Home » Data Protection » Malware/Cybercrime

Spyware: Scumware Out There

Security vendors big and small are in an arms race to root out spyware and other malicious code, but so far they're all losing.

Given that pressure, how quickly can antivirus vendors catch up? Symantec is working on enterprise and consumer products, to be released in late 2004, that finally will contain what a spokesman calls "significant repair functionality." McAfee's newest version of Virus Scan is the first to remove some spyware—but even then, Gullotto says, the company is not yet trying to compete with programs like Pest Patrol and Spybot. (This despite the fact that Gullotto expects spyware to eventually outnumber Trojans and worms.) All bets are on.

"We're trying to evaluate who's going to get there first," Garigue says. "Is it going to be traditional antivirus companies that are going to be moving into spyware, or is it going to be the new antispyware point solutions coming into the enterprise? Who's going to dominate?"Roll Your OwnIn the meantime, CSOs will have to roll their own solutions, by using a combination of existing anti-malware tools, clever architecture, tough policies and one other old standby: employee awareness.

Web filters and firewalls can help, both by preventing computer users from visiting sites that are known to harbor spyware and by keeping errant programs from communicating with their home bases. Outbound monitoring of intrusion detection systems can allow system administrators to identify when there might be a problem on the network. Spam filters can help users fend off infected e-mails.

Companies that are especially concerned may choose to lock down their desktops and prevent users from installing any software—on purpose or not. Or they may simply decide that the spyware problem calls for policies that prohibit software that is typically rife with spyware and adware. Peer-to-peer clients such as Kazaa, for instance, often are linked to adware, and many of the files available through these file-sharing services also may be infected with malicious code.

Patching is another key to prevention. Windows XP Service Pack 2 and other patches from Microsoft are supposed to lock down some of the vulnerabilities that allow software to be installed on a PC without a website visitor's permission. (The need for these patches, of course, is fuel for those who favor open-source Web browsers like Mozilla and argue that Microsoft has not done enough to secure its products. But that's another story.)

Just as important, though, CSOs need to spread the word about common tricks the software uses to install itself and ways to tell that your computer is infected. Not all of these are the old, "Don't open unsolicited attachments" mantra that CSOs have been repeating for years. Think of this as Security Awareness 102. (See "What Spyware Does—and How to React," on Page 32, for some common ploys.)