8/14/2019 HowItWorksG

1/4

IThow works

w

h

a

tI

T

d

e

cisio

n

m

a

k

e

rs

n

e

e

d

to

k

n

o

w

Broken Internet connections and poor performanceare symptoms, but the underlying diseaseis even more dangerous. Undetected spywarecan compromise orgnaization security and hamper

communication. Unless port activity is being monitored,

key loggers, for example, will never be noticed as they

go about collecting logins and passwords and even credit

card information.

What is spyware and who is behind the attacks?

Spyware is software that installs itself without the users

permission, gathers information from the computer and

sends that information, usually via the Internet, to another

entity. Spyware may also affect or change a computers

settings or ability to run efficiently. Financial motivation

is what distinguishes spyware from viruses.

WHO BENEFITSFROM SPYWARE?

In 2004, a report from the technology research firm

Gartner noted that spyware-related thefts resulted in

$2.4 billion in direct fraud losses. Obviously, spyware is

making money for somebodyfrom outright consumer

fraud and information theft to marketing research. Most

spyware is interrelated. Spyware vendors often have

financial relationships with each other; so one program

may load other programs.

Spyware secretly gathers and transmits data to benefit

the entity that collects it. In some cases, spyware is benign,

as in adwaresoftware that customizes an advertisers

messages to reflect a Web site visitors tastes and

choices. In other cases, software vendors legitimately

the information to improve their products.

Spyware can take several different forms: dialers, rem

access tools, hijackers, Browser Helper Objects (BH

key loggers, browser plug-ins and remote installers. T

tools are not bad themselves, but they certainly ca

used malevolentlyespecially when installed wit

permission. Because of the complexity of the ithe Federal Trade Commission (FTC) took its tim

defining spyware and urged Congress not to make h

decisions.

In testimony to the U.S. House of Representat

Committee on Energy and Commerce, the FTC wa

Spyware is an elastic and vague term that has been

to describe a wide range of software. Some defini

of spyware could be so broad that they cover soft

that is beneficial or benign; software that is bene

but misused; or software that is poorly written or

inefficient code.

HOW SPYWARE GETS IN

There are several ways that spyware can infect a comp

Spyware often sneaks in with legitimate software bec

users dont read or understand the end user lic

agreement (EULA). Agreeing to an EULA can give ven

the right to run these programs in perpetuity.

The latest installment of Start-to-Finisa series of briefs on pertinent technolo

50 CDWG Start-to-Finish

SpywareA year ago, few offices experienced spyware problems. Or, they thougthey could control it at the firewall. Today, many government officeswell as schools have started deploying full-time technicians to do nothibut clean spyware off crippled computers, some with hundreds of spywprograms already in residence. These attacks have become so pervasive thno organization is safe from this latest group of network perpetrators.

8/14/2019 HowItWorksG

2/4

Another way spyware gets in is with a fraudulent software offer.

The entity behind the scam uses an illegal digital certificate and

represents itself as being the users Internet service provider (ISP),

for example. As a result, users download the bugged program

because they trust their ISP.

Spyware can also infiltrate as an e-mail attachment, similar to

the way a virus works. The software secretly downloads by merely

opening the e-mail itself. In some cases, the secretly installed

software, controlled by an outsider, uses the host computer to send

out spam.

Some Web sites run a java script page that resets the users

homepage and keeps resetting it even when the user tries to return

to their preferred settings. Clicking on Internet ads can also unleash

spyware. Sioux Fleming, director ofeTrust Security for Computer

Associates, says, This is not people going to places they shouldnt

[be going.] You pick this stuff up everywhere. Any place where

there is an ad that pops up may have a route to another site.

Because it is difficult to avoid all of the possible entryways for

spyware, security software companies have developed and continue

to improve antispyware technology defenses.

CDWG Start-to-Finish

ITgetting righSpyware

Spyware poses risks that can compromfinancial secrets or violate confidentialaws. It can also affect productivity slowing down the network, chang

computer settings and requiring timconsuming removal procedures.

Spyware started out as a consumer problem. In a recent report by technology research firm IDC that 67 percent of consumers PCs are infected

some type of spyware. Other analysts put that numas high as 95 percent. With that level of pervasiventhe problem has also invaded the world of educaand government.

SPYWAREONTHE WARPATH

Computer Associates Fleming says the amount of spy

installed on computers has increased 10 times in the last cale

year. John Bedrick, group marketing manager for McAfee Sec

sees reason for concern in the increase. Spyware has been elev

to one of the top-four problems that IT security professio

are dealing withahead of spam, cyber terrorism and hack

Bedrick says.

Industry experts peg the reason for the increase of the succe

spyware: It has proven to be a very capable collector of consu

data and it generates revenue. Fleming says, Sometimes on a

up ad, its one-tenth of a cent, which isnt a lot of money unless

get a lot of clicks.

The FTC, concerned about the cost to U.S. industry, has

working for the last year to educate the public about the

of spyware in time and money. It reported to a Congress

committee that spyware appears to be a new and rap

growing practice that poses a risk of serious harm to consum

Symptoms of aSpyware Infection

Excessive pop-up ads

Hijacked browser

Sudden or repeatedhomepage changes

New and unexpected changesin your toolbars and browser

Keys that wont work

Random error messages

Sluggish or slow performance

With 80-90 percent of users having some

sort of spyware on their computers,what are the signs of a spyware infection?

