Spyware sneaks into the desktop
Once viewed as simply a consumer desktop problem, spyware is increasingly viewed as a corporate liability that IT has to address.
Computerworld - Bruce Edwards began to understand that spyware was more than a consumer PC problem when his users started complaining loudly about poor performance and an increase in pop-up ads. But it wasn't until after he'd checked all of his organization's PCs that Edwards understood the full scope of the problem.
"My customer workstations were really gummed up," says Edwards, LAN administrator at the Administrative Office of the Courts in Little Rock, Ark. All 200 machines in his offices were running a wide range of spyware, and many were running multiple programs. The programs ran in the background without the users' knowledge, downloading information on Web surfing activities and uploading advertising in the background for use in pop-up ads. As the volume of these hidden programs grew, they began using up system resources and choking off network bandwidth. Annoyed with all the pop-up ads, some users downloaded free pop-up blocker programs that installed even more spyware.
Spyware programs discreetly install themselves on PCs, establish a back channel over which to download information about the user and typically upload advertisementsoften over HTTP Port 80. Programs designed specifically to deliver targeted advertising are also called adware. But adware and other types of software that install without the user's explicit consent and establish background communicationsincluding surveillance programs, key loggers, remote control tools and Trojansare also described as spyware.
Companies have traditionally viewed spyware as a nuisance that's best handled by desktop support groups. But IT organizations are beginning to view it as a security risk as well because spyware is becoming more common and the programs are growing more sophisticated.
Image Credit: David Plunkert
Edwards used PestPatrol, a spyware scanning and removal tool, to clean up the mess. But the big issue for him isn't system performance or productivity-sapping pop-upsit's the uneasy feeling that these programs have opened an unauthorized communication channel that could put sensitive court documents at risk. He worries that, in addition to downloading data on Web surfing activity, a spyware program may capture user log-in and password information, or that a benign adware program may provide a communications pathway that could be hijacked for uploading more malicious software.
Analysts say that while some adware programs simply monitor Web surfing activity and serve up annoying pop-up ads, others could be stealing e-mail addresses and passwords, allowing background downloads of more malicious software, or sending sensitive data to competitors. "We think the capability to do that is there," says John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc.
Spyware applications may install themselves after a user clicks on a pop-up dialog box, opens an e-mail attachment or downloads freeware. In some cases, unpatched Windows machines may be vulnerable to "drive-by" attacks, in which malicious code embedded in a viewed Web site exploits Internet Explorer vulnerabilities and lax security settings to install itself without the user clicking on anything.
- Data Protection eGuide In this eGuide, CSO and sister publications IDG News Service, Computerworld, and CIO pull together news, trend, and how-to articles about the increasingly...
- Warning: Cloud Data at Risk Experts agree that relying on SaaS vendors to backup and restore your data is dangerous. Yet that's exactly what huge portions of the...
- The Opportunities and Challenges of the Cloud In this report F5 poses questions to IDC analysts, Sally Hudson and Phil Hochmuth, on behalf of F5's customers to better understand the...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!