Enterprise Spyware Protection

Spyware is a problem effecting enterprises more and more. I think we are at a point similar to where we were with spam a year ago. It is starting to build to the point where users will not accept it any more. It is slowing the systems and exposing companies to legal liability. I predict that by this point next year anti-Spyware software will be expected by the users just as anti-spam solutions are expected now.
Currently, there is an ad hoc approach. The smart users don’t get Spyware installed or they are able to install adaware or spybot and take care of the problem for themselves. Other users are left calling the helpdesk and you’ve now got downtime for the user as the anti-Spyware software is installed, updated and run. Most of the products aren’t even able to remove all threats.
If you push out the antispyware software on all users, and provide instructions on updating and running the software monthly or as they have problems, that is a solution destined for failure. It reminds me of antivirus software pre 1999ish.
A corporate network demands a centralized antispyware solution. Not because your companies computer guy wants to stay in control (well that too). Rather it is important to make sure that the software is consistently run and updated. If there is a problem it should report back to a centralized point so that the helpdesk can be dispatched.
Over at myitforum.com we’ve been talking about various ways of preventing Spyware.
1. User Education. Users should be aware that “free” applications often come at a price. Also when they are surfing they need to be careful about what they say yes or ok to. Often its better to just close the windows on a popup
2. Browser configuration – While user education might help with the adware that gums up machines, much Spyware is installed surreptitiously (I need to install IEspell on the computer I’m at) on computers via poor configuration of the IE security levels.
3. Vulnerability Patching – Even fully patched, Internet Explorer is a sieve for letting malicious websites mess with you. (wait, was that a mixed metaphor?) Its best to make sure everything on your system is well patched.
4. Personal firewalls that manage outbound activity can be helpful in letting you know what programs on your system are doing. They are also one humongous pain in the rear.
5. Install antispyware applications.
After reviewing non-software protections, I decided it was time to look at anti-Spyware software. The antivirus companies are getting into the antispyware game. Symantec has it in 2004, and possibly 2003 consumer versions. SAV 9 corporate edition has Spyware protection also. McAfee is known to have Spyware definitions as well.
The question is how well do they fare?
I cant speak to McAfee since I’m a Symantec customer, but my cohorts at myitforum tell me that it isn’t that great. Its difficult to separate the virus reports from the Spyware reports. And often detection is ok, but removal is nonexistent.
That matches my experience thus far with Symantec. I was surprised to find that I could only scan for Spyware during manual scans and scheduled scans. That was rather disappointing. The good news is that scanning for Spyware isn’t all or nothing. I can choose to scan for Spyware and adware, but not jokes and hacking tools. This is important because it may be completely normal in your company to be running l0phtcrack or even more innocent things like samspade or netcat which some Spyware vendors detect as hacking tools.
Important Features for Corporate Antispyware
1. Mechanism to control updates
2. Real-time scanning capabilities, not just scheduled scan
3. Centralized reporting
Thus far the anti-Spyware software reviews I have seen are all about software designed for the end user. I’m currently looking at Symantec Antivirus 9, Pest Patrol Corporate Edition, and if they get back to me there is a beta of a enterprise version of Webroot Software’s Spysweeper. I plan to continue this in a part two as I look more closely at specific solutions.