Table of Contents

Editor’s Corner

Featured In This Issue

New Partnerships

Best Practices For Securing Your DNS Architecture

The Problem and Growth of Spyware

Cipher Trust’s IronMail Spam Profiler Tool

Five Steps to Enforcing Your Endpoint Security

The Costs of Managing Internal Passwords

Case Study

Akibia Partners

Contact Akibia

 

The Problem and Growth of Spyware
By Chris King
PRODUCT MARKETING MANAGER: BLUE COAT

The IT, business, and consumer communities have seen a multitude of concerns, complaints, and legislation on “the spyware problem.” According to the National Cyber Security Alliance (NCSA), nearly all (92%) enterprises acknowledge a serious problem with spyware. Estimated infection rates range from 30% of enterprise desktops (despite daily cleansing efforts – Web@Work, 2004) to 90% of broadband-connected desktops (NCSA). Accordingly, Mozilla’s Firefox browser has enjoyed increased adoption (most spyware targets Internet Explorer). Many enterprises, however, won’t switch browsers, and must deal with this rapidly evolving threat.

There has been debate about what constitutes “spyware.” Commercial advertisers that develop “adware,” claim they are not malicious, and shouldn’t be categorized with other threats. The enterprise view of “spyware,” however, can include any software that collects information on user behavior (surfing, keystrokes, preferences, etc.) from desktops and ships it to an unknown third-party server. There are distinctions between commercial spyware (adware) and malicious spyware, but in the end, it’s all spyware.

The risk and costs of spyware to enterprises are substantial. Risks associated with spyware include credential theft, intellectual property theft, liability, fraud, and corporate espionage. Many IT managers, however, note that the productivity impact – crashing browsers, sluggish desktops, slow networks, help desk calls, and idled users – is of far greater concern, and often more quantifiable. Perspective aside, spyware has a significant negative impact on the enterprise.

Why Hasn’t Spyware Been Stopped?
U.S. Legislators are attempting to tackle the problem of spyware, and various prosecution efforts have begun. While admirable, the Internet is borderless and difficult to control through legislation. Furthermore, there are large financial incentives to produce and distribute spyware. Spyware producers make money on the information they collect and the advertisements they distribute, and, in turn, pay website owners to distribute spyware. Both producers and distributors change methods frequently to ensure successful distribution.

Spyware is difficult to stop technically for a variety of reasons. First, spyware is a new and evolving technology that quickly adopts the latest ideas from viruses, worms, and trojans. Perhaps more importantly, spyware attracts the best and brightest hackers—who are finally being compensated for their efforts by either commercial spyware companies or organized crime. Additionally, spyware is an application-level threat, and most existing enterprise defenses focus on the infrastructure layer—lacking the application--level visibility and granularity necessary to block spyware without shutting down Web traffic associated with legitimate business functions.

Several vendors have introduced anti-spyware products, including spyware-specific desktop agents, desktop anti-virus, and URL filtering. Unfortunately, most of these solutions are reactive – they only address installed spyware, i.e., they enable organizations to act only AFTER it is a problem. Furthermore, in addition to being reactive, many of the desktop solutions lack management and deployment infrastructure (e.g., spyware-specific desktop agents) or anti-spyware acumen (desktop AV products). URL filtering, while a gateway component, is reactive too – blocking only known spyware sites – and as stated previously, spyware producers and distributors make changes in distribution techniques quickly. URL filtering is an important piece of a complete solution (it is good at blocking outbound spyware communications), but it is not, in itself, a solution.

What Does The Complete Enterprise Spyware Prevention Solution Look Like?
The best defense for enterprises is to stop spyware before it is installed on the desktop. Moreover, a solution should not cause management headaches that offset its spyware reduction benefit. As such, an ideal enterprise solution to control spyware must operate at the network gateway.

Naturally, enterprises have concerns around gateway solutions that may impede business processes – a gateway solution must not introduce latency into business-critical Web communications. Furthermore, a gateway solution must determine, in a fine-grained fashion (i.e., beyond source and basic content type), what Web content will be allowed into the enterprise.

Keeping pace with spyware’s rapid evolution requires a solution with multiple blocking and control methods at its disposal. Web threats of any nature (spyware, worms, viruses, trojans) evolve in unpredictable ways. Finally, regardless of how effective an anti-spyware gateway may be, some users will take their laptops home, where, connected to unprotected networks, spyware infestation is virtually guaranteed. Therefore, an enterprise solution must be able to address these “out-of-band” infections once they return to the corporate network.

Blue Coat Enterprise Gateway Anti-Spyware
Blue Coat Systems recently introduced an anti-spyware solution that represents a new approach to this growing problem. The Blue Coat solution is based on Blue Coat’s market-leading proxy appliances, and:
Prevents spyware from reaching the desktop

  • Stops “drive-by” installations (the most common spyware installation method)
  • Blocks known spyware sources using best-of-breed URL filtering
  • Scans HTTP traffic for threat signatures using high-performance, best-of-breed Web AV scanning
  • Detects spyware infections (out-of- bandor existing)
  • Blue Coat’s Web proxies see all Webtraffic – and can catch, block, and report on outbound spyware traffic, then target the infection for cleaning.
  • Doesn’t impede the business process
  • Proven high performance and low latency
  • Fine-grained controls stop spyware without impacting legitimate traffic

Conclusion
Spyware will continue to evolve – fueled by advertising revenues and hacker inventiveness. Effective spyware solutions utilize multiple techniques to address each new spyware flavor and each ingenious method of penetrating the enterprise. Organizations should expect the worlds of spyware and viruses, worms, and trojans to merge in the near future. AV vendors will incorporate spyware scanning and removal into their desktop scanners, but the reactive nature of these solutions will require organizations to continue a “defense-in-depth” strategy, involving preventative gateway solutions.

Organizations will need to have an infrastructure in place that is flexible, granular, high-performance, and powerful enough to stop current and future Web-borne threats, yet won’t impede the business process. Only Blue Coat provides that integrated, high-performance infrastructure – delivering comprehensive Web content controls, URL filtering, and Web AV – enabling enterprises to prevent spyware and other Web-borne threats from impacting privacy, security, and productivity.Visit Blue Coat at www.bluecoat.com