PROTECTING CORPORATE ASSETS IN THE AGE OF SPYWARE
Yanki Margalit,
Chairman and CEO
Aladdin Knowledge Systems, Ltd. (Nasdaq:ALDN)
It
damages productivity, drains help-desk resources, and creates security
holes which enable the uncontrolled flow of data out of an organization.
Virus?
Trojan Horse? No, it's spyware, and it's raking in billions of dollars
a year for unscrupulous enterprises worldwide. The statistics cited in
recent reports are alarming:
• 90% of home PCs are infected
with spyware (Dell Survey)
• 80% of all PCs are infected with spyware (National Cyber Security Alliance
and AOL Survey)
• 67% of all PCs are infected with spyware (IDC estimate)
But in order to fully understand the threat, we must first understand what spyware is. According
to most accepted definitions, spyware is software installed without the
full knowledge of the user. It is often covertly transferred to a user's
computer during the downloading of file sharing programs, or when surfing
certain websites. (Adware, though objectionable, does not transmit
information to a third-party and is not included in our definition as
spyware.) Computer users and web surfers should
note that spyware (and adware) components such as Gator, Cydoor, eZoola
and others are found in most "free" applications.
As
if installation without consent isn't bad enough, spyware poses a security
threat by transmitting the user's private information back to a third-party.
Using spyware, its creators can:
-
Gather a user's private/personal information
-
Steal copyrighted or confidential information
-
Create irreparable system instability
-
Damage or interfere with legitimate application
operations
-
Open a backdoor on infected systems Take over
an infected system
|
|
|
How bad can it really
be? At Aladdin, our Content Security Research Team recently completed
a thorough analysis of the top 2,000 spyware in the wild in the first
half of 2005. They classified spyware into three threat categories, based
on the nature of, and actions taken, by the spyware program:
-
Severe Threat
-- Fifteen percent of spyware threats send private information gathered
from the end user currently logged on to the infected system: logging
the user’s keystrokes, logged-on user name, hash of administrator passwords,
email addresses, contacts, instant messengers login and usage, and more.
-
Moderate Threat
-- Twenty Five percent of spyware sends information gathered from the
victim’s operating system, including the computer (host) name, domain
name, logs of all processes running in memory, installed programs, security
applications, client’s internal IP address, OS version, the existence
and versions of service packs and security updates, TCP ports the spyware
is listening to, Computer Security Identifier (SID) ,default browser’s
homepage, browser plug-ins, etc.
-
Minor Threat
-- Sixty percent of spyware transmits gathered commercial-value information
about the end user’s browsing habits. This includes keywords used in
search engines, browsing habits and ratings of frequently visited websites,
shopping reports etc.
These statistics demonstrate
the seriousness of the threats of corporate espionage and computer crime
which companies face from spyware.
Skirting the Legal Line
Part of the difficulty in fighting spyware is that it is often installed with
the user's consent (usually as a component of a seemingly benign software
program), though not necessarily his or her full understanding – thus
making it a tough legal question. Many spyware vendors argue that
their applications are not spyware, but simply smart marketing.
Groups such as the recently formed Anti-Spyware
Coalition (which includes industry leaders such as America Online, Computer
Associates International, Hewlett-Packard, Microsoft, and Yahoo) are pushing
for common definitions in spyware, and for the establishment of accepted
practices in the fight against spyware. They note that the spyware phenomenon
is expanding from the consumer arena, becoming a bigger enterprise issue.
So, what is an enterprise
to do? Take their computers offline? Go back to back to the days of typewriters
and locked file cabinets?
Part
of protecting your organization’s sensitive corporate and employee information
is a matter of staying informed and keeping your computer security solutions
up-to-date. An educated computer user is a safer computer user, and though
there are no 100% guarantees against spyware infection, recognizing the
signs of infection is an important step in securing your interests. These
signs include:
- Significant
increase in network activity
- Significant
decrease in PC performance
- Strange,
dialog boxes, asking suspicious questions
- New
modem dialup connections
- System
instability
- Excessive
pop-up windows
- Website
re-direction
- New
toolbars, menus or buttons
- Persistent
homepage address changes
- Default
search engine change
- New
taskbar icons
- New
items in Favorites
- Excessive hyperlinks added to webpages
Desktop Solutions are Not Enough
To
truly protect your company against spyware, you need more than just a
desktop anti-spyware solution. Desktop solutions are also not always effective
against ‘driveby’ spyware applications (i.e., those downloaded automatically
from a web page without the user’s knowledge or permission). And smart
users can circumvent desktop policy, but not gateway enforcement. Finally,
while desktop solutions are effective for cleaning, some spyware can create
damage beyond repair.
As
with anti-virus solutions, a first layer of defense at the gateway is
clearly the best security practice.
Gateway
Security Critical to Protecting Your Assets
When
evaluating a corporate or enterprise-wide anti-spyware solution, make
sure that it stops
spyware at the Internet gateway, before it has the opportunity to compromise
your organizational defenses. If it doesn’t cover the following
layers of protection, you're not implementing a complete solution:
Layer
1 - Spyware download blocking - proactively blocking web content exploits
which allow automatic spyware download and installation; preventing unintended
spyware download by unsuspecting users after being exposed to tricky or
misleading dialog boxes.
Layer
2 - Spyware ID Blocking -- blocking access to spyware servers and auto-updated
lists; blocking spyware by ActiveX identification and prevents existing
ActiveX from being exploited.
Layer
3 - Spyware signature blocking – using traditional signatures similar
to those used in anti-virus products, as well as Smart Signatures enabling
the proactive blocking of new variants of known spyware families.
Layer
4: Spyware communication blocking -- preventing existing spyware from
communicating with their servers; providing protection even when spyware
has already been installed on the desktop.
Layer
5: Centralized spyware remediation – giving IT and security administrators
the ability to identify and remove functioning spyware components from
desktops, using a centralized server instead of spending hours at each
desktop on individual cleanup.
In 1998, Aladdin’s
security experts recognized the dangers posed by malicious code delivered
through on web pages -- which today we call spyware -- and began developing
solutions to protect organizations from these threats. Through a
significant investment in R&D and product innovation, Aladdin today
is at the forefront of helping organizations stay safe from spyware and
other malware.
>>Aladdin Archive
Yanki Margalit
is the founder, chairman and chief executive officer of Aladdin Knowledge
Systems, Ltd. In 1984, he developed a handwriting-analysis software application,
founding Aladdin to market it.
Mr. Margalit then developed HASP, a system offering software security
without inconveniencing legitimate users. In 1993, Mr. Margalit took Aladdin
public on the NASDAQ stock exchange.
Today, Aladdin is a global leader in the software and Internet security
market, living up to its mission of "Securing the Global Village."
Visit the Aladdin website at
http://www.Aladdin.com
to learn about Aladdin security solutions.
|