howitworksg
TRANSCRIPT
-
8/14/2019 HowItWorksG
1/4
IThow works
w
h
a
tI
T
d
e
cisio
n
m
a
k
e
rs
n
e
e
d
to
k
n
o
w
Broken Internet connections and poor performanceare symptoms, but the underlying diseaseis even more dangerous. Undetected spywarecan compromise orgnaization security and hamper
communication. Unless port activity is being monitored,
key loggers, for example, will never be noticed as they
go about collecting logins and passwords and even credit
card information.
What is spyware and who is behind the attacks?
Spyware is software that installs itself without the users
permission, gathers information from the computer and
sends that information, usually via the Internet, to another
entity. Spyware may also affect or change a computers
settings or ability to run efficiently. Financial motivation
is what distinguishes spyware from viruses.
WHO BENEFITSFROM SPYWARE?
In 2004, a report from the technology research firm
Gartner noted that spyware-related thefts resulted in
$2.4 billion in direct fraud losses. Obviously, spyware is
making money for somebodyfrom outright consumer
fraud and information theft to marketing research. Most
spyware is interrelated. Spyware vendors often have
financial relationships with each other; so one program
may load other programs.
Spyware secretly gathers and transmits data to benefit
the entity that collects it. In some cases, spyware is benign,
as in adwaresoftware that customizes an advertisers
messages to reflect a Web site visitors tastes and
choices. In other cases, software vendors legitimately
the information to improve their products.
Spyware can take several different forms: dialers, rem
access tools, hijackers, Browser Helper Objects (BH
key loggers, browser plug-ins and remote installers. T
tools are not bad themselves, but they certainly ca
used malevolentlyespecially when installed wit
permission. Because of the complexity of the ithe Federal Trade Commission (FTC) took its tim
defining spyware and urged Congress not to make h
decisions.
In testimony to the U.S. House of Representat
Committee on Energy and Commerce, the FTC wa
Spyware is an elastic and vague term that has been
to describe a wide range of software. Some defini
of spyware could be so broad that they cover soft
that is beneficial or benign; software that is bene
but misused; or software that is poorly written or
inefficient code.
HOW SPYWARE GETS IN
There are several ways that spyware can infect a comp
Spyware often sneaks in with legitimate software bec
users dont read or understand the end user lic
agreement (EULA). Agreeing to an EULA can give ven
the right to run these programs in perpetuity.
The latest installment of Start-to-Finisa series of briefs on pertinent technolo
50 CDWG Start-to-Finish
SpywareA year ago, few offices experienced spyware problems. Or, they thougthey could control it at the firewall. Today, many government officeswell as schools have started deploying full-time technicians to do nothibut clean spyware off crippled computers, some with hundreds of spywprograms already in residence. These attacks have become so pervasive thno organization is safe from this latest group of network perpetrators.
-
8/14/2019 HowItWorksG
2/4
Another way spyware gets in is with a fraudulent software offer.
The entity behind the scam uses an illegal digital certificate and
represents itself as being the users Internet service provider (ISP),
for example. As a result, users download the bugged program
because they trust their ISP.
Spyware can also infiltrate as an e-mail attachment, similar to
the way a virus works. The software secretly downloads by merely
opening the e-mail itself. In some cases, the secretly installed
software, controlled by an outsider, uses the host computer to send
out spam.
Some Web sites run a java script page that resets the users
homepage and keeps resetting it even when the user tries to return
to their preferred settings. Clicking on Internet ads can also unleash
spyware. Sioux Fleming, director ofeTrust Security for Computer
Associates, says, This is not people going to places they shouldnt
[be going.] You pick this stuff up everywhere. Any place where
there is an ad that pops up may have a route to another site.
Because it is difficult to avoid all of the possible entryways for
spyware, security software companies have developed and continue
to improve antispyware technology defenses.
CDWG Start-to-Finish
ITgetting righSpyware
Spyware poses risks that can compromfinancial secrets or violate confidentialaws. It can also affect productivity slowing down the network, chang
computer settings and requiring timconsuming removal procedures.
Spyware started out as a consumer problem. In a recent report by technology research firm IDC that 67 percent of consumers PCs are infected
some type of spyware. Other analysts put that numas high as 95 percent. With that level of pervasiventhe problem has also invaded the world of educaand government.
SPYWAREONTHE WARPATH
Computer Associates Fleming says the amount of spy
installed on computers has increased 10 times in the last cale
year. John Bedrick, group marketing manager for McAfee Sec
sees reason for concern in the increase. Spyware has been elev
to one of the top-four problems that IT security professio
are dealing withahead of spam, cyber terrorism and hack
Bedrick says.
Industry experts peg the reason for the increase of the succe
spyware: It has proven to be a very capable collector of consu
data and it generates revenue. Fleming says, Sometimes on a
up ad, its one-tenth of a cent, which isnt a lot of money unless
get a lot of clicks.
