Spyware: I.T.'s public enemy #1 for 2005.
Considered to be the biggest threat to business networks in 2005, Front-line IT managers and security firms increasingly peg spyware as public enemy No. 1.
At Saturn Electronics & Engineering, a Detroit-based provider of manufacturing outsourcing services, the problems began last summer. The company's 500 users noticed that Web browsing was sometimes slow, very slow. IT Manager Dave Higgins suspected virus activity, but manual virus scans turned up nothing. He then scoured the machines with Lavasoft's Ad-Aware and found the culprit; Spyware. Once removed, the network performance returned to normal operation.
"We now often scan for spyware before we check for viruses," Higgins said. "We are currently seeing Bargain Buddy, GAIN (Gator), b3d projector, n-Case, SaveNow, Search Toolbar, Webhancer, (and) Search Assistant."
Putting spyware prevention methods first, may become standard operating procedure this year on corporate networks. Businesses report spyware incidents rising sharply in recent months, and many IT departments have been on the receiving end of a nasty wake-up call. Typically associated with unprotected home PCs, spyware could soon qualify as the top security headache in the corporate world.
"An incredible problem"
At Southwire, a producer of building wire and utility cable, at least 70 percent of the company's 2,500 computer users encountered some form of spyware in the last 18 months. That's according to Tim Powers, a senior network administrator at the Carrollton, GA, firm. "Spyware is becoming a larger and larger problem for our desktop support staff," he said.
It's a similar situation at Time Warner Cable in Greensboro, N.C. "We get all kinds of spyware problems," said Sanjeev Shetty, director of information technology services for the 450-user location. "We had one PC that had 1,400 pieces of spyware on it." Shetty estimated that his staff deals with 8-10 spyware-related incidents per week. "It can take anywhere from two hours to all day to fix these. With a limited staff, this can really tie up resources."
Spyware poses challenges for other kinds of institutions as well. At Marist College in Poughkeepsie, NY, the IT department devotes upwards of 90 percent of its resources to combating spyware and issues related to it, according to Analyst Dave Hughes in the school's ResNet department. "ResNet as a whole has spent thousands of hours running spyware scans and other removal tools," he said.
"It's an incredible problem," added Kathleen LaBarbera, Marist's manager of operations and ResNet. "Spyware on a PC can be just as dangerous as having a virus. Most PC users have heard of spyware, but don't really know what it is or does."
Do you mean Adware, Malware, Trojans.?
Many analysts and administrators agree that while spyware's impact is rising, its definition remains elusive. The umbrella term most commonly refers to a wide range of unethical software, from difficult-to-uninstall toolbars to home-page hijackers and pop-up window generators. In a new poll of security administrators and IT managers, conducted by security firm WatchGuard Technologies, 50 percent of respondents said the vast majority of users don't know what spyware is and what it can accomplish.
Two-thirds of respondents said they feel less protected against spyware than against phishing or viruses. And the kicker: 67 percent of the IT professionals in WatchGuard's survey cited spyware as the greatest security threat to their networks in 2005.
The problem has become so serious that Microsoft is working to combat it at the OS level. With 2004's release of Windows XP, Service Pack 2, the company retrofitted Internet Explorer with a pop-up blocker. Those who have installed the update, also gained a more-robust firewall with the default settings for increased protection. In early January, Microsoft unveiled Windows AntiSpyware for Windows 2000, XP, and Server 2003. The software is a rebranded collection of utilities from Giant Software, which Microsoft purchased late last year. The package promises not only spyware detection and removal but also real-time protection. (Many other free utilities must be run manually.) Currently in beta, Windows AntiSpyware will be free until July, at which time Microsoft is expected to charge for the software and service.
The Firefox solution
What remains to be seen is whether these efforts can keep users from migrating to Mozilla's Firefox. Part of the attraction of the open-source browser is its reputation as being significantly more spyware-proof than Internet Explorer. Corporations have been slower than individuals to change browsers, citing compatibility concerns, but many IT departments are taking a close look at Firefox.
"We have been evaluating Firefox as a more secure browser to help prevent all malware infections," said Higgins of Saturn Electronics. "Currently, it runs about 90 percent of our intranet applications."
"Internet Explorer is an inherently vulnerable browser, partly because it has such a high user base and also due to poor coding by Microsoft," said Hughes. "Here at Marist, we recommend that users use (it) only for Internet Explorer-specific tasks, such as Windows Update, and use Mozilla Firefox for all other browsing."
With spyware attacks now coming from even the most innocuously-seeming software, the corporate world may soon follow suit. Security researchers at Panda Software recently discovered a pair of Trojans -- programs that let outsiders (Hackers) make changes to a user's PC, including loading other spyware. That kind of leverage, DRM (Digital Rights Management) technology is built into Windows Media Player (WMP). When a user attempts to download a license requested by WMP, these Trojans can redirect the browser to an alternate Website that attacks the user's system with a barrage of Malware, attempting to gain control of that computer.
Spyware costs money
Regardless of how a PC gets infected, the results can be very serious, should that PC be on a network, even worse. The results can be compromised company security, overloaded networks, and significant user downtime and inconvenience, and a major issue for IT professionals. Although the symptoms of a system that's overwhelmed with spyware vary, the primary indicators include sluggish performance, broken Internet connections, and if left uncorrected, an unusable PC.
"We've seen individual issues ranging from hijacked home pages and pop-ups, to aggravatingly slow performance to completely unstable platforms," said Nick, senior network analyst for CTG, an IT and outsourcing solutions company in Buffalo, N.Y. "Back doors installed by spyware can be used by third parties for more serious security breaches. Lost network bandwidth and computer performance reduces productivity. Basically, spyware costs money."
And the problem isn't going away anytime soon. "Spyware's getting harder and harder to remove," he said. "Some of the spyware variants out now have forced anti-spyware companies to make targeted plug-ins to properly deal with them.
Originally posted at ZDNet News
Avoiding a Phishing attack
FTC Shuts Down Spyware Web Sites
Phishing Flaw in Alternate Browsers
Pharming for Your Identity
Phishing Hole Discovered in Internet Explorer