8/14/2019 HowItWorksG

3/4

w

h

a

tI

T

d

e

cisio

n

m

a

k

e

rs

n

e

e

d

to

k

n

o

w

The negative impact of spyware includes:

Vulnerability of financial or confidential data

Consumption of system resources, including

bandwidth, memory and storage

Increased occurrences of system or

browser crashes

Increased remote-access costs

Reduction in productivity

Higher risk of legal liability

SYMPTOMSA variety of symptoms can accompany a spyware infection,

such as an increase in the number of pop-up ads that

appear when you are using the Internet; a slowdown in

your Internet connection; applications that dont run

properly or run more slowly than normal; or your Web

browser settings change without your input.

SOLUTIONSBedrick recommends that best practices begin with

prevention, First of all, only point your Web browser

to sites that you are sure of. Second, open up e-mail

attachments from only known and trusted people. And

finally, no matter how good the shareware looks, there

will be a price to payspyware is included in the

52 CDWG Start-to-Finish

package. Bedrick advises restrictions on e-mail, brow

and downloading.

Another way to prevent spyware takeovers i

incorporate a desktop firewall product or to use soft

that blocks spyware. Websense Enterprise prov

integrated Internet filtering by instructing the firewa

block or permit Internet traffic. McAfee Desktop Fire

and McAfee VirusScan Enterprise Suite 8.0i help preinfestations. Trend Micros InterScan Web Security

(IWSS) scans all HTTP traffic, and blocks spywar

the gateway. Symantecs AntiVirus Corporate Ed

provides advanced, organization-wide spyware prote

and monitoring.

If your systems are already infested, the cure is sec

software that cleans and removes the unwanted prog

and code. CAs PestPatrol can remove the offen

programs and runs continuously in the background. O

you have a clean machine, Fleming recommends run

the scan daily. McAfees Anti-Spyware Enterprise Ed

Module also helps provide the cure. This is a product

plugs into McAfee VirusScan Enterprise.Government and educational organizations gene

require a business-grade version of security soft

rather than a consumer grade. The business-grade soft

advantages include management capabilities to en

policy, upgrades, reporting capabilities and the abili

prevent users from changing policies on their machin

Types ofSpyware

8/14/2019 HowItWorksG

4/4

CDWG Start-to-Finish

CDWG offers a portfolio of value-added services to help expand your IT capabilities.

ITHow CDWG DoesSpyware

Pervasive spyware problems demandcomprehensive solutions. CDWGprovides an up-to-date knowledge baseabout many security solutions frommultiple software vendorswhetheryoure looking for suites or standalone,best-of-breed products.

You may say, How do I know if I have a problem?

If you use PCs and the Internet, you likely will have some

type of spyware on your machines. If you experience adegradation of desktop performance or you suddenly get pop-up

ads that you werent getting previously, spyware is most probably

the cause.

Whether you are at an office of less than 10 people or have 500

users, CDWG can assist you in planning the right solution to

keep spyware under control. Gregory Vanek, CDWG Symantec

system engineer, recommends that small- to mid-size organizations

use consumer-grade products off the shelf. But for organizations of

10 or more, Vanek suggests going with licensing programs because

of price point and ease of renewal. A licensing program also has

maintenance built into it, so that if you need any kind of tech

support, you can just call.

PLANAND BUILD

CDWG offers all the big names in security: Computer Associates,

McAfee, Symantec, Trend Micro, Websense and others. If you are

looking for an antispyware solution, you may want to consider

more than one vendor. CDWG can start the process with a

conference call that includes specialists who are trained experts for

each major security software vendor. All CDWG specialists work

together with their account manager as a team to build the best

solution. The specialists also complete general and cross-training

courses and certifications.

There are advantages to both standalone antispyware products

and those that are incorporated into a security suite. Currently,standalone products can remove the offending software, while

many other products havent gotten up to speed on removal. Vanek

says that the next generation of solutions, which will become

available in the first half of 2005, will be more automated

detecting and immediately removing the spyware. The advantage

of these suite solutions will be ease of management for IT staff.

EVOLVE

However, spyware developers wont be standing still, ei

McAfees Bedrick says, There is a financial incentive for

authors of these programs. This is a commercial ende

so they have funding. The less legitimate ones are tryin

circumvent the security measures for removing theminclu

reinstalling themselves and every trick in the book. The

that are particularly difficult to remove, the industry has du

scumware, because of what it perceives to be the underhanded

of those programmers.

Although Vanek applauds the U.S. governments steps to

fend off the spyware onslaught, he believes that techno

will always be required to help protect organizations

spyware, Its great that the government is enacting legislationits usually a step behind what industry is doing. Industry

already addressed it by coming out with antispyware prod

And, ultimately, because of the fact that not all spyware is ill

the legislation that went through leaves it a little vague. Ultima

the laws probably wont be as effective as actually ha

antispyware software.