|
Threat analysts will tell you that all corporations of any size are subject to industrial espionage. Today, the biggest spy threat isn't an employee who may be leaking secrets to the competition?it's not a person at all. It's a little piece of active software that finds its way into your network or home computer, gathers information, and sends it back to a covert host. It's called Spyware?and given the right circumstances, virtually every piece of information, every file, every bit of proprietary data on your network, is at risk.
Spyware presents a daily threat to organizations and can result in a variety of impacts. These impacts range from drains on computer resources and productivity?including a significant increase in help desk calls?to stealing proprietary company information and opening networks to malicious attacks. It's not always obvious that Spyware is present, making Spyware a particularly insidious type of invasion.
According to IDC, Spyware is the fourth-greatest threat to a company's enterprise network security, and 67 percent of all computers have some form of Spyware on it. Osterman Research showed another unfortunate result of Spyware?44 percent of all home users use email and the Web less today than they did a year ago, due to the threats of spam, Spyware, and other related problems.
Secure Computing provides an integrated approach for managing Spyware and security threats across the board. Two product lines, Sidewinder G2 Security Appliance and SmartFilter Web filtering, together provide a robust solution for helping to detect and eradicate Spyware from your organization. SmartFilter provides many protections against Spyware, and Sidewinder G2, which as part of its Application Defenses contains the award-winning anti-virus and anti-spyware engine from Sophos. This solution has recently won an award for its superior detection of 100% of Spyware attacks. More information on these solutions follows later in this paper.
Where does Spyware come from?
Spyware often comes into your computer network in the same way as a Trojan, hidden in a piece of seemingly innocuous freeware or shareware, or even as a piece of active code on a Web page. In the latter case, the user doesn't even have to actively download anything?the Spyware can launch automatically, simply when a given Web page is viewed. Spyware usually comes into the network unannounced, or disguised as something else. Often, it may take the form of a component of a freeware or shareware program, or it may enter into the network via a peer-to-peer file swapping system. It may also come in via e-mail as an executable attachment.
Another common way for Spyware to enter your network is via a Spyware-carrying Web site. In this technique, a user visits a Web site, and the Spyware automatically downloads onto the user's PC. There may or may not be a dialog box that informs the user of the action, and even if there is, clicking on "no" is not a guarantee that the Spyware won't download anyway.
In the worst cases, the Spyware downloads automatically without any warning or announcement?the user does not have to take any action at all other than going to the offending Web site. Some Spyware is more upfront in that it asks the user to authorize a license, in exchange for some piece of personally useful and free software, which then authorizes the download of Spyware. Of course, the agreement will not call it "Spyware," it will be worded in comfortable marketing terms.
In this way, Spyware enters into the network through a user's approval. Once the door is opened, it's hard to close it. Agreeing to a single piece of software may lead to the point where the PC is so full of Spyware that it becomes virtually useless and must be cleansed, or worse, re-formatted completely.
Specific types of Spyware threats
Spyware is often used to monitor user activity, and transmit information back to someone else. In its most common and semi-legitimate form, Spyware is used to record information about your buying and Web surfing habits for the purpose of delivering advertising to your desktop or email inbox.
|
