PC Registry Repair
Spyware
Spyware – Understanding and Addressing The Risks – Part Two
Mitigating the Risk
The main technologies available to mitigate against the risks associated with “Spyware” within the enterprise environment are discussed below.
Mitigation techniques are two-tiered or two-part – at the gateway and at the desktop level.
Desktop Protection
At the desktop or client there are notably three technologies available to mitigate against the risks posed by “Spyware”. These are personal firewalls, dedicated anti-spyware programs, and traditional desktop anti-virus (AV) tools.
AV
In some respects forms of “Spyware” strongly resemble viruses. They are uniquely identifiable, can be detected by scanning the client machine and are sometimes packaged as a set of files that can be removed to clean up the infected system. However many forms of “Spyware” do not reside on disk as persistent files – such as hostile ActiveX and Java applets. The motives, delivery mechanisms and often the removal of “Spyware” is different however from the protocols followed for viruses and worms.
“Spyware” is also different in that there is no one definition agreed on what constitutes “Spyware”. Some programs that might be classed as “Spyware” – such as Microsoft’s Windows Update Notifications – are useful, disclose their tracking capabilities, do not disrupt desktop operation impacting user productivity, and are distributed by responsible companies. “Spyware” therefore needs to be classified and identified by the actions it performs and the level of risk – complicating detection and removal, as the users must be given a choice over what is permitted.
AV vendors – notably Trend Micro, McAfee and Symantec – already have software that is very good at scanning files before they execute. The software also has mature enterprise management suites and the vendors have support teams in place to handle enterprise customers’ needs. However the AV vendors have been slow at adding anti-spyware capabilities to their products. The AV vendors however will catch up – Trend Micro acquired private start-up InterMute in May of this year, the first acquisition the company has ever made. In 2004 CA acquired PestPatrol and added PestPatrol to the eTrust suite.
Independent reviews and tests show repeatedly that AV tools are not as good at catching “Spyware” as dedicated anti-spyware programs. Whilst AV tools may detect 99% of viruses this number falls considerably to perhaps 70% – when considering “Spyware” programs.
Using the next releases of desktop AV tools to protect desktops against “Spyware” is extremely attractive to enterprises. There is no need to deploy yet another software agent on every machine within the desktop population, there is no need to monitor yet another ‘console’. AV already incorporates the management features that enterprises require – such as ‘headless operation’ and centralised reporting. Enterprises achieve greater consistency with standardisation on a smaller number of vendors, leading ultimately to cost efficiencies.
Dedicated Anti-Spyware Programs
There is an ever-increasing list of dedicated anti-spyware programs available from vendors including Webroot (who have just secured $108million in venture capital funding), LavaSoft and Pc Tools. Ad-Aware from LavaSoft is the most popular product with some 128 million downloads to date. Other notable products include SpyBot Search and Destroy, CounterSpy and Spyware Eliminator. Microsoft has also entered the market with Windows Antispyware – available as a beta for download from their web site – following their acquisition of Giant Company Software.
Whilst dedicated anti-spyware programs are more effective today at detecting and removing Spyware than AV products this will change over the forthcoming quarters. Most of the dedicated anti-spyware offerings are available as free downloads aimed at consumers / individual users and not at large enterprises. Site licensing is rarely available for example. Some of the emerging vendors, including FBA Software and Tenebril, have enterprise offerings on their roadmaps. However these companies are small, lack corporate / financial stability in some cases, and typically do not have the support teams and infrastructure in place to handle large enterprise customers.
Orthus are of the view that many standalone dedicated anti-spyware programs will cease to exist in the relatively near future and the dedicated anti-spyware market will not be significant in years to come as established vendors offer integrated AV/anti-spyware/personal firewall products.
Personal Firewalls
Just as AV tools now include some “Spyware” protection so many of the personal firewalls available offer a level of protection as well. These include McAfee, Check Point (following the acquisition of Zone Labs in early 2004 and the subsequent release of the Integrity product) and Internet Security Systems (ISS) with the release of Proventia Desktop in March 2005. Sygate is following a similar path to Check Point and ISS.
Personal firewalls are recommended for particularly mobile clients that are regularly taken outside of the corporate perimeter and used to access corporate systems from DSL connections in the home and public WLAN hotspots, where typically direct Internet access is also allowed. They are also recommended for fixed desktop and mobile clients in smaller locations where there is little or no gateway level protection in place and where again direct Internet access is available from those locations.
Gateway Protection
Desktop protection is only half of the story when it comes to “Spyware” protection. Gateway level protection is also available.
Blue Coat offer a range of proxy appliances that, in conjunction with popular URL filtering solutions, offer a strong defence against “Spyware”. “Spyware” often secretly installs via “drive-by” installers, which install “Spyware” in the background without any user interaction. Blue Coat combats this with anti-spyware policy controls that inspect, filter and block web content associated with “Spyware” installation software. This preventive approach is critical when “Spyware” originates from an unknown web site – not yet categorised within URL filtering solutions – and when there is no known signature available to detect the malicious program.
