Security

INDUSTRY REPORT

War on Spyware Widening

The arrival of the New Year finds software security firms scampering to create new products or adapt existing packages to protect the enterprise workplace from spyware. Even Microsoft has joined the fray with its mid-December acquisition of Giant Software and that company’s innovative AntiSpyware package.

Microsoft has now released a beta version of its retooled AntiSpyware program that first carried the Giant Software label. Microsoft also planned to release a new malware-removal tool January 11.

First looks at the beta release of the made-over Giant Software product, however, suggested that Microsoft’s antispyware entry lacked any potential for enterprise-strength applications, Richard Stiennon, vice president of threat research at Webroot Software told TechNewsWorld.

Webroot Software, a developer of Internet privacy and protection software, recently completed the enterprise industry’s first spyware audit. The audit of several thousand enterprises found more than 20 spyware elements per corporate computer. It also revealed that potentially thousands of desktop computers inside large enterprises are infected with spyware, including system monitors or Trojan horses.

New Products for Enterprise

Several top-rated software firms in recent months have introduced enterprise-specific products. In most cases, these products were ported from consumer-level versions of anti-spyware software. In addition, antivirus product makers are starting to field protection against spyware.

Now, with Microsoft’s entrance into the battle to keep computers free of spyware, it is clear that the computing industry is finally making spyware attacks a top priority for the New Year.

Giant Software introduced its spyware security program AntiSpyware three months ago. It offers several features not found in competitive products.

When Giant Software President Ronald Franczyk discussed his company’s new product with TechNewsWorld in December, he said that the innovations built into AntiSpyware would change the user experience so that no other products are needed.

Spynet Feature Unique

“The consumer version has been so successful that we will release an enterprise version in a relatively short time,” he told TechNewsWorld.

A unique feature in Giant Software’s anti-spyware package is SpyNet. A real-time data collection system, it functions on two levels: It is a spyware definitions library, and it also works as a file arrester to stop malicious spyware activity as it is discovered.

SpyNet works to root out spyware in much the same way that a group of residents in a Neighborhood Watch committee looks for signs of trouble on the streets where they live. SpyNet is an anonymous, secure network of linked computers of registered AntiSpyware users.

The company claims that some 100,000 users’ computers send feedback to its database on possibly intrusive activity. Giant Software engineers determine which activities pose spyware threats and update the spyware signature database on a daily basis.

The SpyNet database tracks new spyware threats, Trojans and worms.

Giant Acquisition

So far, Microsoft has been silent on its specific plans for the Antispyware product and SpyNet. According to details provided from Giant Software since the acquisition, Microsoft was planning to use the merger to provide its customers with new tools to help protect them from the threat of spyware and other deceptive software.

Microsoft has now made its beta version of a spyware protection, detection and removal tool, based on the Giant AntiSpyware product, available for Microsoft customers.

The beta will scan a customer’s PC to locate spyware and other deceptive software threats and enable customers to remove them. The tool is configurable to block known spyware and other unwanted software from being installed on the computer. It is available for Windows 2000 and later.

According to Giant’s home page announcement, its anti-spyware technology complements the enhanced security features available in Windows XP Service Pack 2 to provide a higher level of protection for browsing and other Internet computing.

Other Anti-Spyware Products

Meanwhile, InterMute is one of the latest software makers to announce an enterprise version of its anti-spyware package for consumers. That product, Spy Subtract, was available to consumers since last year.

Andy Ostrom, director of marketing for InterMute, said the enterprise edition of Spy Subtract will include the scanner engine and the database in Spy Subtract Enterprise Edition.

“We’ve taken the time to do it right. We looked at what other companies did wrong and right,” Ostrom told TechNewsWorld.

The enterprise product focuses on ease of use for IT managers.

“Any version one of a product will need fixing. We think we got it right the first time out,” Ostrom said.

Benefits for Enterprise

One of the major differences in managing spyware intrusion is the design of policy-based centralized permissions. Ostrom said most other products are not flexible in assigning permissions.

The Web-based user interface is another design innovation, according to Ostrom. He said most other enterprise products are Windows based. However, InterMute’s Web-based interface frees the IT worker from having to sit at each computer station. Instead, there is a networkwide distribution.

Thus, IT administrators can deploy the utility from SpySubtract’s Web-based central console to an entire domain. The scanning and cleaning engine is automatically installed to each client, and then the system sends back a report to verify the installations.

One common problem with protective software is the performance slowdown inherent with running the scanners in background. The drain on resources is especially a problem in the enterprise workplace. This product monitors resources and adjusts its scans accordingly.

“When necessary, our product will stop scanning, for no performance hit at all. It is dynamic so users will never know it’s there. There is no splash screen and no tray icon,” Ostrom said.

SpySubtract Enterprise Edition also can blacklist specific products. This prevents installation of unwanted software typical of spyware. In the consumer version, this blocking feature is called Venus Spy Trap and is automated. In the enterprise version, the IT manager makes the decisions on what level of blocking to apply.

Other Features

SpySubtract stores information about its operation in an SQL database, providing built-in reports that provide administrators with a comprehensive understanding of the types of spyware that have been found on their network. This data can also be viewed on a system by system basis, allowing administrators to track trends and spot potential problem areas.

The program also regularly checks for spyware definition updates and then pushes them out to users throughout the Enterprise. It is designed to serve networks ranging in size from several dozen users to tens of thousands of users.

SpySubtract Enterprise Edition also incorporates the company’s CWShredder technology, the only software that can effectively detect and remove CoolWebSearch and other similar Web-browser hijackers

SpySubtract Enterprise can save IT staff hours of downtime trying to clean a badly infected PC. The free access to InterMute’s SpySubtract Rx, a Web-based ASP spyware cleaning product, lets administrators automatically scan and clean the PC from the Web without installing any software locally.

Help Desk Salvation

Ostrom said that current industry estimates mark up about 15 percent of all help desk calls as spyware related.

“Enterprise users surf the Internet,” Ostrom said, “which represents a huge drain on valuable resources and a major financial burden on limited IT budgets.”

Besides this resource drain, spyware has the potential to seriously undermine corporate security by giving outsiders access to confidential corporate data, he explained.

“SpySubtract Enterprise Edition allows administrators to easily clean these programs from the network and proactively inoculate against further damage,” Ostrom said.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Security

Technewsworld Channels