Who best to define spyware? (page 2)

By Bill Brenner, News Writer 18 May 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

This article originally appeared on SearchSecurity.com, a sister site of SearchSMB.com.

Back to page 1

About this series: Spyware is quickly replacing worms and viruses as IT managers' biggest worry. In this two-part series, security professionals and others debate spyware detection and who is best qualified to define it.

Trust the vendors?
With the security market flooded with antispyware tools and more on the way, shouldn't IT professionals simply trust their vendors to make a reasonable determination of what is spyware? After all, they are experts and their products have been through countless hours of testing.

Richard Stiennon, Webroot's VP of threat research, believes his company has practiced due diligence in making sure legitimate programs aren't labeled as spyware.

"Our approach is that spyware is like pornography, you know what it is when you see it," he said. "Regardless of what these companies say, nobody in their right mind wants all these pop-up ads."

Webroot doesn't specifically label programs as spyware, Stiennon said. It identifies them as adware, cookies, Trojan horses, keyloggers or whatever else they look like. Yet it calls its product Spy Sweeper and released a report this month called "State of Spyware."

Todd Sawicki, senior marketing director of 180Solutions, said companies like Webroot may not call programs spyware in their scans, but when "the spy word" appears on the product and in reports, the affect is the same.

"To get fingered, all you have to do is show ads outside the application," he said. "We get dinged because we show ads."

Malicious or legititmate? Sound Off on whether you'd allow cookies and other programs that track information into  your network.

Stiennon said entities like Cool Web Search, Claria and 180Solutions deserve the bad reputation. He said 180Solutions, for example, has a history of "drive-by" downloads, using ActiveX to drop adware onto systems without warning.

"Legislative efforts have forced them to clean up their act," Stiennon said. "Over three months, 180Solutions and Claria lost two-tenths of one percent of their penetration. As they are forced to comply with laws they'll improve their image and products. But they still must account for their past."

Cool Web Search vigorously defends itself against such claims on its Web site, saying, "These kinds of activities are firmly against our rules. Did anybody tell you differently? Perhaps you have read an article somewhere blaming Cool Web Search for everything wrong with the world short of world hunger… You will be shocked to find out that 95% of all so-called 'CWS hijacks' have NOTHING WHATSOEVER to do with Cool Web Search. These people have never worked with us, and never will. We have never condoned the use of 'hijacks' or 'exploits.' Unfortunately, due to carefully orchestrated framing and smear campaigns of unethical competitors, who even to this day are distributing spyware and calling them 'CWS hijacks,' our good name has been severely damaged."

For its part, Claria said on its Web site, "We have strictly abided to our commitment to privacy and are dedicated to providing valuable permission-based software applications in exchange for delivering targeted messages to our users based on their anonymous online behavior."

In its recent State of Spyware report, Webroot said that it would be folly to move away from the spy word.

"At a time when many consumers and businesses struggle to understand the threat posed by spyware, trying to move away from the term

A wolf in sheep's clothing Check out part 1 of this series: To win the battle with spyware, you must be able to spot it. That's not as easy as you think.

'spyware' would serve only to confuse an already overwhelmed audience," the report said. "The term adware is a subcategory of the overarching 'spyware' category, but may be slowly evolving into its own category. The challenge to the reclassification is caused by historical actions of adware vendors and those that use cross-domain cookies to track online behavior. While some organizations are rapidly adapting policies and practices to respect privacy regulations, many more adware distributors still violate the user's right to privacy, and in many instances, still violate pending legislation and even break existing laws by exploiting vulnerabilities to install their adware."

In the end, many vendors have decided to proceed with caution and let users decide what is harmful to their computers.

To separate the sinister from the benign, Cupertino, Calif.-based antivirus giant Symantec recently drew up a system to measure the potential risk of what it detects. While Symantec's Threat Severity Assessment measures the danger level of traditional malcode based on how fast it spreads and what kind of damage it can cause, the firm's Risk Impact Model now evaluates applications that look like spyware for malicious tendencies. After that, the user is left to decide if the application should be killed, quarantined or allowed.

Our approach is that spyware is like pornography, you know what it is when you see it. Richard Stiennon Webroot

"The heart of this approach is to tell the user what we have found and let them determine for themselves if they want to keep it or kill it," said Dave Cole, product management director for Symantec Security Response. "We make a recommendation and then you choose what to do from there."

Making the most of what you have
Since most people agree no one entity can solve the whole problem, Skoudis suggests IT managers take matters into their own hands and figure out how to get the best defenses out of the tools they already have.

"If you manage an enterprise network, reconfiguring your infrastructure will help you the most," said Skoudis, also a handler at the Bethesda, Md.-based SANS Internet Storm Center. He recently posted a handler's diary outlining 19 ways an IT shop can fight spyware with the tools they already have.

Nat Howard is an independent system administrator and developer based in Vienna, Va., who also runs a Web site called Stupid Security. As far as he's concerned, the best way to keep spyware off the network is to avoid the products that are always attacked.

"I use Linux, OpenBSD, FreeBSD, and Mac OS X, so my recent experience with spyware has been -- so far as I can tell -- limited to watching it hurt other people," Howard said.

Tags: Risk management for the midmarket,  Security tools for the midmarket,  Information security management for the midmarket,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Risk management for the midmarket Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge Adopting a beta tool: Risks vs. rewards for a midsized enterprise The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility How to decide if changing technology vendors is worth the time, risk A guide to managing the risk assessment process Free risk management tools and resources for the enterprise CIOs taking risk of cutting vendor maintenance contracts to save money 10 must-have steps for an effective SMB information security program Security tools for the midmarket Why CIOs need to get real about identity and access management in 2010 Free risk management tools and resources for the enterprise IT security spending a bright spot in '09, with more growth predicted Security and risk management in the midmarket Identity and access management planning guide for the midmarket A CIO's advice for implementing single sign-on solutions Options for outsourcing security grow, offer IT budget savings Network access control: Pointers for getting the knack of NAC Unified communications: Securing access to OCS Unified communications security: How safe is it? Information security management for the midmarket Droid does, but will IT support it? Information security program revamp adds outsourcer oversight and more From data breaches to risk management frameworks: Test your knowledge The challenge of managing risk when IT budgets tighten Why cybersecurity awareness is everyone's responsibility Information technology management e-book downloads for midmarket CIOs 10 must-have steps for an effective SMB information security program Your IT security budget: How to get more bang for the buck Using key risk indicators to sell your information security program IT security spending a bright spot in '09, with more growth predicted

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary