus solutions would be a good enough solution to preventing any possible infection they may introduce. However, many unauthorised applications (such as games, P2P or IM) are designed to carry spyware in a piggy-back fashion, launching the malicious payload when the innocuous application is executed on the desktop.
When What You Have Is Not Enough
Current enterprise security infrastructure is a complex collection of separate solutions requiring various bouts of patching and updating. At any given time, one or more critical pieces of the infrastructure are vulnerable to a security breach. Due to the overwhelming nature of globally dispersed networks, patching, scanning and analysing could easily turn into a full-time job that no IT department is adequately suited for.
There is never a single point of failure in a network breach. Threats permeate the enterprise from every conceivable angle necessitating a layered approach to security that may include firewalls, IPS and anti-virus solutions. These applications are fully capable of defending the network perimeter, yet however robust, they are woefully inadequate at defending against the most prevalent means of spyware propagation – the internal user. In fact, most users are apt to bypass or disable such preventative software if they are able, especially when it stands between them, and the latest “must have” download.
Though “spyware blocking” is the new claim to fame for trend-setting vendors, true effectiveness requires a comprehensive solution that is both scalable and evolutionary.
Many companies think that deploying free spyware trap solutions is all that needs to be done to prevent their network from being infected. The truth is that applications such as Ad-aware, Spybot, and Microsoft Anti-Spyware, while useful in the right circumstance, are largely ineffective at defending the enterprise network.
Free spyware applications are designed for a single PC, hence the requirement to manage them at the individual PC level. While this is not an issue for a home user, it would be completely impractical for an organisation with even a handful of PCs.
Freeware solutions are purely focused on the effect of spyware and not the root cause. Due to its “one shot” nature, it does not provide for frequent updates to its signature files rendering it an incapable defence against evolving security threats.
From an organisational stand point, the biggest problem with freeware is the reliance on users to ensure it runs and is up to date. Since we are arguing that users introduce spyware through the installation of junk, if they want that junk and the freeware prevents them, they will just turn it off completely. That is an untenable situation in an organisation.
Also, the freeware asks users to accept or deny what it detects. Users cannot and should not be allowed to make critical security decisions on behalf of the organisation. That’s not their job. It’s the job of Management, HR, Risk Management, the CFO and/ or the MD to decide what is and is not allowed inside the wire.
Experts advise against the implementation of freeware as a means of proactively blocking spyware. The seriousness of the spyware threat has grown exponentially over the past 2 years, causing untold financial and legal damages to victimised companies. Confidential records can be exposed, stolen and sold on the open market. Intellectual property and operational data is transferred to competitive sources, and corporate security is critically compromised through digital eavesdropping and file shopping.
The cost of purchasing an active scanning, memory resident, enterprise-class anti-spyware solution far outweighs the risks associated with inadequate or outdated network protection.
It Isn’t a Policy Unless it’s Enforced
Spyware is an opportunistic application whose pervasiveness on the network almost always requires user introduction at the desktop. Whether by naively clicking through pop-ups or by purposefully installing unapproved and dangerous applications, if there is an instance of spyware, there is likely a user behind it.
While implementing a clear and acceptable use policy can serve to educate the user population about opening attachments or downloading content, policy definition becomes a useless exercise when not coupled with robust solutions and proactive, consistent policy enforcement.
Pending legislation means that employers will be responsible for reigning in staff internet use to minimise privacy violations, legal liability, security threats and network integrity. Despite the need for fortified parameters, an organisation cannot rely on managers alone to enforce the company policy or expect users to self-enforce. In general, users are likely to utilise corporate assets to check their web mail or view holiday photos on their lunch break, believing it is acceptable during “off” hours.
Solutions-Based Enforcement
Policy enforcement can be successfully addressed from a solutions-based perspective. In order to be effective, vendor-based tools should provide automated, comprehensive and customisable management capabilities. Granular visibility into network activity provides IT with the ability to electronically enforce policies in real-time, at the point of violation – preventing possible loss, improper access and damage to the network.
There are a number of things companies can do to greatly minimise spyware threats.
As a common course of action, all organisations should employ a web filter to prohibit users from visiting known spyware and drive-by download sites. It should also prevent communication with home office sites.
Companies also need an effective e-mail filter capable of blocking spyware from entering the network via active HTML, attachments, phishing, spam and other e-mail-borne vectors. This is critical to securing the corporate communications medium. Blocking, however, shouldn’t stop with e-mail. There should also be something at the desktop level to prevent the introduction of spyware before it’s saved and running.
Lastly, companies should implement a solution that disallows running or installing programs that in turn, install spyware. Operating-level systems are not enough as they can easily be tricked or circumvented.
An extremely effective cure for an infected network is to remove the ability to introduce symptoms in the first place.
Subscribers 0
Fans 0
Followers 0
Followers