Spyware Vs.Spyware
With every new advancement in networking speed and usability, it seems, comes a parallel increase in risk. The good news is that vendors, too many to count, are feverishly working to combat each new threat as it arises and anticipate ones on the horizon. The bad news is that actual and would-be hackers are running neck and neck with them all the way.
One of the latest threats to grab the spotlight is spyware. Almost unheard of just a few years ago, spyware has moved center stage in the security industry's ongoing battle against Internet intrusions.
Spyware usually infiltrates a user's system through pop-up windows, ads or spam, offering freeware that a user willingly downloads. (More insidious forms of spyware can sometimes land on a system even when a user isn't consciously downloading anything, but instead just clicks on an offer for a free product or service.) Once it's in place, the software can track the user's surfing patterns and transmit them back to the spyware's originator, who then can use the information for anything from merely annoying applications, such as targeted marketing, to more nefarious tasks, such as trying to break into computer systems.
This isn't just theoretical. Last fall, a gang of hackers broke into computers at a London-based branch of a Japanese bank and attempted to steal more than $400 million. Investigators on the case are looking into the possibility that the hackers gained access to the bank's computers via a spyware application.
Given an awareness of the spyware issue--indeed, of security issues in general--that's fair, at best, the potential for violations such as what happened in London is increasing. In March, security vendor SurfControl released a report finding that while 90 percent of the 7,500 businesses it surveyed had established e-mail usage policies, only about half of them had set up similar policies for instant messaging and peer-to-peer communications, leaving them vulnerable to spyware-type attacks. Akonix Systems, an IM security company based in San Diego, has reported that the number of attacks on public IM networks--usually delivered via attachments enclosed in a message--has tripled since last year.
Meanwhile, the use of bot nets, which are collections of compromised computers controlled by a single person or group, also are on the rise and being used to install spyware, exposing a user's personal information, such as passwords and credit-card numbers. The ever-industrious hackers also are taking advantage of the booming popularity of weblogs by using JavaScript and ActiveX--two commonly used tools for bloggers--to infect computers with spyware. In this case, the hackers hide it inside JavaScript programs that they offer to bloggers who want to add features to their sites but end up becoming unwitting delivery platforms for spyware.
"For a long time, these threats were predominantly random attacks, but about a year ago, the bad guys realized they could send more targeted attacks using various types of malware," says Richard Stiennon, vice president of threat research at Webroot Software, Boulder, Colo., which makes antispyware tools. "At the same time, the entire malware industry has become a money-making business that evolved out of spam and adware. The one common element in all this is the attempt to make money with these programs."
Help On the Way
Congress has begun to address the spyware problem. In March, legislators introduced a bill to the Senate designed to regulate spyware, and it seems likely that some kind of law will be enacted this year. But last year, the House of Representatives passed a different antispyware bill that later died in the Senate, and given the toothless results of the CAN-SPAM Act, no one in the tech industry is too optimistic about the potential effectiveness of any new legislation.
"Congress is working on this bill, but it doesn't have a lot of teeth," Stiennon says.
As is often the case with technology concerns, the best solution to the spyware problem is a combination of technology and user education. Jupiter Research, New York, recently did a survey that showed how the education message finally seems to be taking hold. According to its survey, almost 58 percent of users are in the habit of deleting cookies, and roughly 39 percent of them do it at least once a month. Those numbers are far below ideal, but they're on the rise.
Companies are being proactive as well. Webroot first created its Spy Sweeper application for the consumer space before releasing an enterprise version last year.
"When we made the product available to the enterprise through the VAR channel, we were deluged with signups," says Mike Conner, Webroot's senior vice president of sales. "By the end of 2005, we estimate that about 60 percent of companies will have deployed some kind of spyware solution."
The company released two versions of Spy Sweeper Enterprise between its release last summer and Christmas, and plans to update it again within the next few months.
"We can come out with new versions so quickly because the enterprise product has the same core components as the consumer version, so we have a separate R&D team working in parallel on the enterprise modules," Stiennon says.
Webroot is far from the only company with a spyware offering (see "Product Roundup," left). All the security vendors provide some type of tool for the problem, and Microsoft announced in February that it would bundle its antispyware application for free with its Windows software. (Unfortunately, the solution itself is not without bugs; later in February, Microsoft issued an apology and compensated a Dutch Web directory after the antispyware software incorrectly flagged the site as malicious.)
