IT execs seek weapons to fight spyware

Several vendors to unveil tools at RSA

Tools designed to fight off a spyware "epidemic" are expected to get close scrutiny from corporate users at next week's RSA Conference in San Francisco.

Spyware, which was a low-priority item on many IT security agendas a year ago, has quickly evolved from an annoyance to a substantial security and support burden, users and analysts said.

"Spyware has truly become an epidemic," said Lloyd Hession, chief security officer at Radianz, a New York-based provider of telecommunications services to financial services companies. "I see it as a much bigger threat to productivity and privacy [than worms and viruses are]."

In a report to be released next week, Forrester Research Inc. in Cambridge, Mass., predicts that 65% of companies will either purchase or upgrade antispyware software this year, making it the most popular security technology of 2005. The report is based on a survey of 200 security managers.

Market research firm IDC, meanwhile, predicts that the antispyware business will grow from $12 million in 2003 to $305 million in 2008.

"Spyware has risen to fourth on the list of threats that security managers are most concerned about," trumping issues like spam and identity theft, said David Friedlander, the author of the Forrester report.

The term spyware refers to programs that quietly gather information about a person's browsing habits and sometimes confidential data as well, and relay it to advertisers and other parties. Many spyware programs, such as "adware" applications, are used by legitimate companies, but many illegal ones are used to log keystrokes, steal confidential information and redirect browsers.

Daunting numbers

The sheer number of spyware programs finding their way onto corporate desktops is a major cause for concern, say users and analysts.

Tim Powers, a senior network engineer at Southwire Co. in Carrollton, Ga., estimated that 70% of the electric cable maker's 1,600 systems are infected with spyware.

The majority of the problems caused by spyware have been performance-related, involving PC slowdowns, freezes and crashes, he said. But the potential for data loss from such programs is a real threat, he said. "Spyware is the biggest threat we have today, and it causes more problems with the operation of a PC than viruses do," Powers said.

Spyware programs can be so difficult to dispose of that the only option is to "reimage the system," said Robert Olson, a systems administrator at Uline Inc., a Waukegan, Ill.-based distributor of packing and shipping materials.

"We were spending hours trying to diagnose and solve the problem and would usually end up just rebuilding the system," said Olson, who recently installed antispyware software from Webroot Software Inc. in Boulder, Colo.

The National Center for Missing & Exploited Children installed an antispyware tool from Computer Associates International Inc. in November. Before it began using the software, the Alexandria, Va.-based organization's help desk staff was spending nearly half its time cleaning infected systems belonging to employees in the center's 40-person Endangered Child Unit, said IT operations manager Steve Gelfound. "We are a company of 300 users, and we just couldn't have 40 users taking up all of our time," he said.

Unlike worms and viruses that usually broadcast their presence in some fashion, spyware programs are a lot more stealthy and tenacious, said Kevin Haley, group product manager at Cupertino, Calif.-based Symantec Corp.

"A piece of spyware may hang out in memory, or in a registry entry or in a start-up directory. You can delete the executable, and it will find a way to write itself right back on" your system, Haley said.

Much of the sophistication behind these programs stems from the fact that spyware is deployed by professional cybercriminals with a profit motive, said Stu Sjouwerman, chief operating officer at Sunbelt Software Inc., a Clearwater, Fla.-based maker of antispyware products.

"Some spyware programs are incredibly hard to kill because programmers have gone to significant lengths to make them as well defended as possible," Sjouwerman said.

Vendors such as CA and Webroot, which recently raised $108 million in venture funding, have been shipping enterprise-ready antispyware products for a few months.

Still, most antispyware products are aimed at the consumer market and offer little of the centralized administration and support capabilities needed for enterprise use.

But several vendors plan to unveil products to help companies block, detect and weed out spyware. The companies making announcements at the RSA conference include Symantec, which is bundling a real-time spyware detection and removal function with its antivirus software; SecureWave Inc., which intends to offer a similar function with its PC protection software; InterMute Inc., which will upgrade its existing antispyware suite; and Lucid Security Inc., which will add spyware-filtering functions to its line of intrusion-prevention products.

"A lot of companies are still using free tools because corporate versions of antispyware products have only just started rolling out," Friedlander said. Users shopping for such products need to pay attention to issues such as the number of spyware definitions supported by the product, the process that vendors use for finding new spyware programs and how the definitions are updated, he said.

Copyright © 2005 IDG Communications, Inc.

Shop Tech Products at Amazon