Spyware: May 2004 Archives

Enterpise Spyware Protection

Spyware is a problem effecting enterprises more and more. I think we are at a point similar to where we were with spam a year ago. It is starting to build to the point where users will not accept it any more. It is slowing the systems and exposing companies to legal liability. I predict that by this point next year anti-spyware software will be expected by the users just as anti-spam solutions are expected now.

Currently, there is an ad hoc approach. The smart users don't get spyware installed or they are able to install adaware or spybot and take care of the problem for themselves. Other users are left calling the helpdesk and you've now got downtime for the user as the anti-spyware software is installed, updated and run. Most of the products aren't even able to remove all threats.

If you push out the antispyware software on all users, and provide instructions on updating and running the software monthly or as they have problems, that is a solution destined for failure. It reminds me of antivirus software pre 1999ish.

A corporate network demands a centralized antispyware solution. Not because your companies computer guy wants to stay in control (well that too). Rather it is important to make sure that the software is consistently run and updated. If there is a problem it should report back to a centralized point so that the helpdesk can be dispatched.

Over at myitforum.com we've been talking about various ways of preventing spyware.
1. User Education. Users should be aware that "free" applications often come at a price. Also when they are surfing they need to be careful about what they say yes or ok to. Often its better to just close the windows on a popup
2. Browser configuration - While user education might help with the adware that gums up machines, much spyware is installed serupticiously (I need to install IEspell on the computer I'm at) on computers via poor configuration of the IE security levels.
3. Vulnerability Patching - Even fully patched, Internet Explorer is a sieve for letting malicious websites mess with you. (wait, was that a mixed metaphor?) Its best to make sure everything on your system is well patched.
4. Personal firewalls that manage outbound activity can be helpful in letting you know what programs on your system are doing. They are also one humongous pain in the rear.
5. Install antispyware applications.

After reviewing non-software protections, I decided it was time to look at anti-spyware software. The antivirus companies are getting into the antispyware game. Symantec has it in 2004, and possibly 2003 consumer versions. SAV 9 corporate edition has spyware protection also. McAfee is known to have spyware definitions as well.

The question is how well do they fare?
I cant speak to McAfee since I'm a Symantec customer, but my cohorts at myitforum tell me that it isn't that great. Its difficult to separate the virus reports from the spyware reports. And often detection is ok, but removal is nonexistant.

That matches my experience thus far with Symantec. I was surprised to find that I could only scan for spyware during manual scans and scheduled scans. That was rather disappointing. The good news is that scanning for spyware isn't all or nothing. I can choose to scan for spyware and adware, but not jokes and hacking tools. This is important because it may be completely normal in your company to be running l0phtcrack or even more innocent things like samspade or netcat which some spyware vendors detect as hacking tools.

Important Features for Corporate Antispyware
1. Mechanism to control updates
2. Real-time scaning capabilities, not just scheduled scan
3. Centralized reporting

Thus far the anti-spyware software reviews I have seen are all about software designed for the end user. I'm currently looking at Symantec Antivirus 9, Pest Patrol Corporate Edition, and if they get back to me there is a beta of a enterprise version of Webroot Software's Spysweeper. I plan to continue this in a part two as I look more closely at specific solutions.

By Roger on May 26, 2004 3:09 PM |

Did They Read It?

There seems to be a lot of controversy lately surrounding didtheyreadit.com. This company adds a webbug to your outgoing messages so that when the message is opened the web browser will open the webbug and signal the message as read. This is much more powerful than the standard return receipt because the return receipt requires the mail server or the mail client software to cooperate and return the receipt. Often by default the user is told of the return receipt request and they can say yes or no. Didtheyreadit.com attempts to signal back without the user being aware.

The can fail to work for a number of reasons.
1. Perhaps you have a personal firewall that blocks http connections from the email client.
2. Perhaps you are running a text based mail client that will not load images.
3. Perhaps you are running Outlook 2003 which does not load images from non-trusted users by default.

Also who really wants to run all their mail through a untrusted server just to have them add the webbug in? If its important enough to get a return receipt, why trust it to a unknown third party.

But I didn't really write this article to discuss the features and drawbacks of didtheyreadit.com. That really isn't important to me.

I am amazed by the flurry of articles surrounding this product. The privacy nuts are out in full force. Imagine, a sender knowing when their email was read. What an outrage. Also the Linux zealots are also printing articles about how their text mail reader of choice doesn't rat out when your email was read. I

This is nothing new, and its getting way to much press. If this continues a couple more days, I suspect congress will pass a law against it. Probably in CAN-SPAM part 2. That is if they haven't already recessed for the summer.

http://www.usatoday.com/tech/news/techinnovations/2004-05-20-email_x.htm
http://arstechnica.com/news/posts/1085359926.html
http://slashdot.org/article.pl?sid=04/05/23/2146200

By Roger on May 23, 2004 11:35 PM |

Spammer Testifies that CAN-SPAM is license to spam

Ronald Scelson is upset. He says he complies with CAN-SPAM yet ISPs wont let him spam at will. Oh the humanity! You mean to say that CAN-SPAM wasn't meant to be the spammers enablement act? Both pro and anti spammers have said that this is the likely outcome of the federal legislation. As long as the spammer has legit headers and contact information he is in the clear.

Was this legislation really meant to dictate whether an ISP can enforce their Acceptable Use Policy? Richard Scelson seems to think so. I suppose someday some wrongheaded judge will agree with him.

By Roger on May 20, 2004 7:50 PM |
Main Index | Archives | Spyware: June 2004 »

Search