Among the larger companies with spyware offerings are Symantec, which includes the components in its various Anti-virus solutions, and Trend Micro, which in April released its OfficeScan and InterScan Anti-Spyware suites. The products add yet another layer to the companies' broad-based security architectures.
"OfficeScan began as an antivirus product that didn't have the ability to clean up spyware," says Jack Marsal, senior product marketing manager for Trend Micro. "The full cleaning and removal capability seems to be something even point products have problems with."
He says the company will offer additional clean-up services for the product starting next month.
Which Way To Go?
The question for security resellers as they try to choose partners in this space is the same as in other networking sectors: Is it better to go with a solution from a market-leading vendor that's part of a broader integrated platform, or with a point product that may offer better functionality but may not be as easily blended with the other components of a network?
It's little surprise that the answer depends on which area the VAR is targeting. For enterprise resellers like CISM, a security consultant in San Carlos, Calif., adding its latest antispyware solution makes sense.
"There's a real benefit with Symantec when you see the product as part of a bigger lineup, not as a standalone solution," says CISM president and CEO David Sockol. "It helps you determine the correlation of the attacks between different parts of the network, which you might not be able to do if the system is discrete and not integrated. In the enterprise, you need to make sure you have trend reporting not just for the product itself, but for how it works with the rest of the network system."
That's not to say that a standalone solution from a company such as Webroot is operating independently from the rest of the network. Excalibur Technology in Barrington, Ill., is a technology consultant that employs approximately 25 people, all of them with engineering backgrounds. The company has partnered with Webroot on Spy Sweeper, focusing primarily on the SMB space. For them, the Webroot tool arrived just in the nick of time.
"Spyware has become a much bigger problem than viruses, probably 1,000 times over," Excalibur CEO Scott Cummings says. "We get a handful of calls per month about viruses, but we get at least one per day on spyware in which it has completely disabled a company's network. Depending on what type of program it is, it can completely shut down your Internet and LAN access as well as your distribution network."
He says the spyware problem goes way beyond being a simple performance or administrative hassle.
"The nastier stuff can install key loggers and become not only an annoyance, but a real productivity issue," Cummings says. "Once you get one instance of spyware, it can be prolific; you can suddenly have thousands of spyware programs on your machine. I've seen as many as 30,000 to 40,000 on a single infected machine."
Cummings says the only foolproof way to prevent spyware proliferation is to restrict the range of sites a company's employees can go to while at work. But this is only possible at smaller organizations, and even then it seems untenable. This is where products like Spy Sweeper come in.
"You get in trouble with spyware when you're surfing randomly," Cummings says. "If you restricted access to the five or 10 sites you need to do your job, you'd have no spyware problem. If you can't do that, you need software, and we've found that Webroot worked extremely well at cutting down the support calls we received."
Cummings says Excalibur chose the Webroot tool because it had an excellent package that worked on the desktop but could be controlled with a centralized server and had functionality that even Symantec can't touch.
"It provides automatic scanning and updates at least once per day, so it's hands-off, which is a great time-saver," he says. "Symantec's Corporate Edition provides spyware support, but it's nowhere near the quality of Webroot's."
One legitimate concern VARs might have in partnering with a smaller company is whether it will still be around in a year or two. That isn't an issue in Webroot's case; in February, the privately held company closed a $108 million round of venture-capital funding, the second-largest such software industry investment since 2001.
"The funding issue is a challenge we all have with small companies, but Webroot is a stable company that has made the right hires and has strong engineers behind its product," says Greg Hanchin, a principal at DirSec, a security services provider in Centennial, Colo. "With the funding they've received, they can make a true run at the enterprise."
He agrees with Cummings on Webroot's performance, saying that big security vendors still can't beat Spy Sweeper's robustness.
"Companies like McAfee and Symantec will come on strong because everyone wants to own that piece of real estate on the desktop, but no one is doing what Webroot has been able to do at the software level," Hanchin says.
As security vendors update and upgrade their spyware products, the objective is to always stay one step ahead of the bad guys. The problem is, what can be imagined usually can't be created on the fly. But VARs can still dream.
"Antispyware solutions still can't detect what they don't know about," Cummings says. "We have to get to a point where browsers and spyware tools are better at detecting threats before they occur, but that's probably years away."