Content
Spyware Countermeasures
“Know your enemy” counseled a Chinese philosopher of war. Since the online scourge of spyware is the fastest growing sort of potentially unwanted program, that advice is just as relevant today as it was in 500 B.C. With so much unwanted software floating around, it is important to know what you’re up against and how to prevent or eradicate it. It’s also critical to understand the current dynamics of the software market so that customers can pick the vendor best suited to offer solid, long-term protection.
Spyware has become an umbrella term that includes traditional malware, such as Trojan horses as well as what are better characterized as potentially unwanted programs (PUPs). PUPs are pieces of software that often operate under the radar without the user’s full awareness. While some PUPs are benign, most have can have hidden or unintended privacy or security implications.
How does a piece of software go from being desirable to potentially unwanted? “Our customers make that distinction,” says John Bedrick, Group Marketing Manager for McAfee®. “Users may want those fancy smiley icons to use with instant messaging, but the company that owns the laptop is fully within its rights to overrule that. Customers need solutions that allow them to make decisions about what programs they do or don’t want in their environment."
PUP Primer
PUPs come in many different flavors, and sometimes have a slightly schizophrenic nature since they can be used for good or bad. Here’s a quick introduction to some of the more common PUPs on the loose:
Adware: A PUP that delivers advertising as pop-ups, pop-unders or banner ads. Its ultimate purpose is advertising. Sometimes adware tracks Web surfing habits. Typically, adware is installed alongside other software, and the user then agrees to receive advertising in exchange for some other free software—like instant messaging (IM). While adware isn’t typically considered a big security risk, it can slow computer processing speeds to a crawl.
Spyware: As with adware, spyware is usually installed with freeware or shareware or by clicking on a porn site. But unlike adware, Spyware collects and transmits data to a third party without the user’s or company’s knowledge.
Home page hijackers: These mechanisms modify the browser settings to redirect users to a new home page, search page, or error page—often something pornographic. A user’s browser favorites list may also be altered by these PUPs. While not a security threat per se, home pages resetting themselves in front of customers or co-workers could prove embarrassing. Since some companies have faced legal action or been fined when workers post mildly risqué calendars or posters, this hijacking software presents an unexplored area of legal risk that most companies would prefer to avoid.
Cookies: Simple text files used to track surfing habits and preferences. Amazon.com among countless other Web sites, for example, drops a cookie and remembers the user at his or her next visit with suggestions based on what was searched for or purchased. Cookies aren't necessarily a security threat.
Keystroke loggers or key loggers: Software that records all keystrokes, whether it’s e-mail, IM conversations, Word documents, online banking or anything else that is typed. Consumers and businesses have a huge problem with these being installed on their machines without their knowledge. While the nefarious side of these PUPs is obvious, they are also used by law enforcement agencies to gather evidence, and some companies install them to monitor employee behavior.
Remote administration tools: These tools allow someone to seize control of a PC or server. They are good news when a user is having a problem and IT staff can take control of the PC for a quick diagnostic test, for example, but it’s extremely dangerous if a hacker gains control of a computer and accesses proprietary data or makes the machine part of a network for sending spam.
Prevention First
Prevention of these unwanted programs can be done through regular end-user training, stringent acceptable-use policies and filtering at the perimeter of the enterprise. “The first step needs to be prevention at the front lines—stop yourself from getting these programs so you don't have to worry about cleaning them off later,” Bedrick notes.
Policy enforcement is another effective prevention tool. In part, that means restricting users’ rights on their machines rather than letting them have free rein to install anything they want or browse anywhere they please. Companies can activate operating system restrictions for starters, but they should consider desktop firewalls and host intrusion protection software like McAfee Desktop Firewall and McAfee’s Entercept. “Such software can really lock down the machines based on the policies you set,” Bedrick explained.
In spite of those efforts, some PUPs may still evade detection. That’s where McAfee’s leading position in the antivirus market serves as a smart complement to anti-spyware solutions. “With antivirus software signature files up to date and an anti-spyware program, you will be able to block a lot of stuff from being installed,” Bedrick says. Businesses can do something else that individuals or home users can't—install perimeter protection. “Some things will still get through perimeter defenses, so you need a layered approach,” he added.
And that's where McAfee's IntruShield network intrusion prevention system can flex some new muscle with its multi-layered protection against spyware and other PUPs, thereby providing a beneficial and complimentary overlap to McAfee’s strong system-based spyware protection. In addition, McAfee’s comprehensive spyware protection cuts across multiple product lines including McAfee Anti-Spyware Enterprise, McAfee VirusScan Enterprise 8.0i, McAfee Secure Content Management solutions and McAfee Foundstone technologies. With the most comprehensive suite of system and network defenses available today, McAfee allows customers to deploy multiple, critical layers of protection to safely block and eliminate spyware, malicious code and other unwanted programs.
Built For Business
That leads to another difference between McAfee’s solutions and most other vendors’ security packages—most of which are aimed at consumers and home users. “You can't reasonably expect to have decent security if you take a consumer product, cobble together some management software, wave a magic wand over it and pronounce it business grade anti-spyware,” Bedrick explained. “The needs of a business regardless of its size must be taken into account during software development, not after the fact.”
Bedrick recommends businesses take advantage of a security management console for administering anti-spyware products and policies. This makes sense especially if businesses have antivirus software, firewalls and host-intrusion protection. “You want a single footprint for managing all these suites that’s seamlessly integrated and not a bunch of separate icons,” he says.
Medium and large businesses will want security management consoles to handle a number of other related functions: compliance management, rogue machine detection and policy enforcement. For security to be considered truly business-grade, McAfee believes all security agents—spyware included—should update themselves automatically.
“A true business-grade security product allows IT to push updates from the management console to end-users,” Bedrick adds. That way, companies get agent-driven updates and those initiated from the management console, covering both the client and system bases. Such upgrades and updates shouldn’t require users to reboot, or ask them to do anything.
McAfee provides true on-access scanning, alerting and blocking of PUPs. The company also offers 24-hour technical support year-round and has Anti-virus and Vulnerability Emergency Response Team (AVERT), one of the top-ranked research organizations in the world, with researchers in 13 countries on five continents. And with consolidation in all segments of the software market, enterprises must consider whether the vendors they do business with are in the security market for the long haul.
PUPs on the Loose
Does your organization’s network contain any of the following potentially unwanted programs (PUPs)?
• Adware
• Spyware
• Home page hijackers
• Cookies
• Keystroke loggers
• Remote administration tools
Learn More
Learn more about McAfee's Anti-Spyware Products.
