Spyware: July 2004 Archives

Interesting article over at zdnet . According to Forrester Consulting 44% of companies with 20,000 employees or more employees have someone paid to monitor email. There are concerns of disclosure of proprietary information, compliance with Sarbanes-Oxley, and worries of a hostile workplace lawsuit.

I'd love to see the actual report rather than this santized Zdnet version. Would they say any company that blocks spam and reviews the quarantine for false positives also counts as having an employee who reads the mail?

I suppose this zdnet article is supposed to spark moral outrage. Companies walk a fine line when it comes to being seen as big brother. But each of the concerns listed in this article are legitimate. Some are required by legislation. This all gets back to company policy. Be up front with what monitoring is occuring and why. The policy must be clear and enforced. It cant be a document that is stuck in a drawer.

Back on May 23rd, I wrote a short article on the controversy surrounding "Did They Read It", a program that adds a webbug to your email so you know that it was read, and how many times it was read.

At the time I predicted that Congress would soon have a law forbidding webbugs. Well, its not Congress, but according to this article at BroadbandReports.com the French have announced that under French law it is already illegal for a French citizen to use didtheyreadit.com.

I'd go see if DidTheyReadIt.com has a response, but Websense doesn't let me access that website. Websense as them in the spyware catagory.

I cant help but feel that people who get this sense of violation when the read about didtheyreadit are unaware of webbugs and how they are likely used in all the html newsletters and promotional material that you already get. This just makes the technology available to the average user.

If you want to remain in control of your email, you need to make sure you're reading in a "text only" mode. Or run a personal firewall that will disallow or prompt outbound http attempts from your mail client. I imagine that Outlook 2003's default of not loading images on mail from external people would help also.

Webroot released an update to their enterprise antispyware product lastnight. Version 1.1

The main improvements reported by Webroot are:
1. Now uses MSI to aide in deployment
2. Ability to run a scan on demand
3. Ability to obtain updates through a proxy server.

Although I'm still in an early stages of the eval process, I can say that webroot meets a lot of my needs for an enterprise level product.

1. Updates are retrieved from the central server. You can check for the client to check in hourly and for the server to check in more often. I haven't been using it log enough to get a feel for when updates come out. It seems like spyware updates are weekly. One complaint I have about updates is you cant tell what antispyware definition set a client is using! You just have to hope that they pulled it from the server correctly. That seems kind of strange.

2. It checks the memory occasionally for spyware (at least that's the way it appears to me that the Memory Shield works) in addition to having manual and scheduled scans. To me this isn't quite the same as real time protection, but its better than most. I also like that 1.1 has added the ability to "scan now" on one system or the entire enterprise from the administration console.

3. The centralized reporting is ok. I would really prefer the ability to export to CSV or have some graphs. The single canned report allows you to select the date range and thats it. It creates a report of spyware by computer.

I really like that webroot allows the end user to run scans also. This new version 1.1 changes the default to run webroot completely hidden. That can be fine depending on your userbase. I would test to prefer something like Symantec Antivirus with the SSC where I can let a user run liveupdate, but he cant change the default schedule. A user can create a scheduled scan or run one now, but he cant disable the default scan I have created.

Webroot has the makings of a fine product here. It is in its early stages, but I think it is the leader in terms of enterprise antispyware products.