McAfee Security Insights

McAfee Security Insights

The Spyware Hunt

Spyware, adware and other potentially unwanted programs (PUPs) are more than a nuisance. PUPs compromise your protection of trade secrets and customer data, which puts you in violation of regulatory compliance. Spyware and adware sap your computer performance, increase complaints to the helpdesk, and drain employee productivity. Your network performance drops, as adware and unwanted pop-ups eat your bandwidth.

An Escalating Threat

PUPs are the fourth biggest threat to enterprise network security, according to IDC. And PUPs infest 67 percent of consumer and corporate computers, says the market research firm.

McAfee® AVERT® Labs expects PUP problem to continue unabated. In 2004, potentially unwanted programs surpassed viruses in growth rate and number of samples in McAfee AVERT Labs' collection.

PUPs find their way onto your desktop in many ways. For example, you install a browser toolbar, which contains adware that pops up annoying ads or hijacks your search results. The adware's presence may be noted in the end-user licensing agreement, but you typically accept these documents without reading the fine print. In a "drive-by download," you visit a Web site and it downloads remote-control software or other PUP. This software can be used to access confidential information on your computer.

McAfee AVERT Labs breaks PUPs into six major categories:

Spyware sends your personal information to someone else without your knowledge and explicit consent.

Adware generates revenue by targeting advertising to you. Adware doesn't necessarily capture and transmit personal information.

Password crackers allow you to recover lost or forgotten passwords. In an attacker's hands, password crackers unlock the door to your confidential information.

Remote-administration tools allow your computer to be remotely controlled. They are a significant security threat when used maliciously.

Dialers redirect Internet connections to wrack up connection charges for a content provider or vendor.

Jokes may alarm and annoy you, but have no malicious payload or use.

Strategies for Stopping PUPs

PUPs evolve rapidly. A Web site may dump one type of unwanted software on your computer today, and deposit a variant days later. PUPs may consist of hundreds of files. Once PUPs get on your computer, they subsequently download other components. "As soon as a Web site does a drive-by download, unwanted software is installed on your computer," says Ed Metcalf, Senior Product Marketing Manager for Anti-virus and Anti-spyware at McAfee. That's why blocking that first PUP is so critical.

A particular advantage of McAfee® AntiSpyware Enterprise is on-access scanning for desktops. McAfee proactively scans your computer for PUPs every time a file accesses the disk or software tries to install. If it's suspected of being a PUP, the file is blocked. Competitive products use an on-demand scan, which periodically checks your computer. But PUP installations move fast between scans.

Stopping PUPs requires a layered approach. You should establish security policies and use anti-spyware solutions to proactively block PUPs on your desktop computers and network.

Establish a policy defining what software users can install. Lock down system configurations and reduce administrative privileges. This way, employees cannot install software without IT's explicit approval.

Protect your systems and the network against PUPs with strong defenses for both systems and the network. With drive-by downloads and other attacks, computers without anti-spyware protection can be quickly polluted. If you work from home or travel, your computer needs anti-spyware protection.

McAfee AntiSpyware Enterprise provides powerful desktop protection. It uses true on-access scanning to proactively block, identify and safely eliminate spyware, adware, keyloggers, remote-control programs, and other PUPs. It enhances McAfee® VirusScan® Enterprise with registry and file scanning and cleaning as well memory process scanning and termination. You manage McAfee AntiSpyware using McAfee® ePolicy Orchestrator®.

McAfee Secure Content Management appliances filter Web (HTTP) and FTP traffic to protect your network against spyware, adware, dialers, keyloggers, backdoors, and other PUPs. McAfee® Secure Content Management appliances use the same highly accurate pattern files as McAfee AntiSpyware Enterprise to block these threats before they enter your network.

Since this article was written, McAfee has introduced new products that offer similar capabilities. Please see our products section for additional information.

Resources

Get deeper insight to stop potentially unwanted programs and download the white paper.