# It's Time IT Seriously Battles Spyware



## CTSNKY (Aug 7, 2004)

It's Time IT Seriously Battles Spyware
January 20, 2005
By Steve Ulfelder


There was a time when spyware was low on an IT department's priority list. End users thought to be lugging around lots of spyware were simply pointed toward one of several good (and free) desktop spyware-scan sites and told to take it easy on the games, screen savers, and other likely culprits. 

But that time is long gone. 

Today, spyware is a serious productivity drag -- the bane of all help desks, and a potential threat to data security. For these reasons, IT organizations are stepping up their anti-spyware efforts by educating users, locking down desktops, and considering enterprise-grade software that not only finds existing spyware, but blocks new infections. 

A Job for IT 

A useful definition of spyware is: A piece of code that monitors computer users' actions without their genuine consent. The word ''genuine'' is important because frequently, users click an ''I Agree'' box indicating that they understand what they're getting -- but almost nobody reads the contract. Adware is frequently viewed as less malicious than spyware, but it usually includes components that track end-user information, so IT managers should consider it spyware as well. 

However spyware makes its way to a computer -- piggybacking on a free screensaver download, sent via email as a virus, or through a deceptive pop-up ad -- it brings several negative side effects. PCs infected with key-logging spyware, for example, could potentially be used by corporate spies or identity thieves to steal company or personal information. 

But the most common impact of spyware, by far, is slow performance. And that's where IT comes in. 

The number and percentage of help desk calls related to spyware has gone through the roof in recent years. Depending on which analyst firm or large company you ask, 20 percent to 33 percent of all help desk calls are spyware-related. 

At the Alaska Native Medical Center, the problem reached critical mass late last year. ''We were spending an inordinate amount of time cleaning up PCs,'' says Chris Deason, network manager at the Anchorage hospital, which has about 1,400 PCs. ''I can think of one tech who spent 10 to 20 hours a week'' on the task, she adds. 

Until quite recently, many company help desks steered end users to one of many good spyware-cleanup programs -- which, ironically, are often available as free downloads themselves. 

However, those programs have limitations. They may reduce the burden on help desks, but they don't eliminate it. 

''You still sort of walk the user through the install and help them run [anti-spyware programs],'' says Richard Stiennon, vice-president of threat research at Webroot Software, a spyware-blocking vendor. ''You cannot rely on the user to run the scan,'' agrees Deason. 

Moreover, a typical free spyware scan finds and eliminates existing spyware, but does nothing to prevent new infections. 

Dealing with the Threat 

Once you decide to handle spyware at the enterprise level, what's the next step? Experts say you need more than just a new products (though that may be part of the solution). A multi-faceted approach works best: 


Lock it down. Limiting users' ability to visit certain Web sites known to be spyware hotbeds (such as pornography, gambling, and peer-to-peer file-sharing sites) may not make you popular, but it will certainly cut down on the help desk's cleanup duties. However, some flexibility is required. ''Power users'' who want freedom to download useful software programs are often some of the most productive employees in a company. IT must weigh this freedom and productivity against the benefits of lockdown. 

User education. ''Over time, users have learned not to open suspicious attachments,'' points out a recent Forrester Research Inc. report. David Friedlander, a Forrester analyst and author of the report, says if organizations work continuously to teach end users about the risks surrounding spyware, similar results are possible. 

Browser security settings. Most enterprises give users free rein over their Web browser settings. But according to Friedlander, if the security setting is not 'medium' or higher, ''any site can install a signed Active X control, including spyware, without triggering a warning dialog box.'' 

Patch it up. Spyware, like viruses and other malicious code, often exploits known security holes. According to both Forrester and Webroot's Stiennon, paying attention to patch management can significantly cut down on spyware threats. 

Evaluate enterprise-grade products. As noted above, there are solid downloads available to scan and eliminate spyware at the individual desktop level. Lavasoft's Ad-Aware and PepiMK Software's SpyBot Search and Destroy are examples. But free versions of these tools, designed originally for consumers, lack both central management and proactive capabilities. Several vendors have set out to fill this void, including Webroot (SpySweeper Enterprise); Computer Associates International (eTrust PestPatrol); TechAssist (Omniquad AntiSpy Enterprise Edition); and InterMute (SpySubtract Enterprise Edition). 
For IT, the major benefit offered by these products is their ability to proactively ''blacklist'' known spyware types. At the Alaska Native Medical Center, Deason recently purchased InterMute's SpySubtract. She says she and the help desk noticed an astonishing change almost immediately. ''In the first 10 days we've had it, I cleaned up close to 30,000 threats,'' Deason says, including 1,600 on a single PC. 

What impressed her, though, was the tool's ability to keep those threats from returning. ''It really is a set-it-and-forget-it deal,'' Deason adds. 

Most vendors of enterprise-grade anti-spyware applications upgrade their databases weekly or immediately after a new threat is discovered. 

There's no reason to believe that the people who create and distribute adware and spyware plan to quit anytime soon. For that reason, IT organizations need to recognize spyware as a genuine threat -- and defend themselves accordingly.


----------