Gateway protection incorporating a strong URL filtering solution is particularly good in preventing programs on infected systems from sending information back to “Spyware” sites, mitigating against the productivity impact of Adware but also the more serious privacy and data leakage concerns associated with more malicious code. URL filtering solutions also offer some protection from infection in the first place by preventing users from visiting known infected sites.
Gateway solutions typically incorporate logging and reporting features that can be used to identify infected systems thus facilitating a targeted “Spyware” clean-up periodically. This capability is also useful to target mobile clients (notebook PCs) that are not protected with Personal Firewalls that become infected whilst outside the corporate perimeter.
Recommendations
In light of the above Orthus suggest that enterprises take the following approach to mitigating the risks posed by “Spyware” today :
- deploy gateway “Spyware” protection to prevent back-channel communication by infected systems augemented with a leading URL filtering solution.
- use granular reporting capabilities from gateway solutions to identify infected systems and choose a dedicated anti-spyware tool to clean-up infected systems on a case-by-case / ad hoc basis.
- do not deploy dedicated anti-spyware programs across the desktop population – instead wait for AV vendors to add strong anti-spyware capabilities in future releases.
- force remote office branch office based systems to access the Internet via the corporate gateway (where gateway anti-spyware protection exists).
- for remote and mobile clients, in addition to AV, install a recognised personal firewall to increase protection.
educate staff making them aware of the risks of “Spyware”, how systems are typically infected and how to close pop
About the Author
Sean Bennett is Commercial Director at Orthus limited (http://www.orthus.com). Orthus is a leading provider of information risk professional services, helping orgnisations globally to measure, minimise and manage the information risks they face. Orthus provide end to end services for clients to comprehensivly address risk in their environments including Insider Threats, addressing issues including data leakage, sabotage and fraud; External Threats (http://www.orthus.com/dr_overview.htm) including wireless security, penetration testing, virtualisation security, vulnerability management and Secure Software Development Life-Cycle; Supply Chain Threats including securing cloud services and data processed by third parties; and Legal and Regulatory challenges including Payment Card Industry (PCI) Data Security Standard (DSS).
Spyware Rubbernecking
|
|
Spyware $19.99 Samantha Logan (Tasha Standridge) is a computer programmer in Silicon Valley. When she suspects she is the target of a tech-savvy internet predator, she turns to her teacher, John Roberts (Tom Post), for help. As the threat becomes more personal, they join forces in an attempt to discover the identity of the killer before it is too late.This product is manufactured on demand using DVD-R recordabl… |
|
|
Computer Optimization, Networking & Security (High Definition) $150.00 Computer performance, networking and security have been the major concerns for all Windows users. Many Computer Geeks claim they have software to install on your PC that will eradicate these problems. Other charges huge some of money to fix the same problem. What they fail to tell to is that your computer already has the tools built-in to handle the optimization, networking and security essentials… |
|
|
End Spyware Forever! $12.35 Slow Computer? Annoying Pop-Ups?? Internet Browsing Difficult?? As the internet has become more and more a part of our everyday lives, corporations and mass marketers have become more and more interested in where we go on the internet, how we get there and how long we stay at a particular site. They find it particularly valuable to know what products we purchase, what products we look for and how … |
|
|
A.S.F – Anti-Stress Factors 60 Caps – Solaray $11.59 This formula is intended to provide nutritive support for normal, healthy well-being during stressful periods. Guaranteed Potency (GP) Valerian extract and the extracts of Passion Flower and Chamomile have also been added to support a normal, healthy calm disposition. Ideal for Most FOOD-SENSITIVE Individuals With B-Vitamins, Guarenteed Potency Herbs and Magnesium…. |
|
|
Dell Optiplex GX620 Desktop Computer With LCD Monitor $499.00 This computer has been refurbished by a Microsoft Authorized Refurbisher. It includes an Original Genuine Licensed Windows XP Operating System with a new sealed Official Microsoft CD from a Microsoft Authorized Refurbisher. Beware of Software Piracy. Many other sellers offer a non-original copy of Windows XP. A non-original or counterfeit copy may leave your computer at risk and inhibit your right… |
|
|
Cisco ASA5505-BUN-K9 ASA 5505 10 User Security Appliance $469.99 8 x 10/100Base-TX LAN, 1 x Console Management, 3 x USB 2.0 – VPN/Firewall… |
|
|
