Asia-Pacific Connections Pte Ltd

September 2006

 

Of all the challenges facing IT professionals today, network security is undoubtedly the most vital. The responsibility of protecting corporate resources from the multitude of sophisticated threats that currently exist requires constant scrutiny and careful management. At the same time, the relentless emergence of new risks demands ongoing vigilance and the capacity to realign security strategies on demand. Spyware, along with viruses and spam, is top of mind for CTOs, with International Data Corporation (IDC) citing up to 90% of computers connected to the Internet – for web browsing, peer-to-peer applications, instant messaging, and email – have been infected with some sort of spyware.

In a survey of over 500 IT professionals conducted in Q4 2005 by Computerworld, an estimated 79% of IT professionals reported having had to manage “problems with spyware that required significant attention” in the preceding 12 months. Amongst those who had recently encountered spyware problems within their enterprises, the range of damaging privacy and security breaches included: impaired desktop support and performance (83%); break-ins from trojans or other backdoor exploits (22%); destruction of data and programmes (14%); loss of personal information (7%); loss of the organisation’s data or intellectual property (6%); and identity theft (3%). Most alarmingly, 84% of all respondents to the Computerworld survey believe the spyware threat is increasing.

These results highlight the risks associated with spyware and its escalating threat to businesses. Yet, network-security experts continue to debate exactly what spyware is. According to the Webopedia definition, spyware is any software “that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes”. Once installed, the spyware monitors user Internet activity and secretly transmits information on browsing habits and data entered on websites – including email addresses, passwords, credit-card numbers, bank-account information and healthcare records – to interested third parties like online marketers, laying the groundwork for spam and unwanted advertisements. A number of experts argue that adware should even be considered a form of spyware because it transmits “information from users’ computers to the servers of the programmes’ designers that contravenes stated licence agreements and consumer expectations”.

According to a white paper, “Understanding and Preventing Spyware in the Enterprise,” published by TippingPoint – a division of 3Com that provides anti-spyware solutions – spyware can infect PCs through a variety of means including:

  1. Drive-by downloads that automatically download spyware without the user’s consent or knowledge
  2. Seemingly “useful and free” web downloads that do not have clearly disclosed applications and purposes
  3. Bundled P2P file-sharing applications that generate ad revenue for the publishers, causing pop-ups and sending information to affiliate networks for data aggregation or data mining
  4. Disguised corrective programmes or special plug-ins that covertly trick users into downloading or installing spyware
  5. Taking advantage of security holes in Internet Explorer to install trojan droppers or downloaders that redirect the user’s browser to pre-selected portal sites
  6. Exploiting misused Windows operating system features

As easy as it is to unwittingly install spyware, Sunbelt Software, a provider of Windows security software, has noted that it is not always so easy to uninstall it. In many cases, a "helper” programme is built in to monitor the main spyware programme, which re-downloads and reinstalls the application if it is removed.

In its least harmful form, spyware steals bandwidth and computing resources by gathering information about keywords used in search engines, frequently visited websites and shopping reports. The unwanted traffic generated by spyware can consume bandwidth causing congestion, delays and packet loss in mission-critical applications. However, WatchGuard Technologies, a network-security-solutions provider, has observed that spyware developers have evolved over the years: “Ten years ago, your average virus writer developed a worm without pay, exclusively for notoriety or peer respect and recognition. Today, spyware companies pay programmers' salaries commensurate with those offered by legitimate businesses”. Indeed, WatchGuard warns, even crime syndicates are now exploiting the technology.

As spyware programmers have become ever more sophisticated in their approach – they first learn how network-security measures work and then modify code and create variants accordingly, so as to evade detection. Many of these programmers actually thrive on the ensuing high-stakes, cat-and-mouse game. Currently, spyware comes in many variations including password and information stealers, keyloggers, banking trojans, backdoor trojans, botnet worms, browser hijackers, downloaders, Internet Explorer toolbars, pop-up advertisements, Winsock hijackers, man-in-the-middle proxies, ad-serving cookies, as well as system monitors and dialers. And, spyware applications are increasingly being designed for more sinister purposes – with identity theft being the most malicious. According to Aladdin Knowledge Systems, a provider of software-digital rights management and USB-based authentication solutions, an estimated 15% of spyware threats actually steal passwords and log keystrokes, whilst also attempting to steal logged-on user names, administrator passwords, and instant-message directories and email addresses.

The upshot for IT professionals is that it is becoming increasingly complex to implement a robust strategy to protect company resources from spyware threats – but the implications of failing to do so are much worse. No longer is it possible for IT professionals to rely on signatures as the only or primary line of defence for their organisation, nor can they depend on the ability of vendors to identify new threats, define signatures, and distribute them in a sufficiently timely manner to maintain an adequate level of security at all times.

According to a new study by The Radicati Group – a U.S.-based technology market-research firm – the combined global desktop and perimeter anti-spyware solutions market is expected to grow from US$214 million in 2006 to US$1.4 billion in 2010. Whilst desktop anti-virus and anti-spyware software are the most popular tools for fighting spyware, desktop firewalls, network- and server-centric tools are also common. However, most respondents of the Computerworld survey agree that enterprise-class anti-spyware tools are effective in detecting and removing spyware, but not in preventing spyware infections.

Computerworld IT Management Survey Results: Tools Employed to Prevent, Detect or Remove Spyware

83% Desktop anti-virus software

72% Desktop anti-spyware software

69% Email gateway/file attachment blocking software

51% Intrusion-detection and prevention systems

47% Web content filters and Internet gateways

44% Desktop firewalls

The growing threat of spyware has prompted a number of governments in the Asia-Pacific region – including Australia, Malaysia, the Philippines and Singapore – to consider adopting anti-spyware laws similar to the U.S. Internet Spyware Prevention Act (I-SPY) of 2004, which allows for stiff jail sentences and fines to be imposed on violators. However, as a lucrative revenue source for many legitimate corporations, like online marketing firms and advertising firms, these governments will face stiff opposition if they choose to pursue such legislation. Additionally, there are likely to be significant difficulties associated with prosecuting spyware protagonists within a national legal framework due to uncertainties around identifying how and where products are generated and by whom.

Instead, IT professionals must face the grim reality that spyware is here to stay and that it will become increasingly pervasive in the future. It is therefore essential that they get back to basics in reviewing their network-security strategies – to determine whether their baseline defence policies are adequate enough to contend with the thousands of spyware threats that exist today, along with the host of new ones that will continue to emerge. Moreover, IT professionals must spread the word about the dangers of spyware to end users, because their ignorance or indifference can only amplify the threat. Though these approaches will not necessarily guarantee complete security for corporate resources, they will greatly minimise the risk of spyware penetration.

 

To view the ComputerWorld survey of over 500 IT professionals, click here . To view the TippingPoint white paper, click here.

 

All articles copyright © Asia-Pacific Connections, all rights reserved.  Use of these articles for publication or any other reason requires prior written consent from Asia-Pacific Connections.