The FTC, concerned about the cost to U.S. industry, has
working for the last year to educate the public about the
of spyware in time and money. It reported to a Congress
committee that spyware appears to be a new and rap
growing practice that poses a risk of serious harm to consum
Symptoms of aSpyware Infection
Excessive pop-up ads
Hijacked browser
Sudden or repeatedhomepage changes
New and unexpected changesin your toolbars and browser
Keys that wont work
Random error messages
Sluggish or slow performance
With 80-90 percent of users having some
sort of spyware on their computers,what are the signs of a spyware infection?
-
8/14/2019 HowItWorksG
3/4
w
h
a
tI
T
d
e
cisio
n
m
a
k
e
rs
n
e
e
d
to
k
n
o
w
The negative impact of spyware includes:
Vulnerability of financial or confidential data
Consumption of system resources, including
bandwidth, memory and storage
Increased occurrences of system or
browser crashes
Increased remote-access costs
Reduction in productivity
Higher risk of legal liability
SYMPTOMSA variety of symptoms can accompany a spyware infection,
such as an increase in the number of pop-up ads that
appear when you are using the Internet; a slowdown in
your Internet connection; applications that dont run
properly or run more slowly than normal; or your Web
browser settings change without your input.
SOLUTIONSBedrick recommends that best practices begin with
prevention, First of all, only point your Web browser
to sites that you are sure of. Second, open up e-mail
attachments from only known and trusted people. And
finally, no matter how good the shareware looks, there
will be a price to payspyware is included in the
52 CDWG Start-to-Finish
package. Bedrick advises restrictions on e-mail, brow
and downloading.
Another way to prevent spyware takeovers i
incorporate a desktop firewall product or to use soft
that blocks spyware. Websense Enterprise prov
integrated Internet filtering by instructing the firewa
block or permit Internet traffic. McAfee Desktop Fire
and McAfee VirusScan Enterprise Suite 8.0i help preinfestations. Trend Micros InterScan Web Security
(IWSS) scans all HTTP traffic, and blocks spywar
the gateway. Symantecs AntiVirus Corporate Ed
provides advanced, organization-wide spyware prote
and monitoring.
If your systems are already infested, the cure is sec
software that cleans and removes the unwanted prog
and code. CAs PestPatrol can remove the offen
programs and runs continuously in the background. O
you have a clean machine, Fleming recommends run
the scan daily. McAfees Anti-Spyware Enterprise Ed
Module also helps provide the cure. This is a product
plugs into McAfee VirusScan Enterprise.Government and educational organizations gene
require a business-grade version of security soft
rather than a consumer grade. The business-grade soft
advantages include management capabilities to en
policy, upgrades, reporting capabilities and the abili
prevent users from changing policies on their machin
Types ofSpyware
-
8/14/2019 HowItWorksG
4/4
CDWG Start-to-Finish
CDWG offers a portfolio of value-added services to help expand your IT capabilities.
ITHow CDWG DoesSpyware
Pervasive spyware problems demandcomprehensive solutions. CDWGprovides an up-to-date knowledge baseabout many security solutions frommultiple software vendorswhetheryoure looking for suites or standalone,best-of-breed products.
You may say, How do I know if I have a problem?
If you use PCs and the Internet, you likely will have some
type of spyware on your machines. If you experience adegradation of desktop performance or you suddenly get pop-up
ads that you werent getting previously, spyware is most probably
the cause.
Whether you are at an office of less than 10 people or have 500
users, CDWG can assist you in planning the right solution to
keep spyware under control. Gregory Vanek, CDWG Symantec
system engineer, recommends that small- to mid-size organizations
use consumer-grade products off the shelf. But for organizations of
10 or more, Vanek suggests going with licensing programs because
of price point and ease of renewal. A licensing program also has
maintenance built into it, so that if you need any kind of tech
support, you can just call.
PLANAND BUILD
CDWG offers all the big names in security: Computer Associates,
McAfee, Symantec, Trend Micro, Websense and others. If you are
looking for an antispyware solution, you may want to consider
more than one vendor. CDWG can start the process with a
conference call that includes specialists who are trained experts for
each major security software vendor. All CDWG specialists work
together with their account manager as a team to build the best
solution. The specialists also complete general and cross-training
courses and certifications.
There are advantages to both standalone antispyware products
and those that are incorporated into a security suite. Currently,standalone products can remove the offending software, while
many other products havent gotten up to speed on removal. Vanek
says that the next generation of solutions, which will become
available in the first half of 2005, will be more automated
detecting and immediately removing the spyware. The advantage
of these suite solutions will be ease of management for IT staff.
EVOLVE
However, spyware developers wont be standing still, ei
McAfees Bedrick says, There is a financial incentive for
authors of these programs. This is a commercial ende
so they have funding. The less legitimate ones are tryin
circumvent the security measures for removing theminclu
reinstalling themselves and every trick in the book. The
that are particularly difficult to remove, the industry has du
scumware, because of what it perceives to be the underhanded
of those programmers.
Although Vanek applauds the U.S. governments steps to
fend off the spyware onslaught, he believes that techno
will always be required to help protect organizations
spyware, Its great that the government is enacting legislationits usually a step behind what industry is doing. Industry
already addressed it by coming out with antispyware prod
And, ultimately, because of the fact that not all spyware is ill
the legislation that went through leaves it a little vague. Ultima
the laws probably wont be as effective as actually ha
antispyware software.