Kaspersky Anti-Virus 2012 – 3 Users $13.00 Kaspersky Anti-Virus 2012 is the backbone of your PC s security system delivering real-time protection from the latest malware and viruses. It works behind-the-scenes with intelligent scanning and small frequent updates while proactively protecting you from known and emerging Inter threats. Enjoy essential protection that won t slow you down with Kaspersky Anti-Virus 2012.Key Features: Real-time p… |
|
|
Mini Romote Control Key-shaped Spy Camera Digital Video Recorder $9.19 This is a Mini Romote Control Key-shaped Spy Camera Digital Video Recorder. Unique design and multi-function. Very easy to use and long time recording available. Specifications:1.Video code: M-JPEG 2.Video resolution: 720 x 480 Pixels 3.Photos format: JPG 4.Recording format: Wav 24khz 5.Image ratio: 4:3 6.Supporting systems: Windows me / 2000 xp / 2003 vista, Mac OS 10.4, Linux 7.Charging voltage:… |
|
|
Spyware for Breakfast White T-Shirt by CafePress $32.50 You wouldn’t judge a book by its cover, just as you wouldn’t judge a person by their shirt. No wait, yes you would. This is anything but a plain white-t. Be comfortable in this cotton shirt, and show off your style and personality in the process.6.1 oz. 100% cotton Standard fit Tee, TShirt, Shirt. About our White T-Shirt: You wouldn’t judge a book by its cover, just as you wouldn’t judge a person … |
|
|
Spyware $6.39 This book is in New – Excellent condition |
|
|
Spyware And Adware $73.92 Spyware and Adware introduces detailed, organized, technical information exclusively on spyware and adware, including defensive techniques. This book not only brings together current sources of information on spyware and adware but also looks at the futur |
|
|
Spyware Doctor $29.95 Preisgekrönter Schutz vor Spyware zur Absicherung Ihres PCs vor Bedrohungen von Daten und Tracking. |
|
|
Barracuda Spyware Firewall 910 BYF910A1 $10491 Barracuda Spyware Firewall 910 BYF910A1 |
|
|
Spyware Doctor mit AntiVirus $39.95 Preisgekrönter Spyware und Virusschutz f?r Ihren Computer, um Ihre Privatsph?re zu sch?tzen, als auch vor Tracking und Virusbedrohungen. |
|
|
Spyware Study & Reference Guide $22.36 Includes CD with: ZoneAlarm – Firewall (sample ver.) Window Washer – File shredding (sample ver.) SpyBot – Anti-Spyware software Computer Surveillance – PowerPoint Presentation Computer Counter Surveillance – PowerPoint Presentation Video Clip |
|
|
PC TOOLS SPYWARE DOCTOR 2011 1U/3PC $27.99 PC TOOLS SPYWARE DOCTOR 2011 1U/3PC |
|
|
Encore PC Tools Spyware Doctor 2007 11641 $7.18 Encore PC Tools Spyware Doctor 2007 11641 |
|
|
CA Anti-Virus Plus Anti-Spyware 2008 AVP08SNR03E $7.18 CA Anti-Virus Plus Anti-Spyware 2008 AVP08SNR03E |
|
|
Symantec PC Tools Spyware Doctor $34.99 1 User 21073016 3 PC Built on award-winning Spyware Doctor antispyware technology. Advanced rootkit detection technology identifies and removes hidden threats from your PC. Memory Scanner helps eradicate threats lurking on your PC. Download Guard checks your downloads against a cloud-based network. Uses a combination of reactive blacklists and proactive content analysis. Site Guard blocks you from visiting potentially unsafe or phishing websites and from downloading threats through your browser, IM or email. Cookie Guard automatically removes potentially malicious tracking and advertising cookies. Browser Guard stops automatic downloads, fake AV and malicious files from compromised or exploit websites. IntelliGuard technology stops potential threats before they infect your PC. Game Mode automatically detects your PC switching into full-screen mode for games, movies or presentations and ensures an uninterrupted experience. Power Saving Mode postpones power-intensive tasks until your laptop is plugged in, extending battery life. The ability to disable idle scan for optimal PC performance. Tweak advanced settings for each IntelliGuard, history logs and more. Operating System: Windows 7 (32/64-bit) Windows Vista with Service Pack 1+ (32/64-bit) Windows XP with Service Pack 2+ (32-bit) It defends your computer against malware attacks with multiple layers of protection using proactive, reactive and automatic protection to stop threats at every entry point. Now includes memory scanning, behavior profiling, and report cards to provide up-to-date protection and status monitoring for your PC. Anti-spyware Complete Product New Releases Update Not Applicable PC PC Tools Spyware Doctor Retail Security Software Standard Symantec Symantec Corporation Windows With AntiVirus 2011 www.symantec.com |
|
|
Spyware And Adware By Aycock, John $139 Author: Aycock, John Series Title: Advances in Information Security Publication Date: 2010/10/14 Number of Pages: 145 Binding Type: Hardcover Language: English Depth: 0.50 Width: 6.25 Height: 9.25 |
|
|
Blocking Spam & Spyware For Dummies $18.74 This book is in New – Excellent condition |
|
|
Combating Spyware in the Enterprise $37.46 This book is in New – Excellent condition |
|
|
Trojans, Worms, And Spyware $46.5 This book is in New – Excellent condition |
|
|
PC Tools Spyware Doctor with Antivirus 2011 – complete package $31.99 PC Tools Spyware Doctor with Antivirus 2011 – Complete package – 1 user 3 PCs – Win – English |