Definition: Spyware is any technology that installs itself on a PC or server, and enables someone to gather information about a person or organization without their knowledge. Common sources of spyware infestation are files or applications downloaded or uploaded from shady Web sources and other questionable sources. Once installed, the spyware can take over the host computer to send selected records, or recorded keystrokes, to the perpetrator's computer or e-mail address.
Antispyware products are designed to identify and block spyware attacks. Enterprise-class spyware products scan incoming files and applications for "signatures" of known or suspected spyware, and prevent the unauthorized code from being installed. They can also cleanse a system of existing spyware.
Antispyware products come either as standalone systems or as part of an integrated client security package that also includes antivirus software, and perhaps a personal firewall and Host Intrusion Prevention as well.
Benefits
Antispyware products safeguard companies from an increasingly serious and widespread threat.
A June 2005 Forrester Research Inc. survey of technical decision makers at small and medium-size businesses (SMBs) found that respondents consider spyware to be the No. 2 security threat, just behind worms and viruses.
Stolen personal information has resulted in fraud and identity theft. Security leaks and loss of data have hurt companies competitively, and can potentially lead to lawsuits or regulatory penalties.
In addition, spyware can seriously hurt user productivity by slowing or crashing a PC, or displaying annoying pop-up ads and unwanted and objectionable content. IT administrators spend too many hours dealing with user spyware reports and cleaning up PCs. According to Stamford, Conn.-based Gartner Inc., 30% of help desk calls, on average, are related to spyware.
Costs
Several vendors now offer standalone products specifically targeting small and medium businesses. Aluria Software's Paladin, Sunbelt Software Inc.'s CounterSpy Enterprise small business network kit and Trend Micro Inc.'s Anti Spyware for SMBs all cost about $1,800 for 100 users.
Among integrated products are the following: Symantec Corp. recently added antispyware to its AntiVirus Corporate Edition 10.0; and Check Point Software Technologies Ltd. recently announced antispyware for its Check Point Integrity suite, which costs $67 and up per user.
CA Inc.'s eTrust PestPatrol Anti-Spyware Corporate edition, which also includes antivirus, costs $24 per user for 100 to 249 users.
McAfee Inc.'s Total Protection for Small Business is priced at about $25 per user per year, for 100 users. McAfee also offers a standalone in-house product, Anti-Spyware Enterprise, and an integrated suite, Total Protection for Enterprise, which includes virus protection, intrusion prevention system, antispyware, antispam and network access control.
Technology trends
The past year and a half has seen a strong growth in enterprise antispyware products. Unlike consumer offerings that require end users to set up
 |
|
|
|
|
Look at your security needs as a whole, not at individual technologies.
Natalie Lambert
analyst, Forrester Research
|
|
|
|
|
|
|
|
|
|
and maintain protection on their PCs, enterprise antispyware platforms allow IT staffs to centrally deploy and administer endpoint security, with minimal end user involvement. Automated client discovery and configuration are useful both for large enterprises and SMBs with limited IT staffs.
Enterprise systems also have the ability to identify and block spyware before it installs itself.
The recently formed Anti-Spyware Coalition is working to facilitate and encourage vendor sharing of spyware signatures and analyses.
Standalone spyware packages are slowly giving way to integrated endpoint security suites that also include antivirus protection, personal firewalls and IPS. The suites provide an integrated, holistic approach to endpoint security -- and are easier to administer than multiple point solutions, according to Forrester analyst Natalie Lambert.
Microsoft is planning to enter the endpoint security market later this year with Microsoft Client Protection, an integrated antivirus, antispyware product. "That's likely to provide a great price point for Microsoft shops," Lambert says.
Tips and gotchas
Avoid false economies. Consumer and freeware antispyware lack features that are important to a corporate security system, such as centralized deployment and updates, as well as the ability to track and catch spyware before it can install itself.
One user's spyware is another's productivity tool. Some people, for example, define cookies as spyware; yet cookies are used for legitimate purposes such as automatically identifying a repeat customer at a Web site. Keyloggers can be used by a hacker to steal a person's credit card number, or by an administrator to fix a PC remotely. Make sure your antispyware tool can be programmed to distinguish between the two.
Also make sure the product automatically updates its database (and client agents) with the latest spyware signatures. Some products, such as Webroot Software Inc.'s Spysweeper Enterprise, actively search the Web for new spyware. Others download new signatures from the vendor's Web site.
Don't neglect the human factor. Implement and enforce policies to ensure users protect their PCs from spyware attacks. The Anti-Spyware Coalition makes the following recommendations for users to defend themselves against spyware: Keep security software up to date; download programs only from Web sites you trust; familiarize yourself with the fine print attached to any downloadable software; avoid being tricked into clicking dialog boxes; beware of so-called free programs; and use antispyware, antivirus and firewall software.
Product sample
TrendMicro.com
McAfee.com
Symantec.com
Webroot.com
Tenebril Inc.
Sunbeltsoftware
Aluriasoftware
CA
CheckPoint.com
Expert viewpoint: Natalie Lambert, analyst, Forrester Research Inc.
"Choose an integrated security suite over a standalone antispyware product unless you can't get rid of your existing antivirus software (and your AV vendor doesn't offer an antispyware add on). A central management console for all your endpoint security saves a lot of time and trouble.
"Make sure your product can clean up as well as block spyware installations. Zero-day malware sometimes doesn't create a signature until it's installed on the PC. Make sure any computer coming in from outside gets cleaned of spyware before it gets hooked up to a corporate computer or network port.
"Consider setting up security profiles for different types of users, computing devices and data. A CEO traveling with confidential files on a laptop or PDA may need encryption.
"Look at your security needs as a whole, not at individual technologies."
Elisabeth Horwitt is a contributing writer based in Waban, Mass.
