Content

Anti-spyware 2007

Back in the day, spyware was an annoying little beastie that got buried in your computer and told DoubleClick how many times you bought faucets at Sears. If you bought a lot, soon you would start getting mysterious spam from plumbers. You would ask yourself how the plumber found out you were remodeling, only to find out that your buying activity had been tracked and your email harvested. That, sadly, still happens.

Paste this URL into your browser to view the group test: https://offlinehbpl.hbpl.co.uk/misc/UCX/MiscFiles/GT%202%20matrix.pdf

However, today the threat from spyware is much more insidious and much more dangerous. Not only does spyware track your buying habits, it offers pop-ups to such undesirable places as pornography sites, not to mention other, more palatable but no less annoying sites. The legal and law enforcement communities are struggling with how to handle apparent cases of child pornography when the defense is unstoppable pop-ups.

Take, for example, the case of Julie Amaro, a substitute teacher in Connecticut. During a class, the computer being used started spewing pornography site pop-ups and Ms. Amaro claims, with credibility, that she could not stop them. Since she had been told not to turn off the computer, she stood in front of the PC to shield the children in her class from exposure to the porn.

Nonetheless, four children in the classroom got a glimpse and the teacher was tried and convicted of four counts of child endangerment. Her sentence could be up to 40 years in prison (10 years for each of four counts). This case is likely to go to appeal for a lot of reasons, but the point is that Ms. Amaro experienced a pop-up storm caused by, as forensic experts found, an infestation of spyware. The school’s computer had no current copy of an anti-spyware product.

Worse, spyware can steal from your computer. It can steal company secrets, your credit card or bank information, your identity, and it can crash your computer. Spyware infestations can clog processes and make your computer slow to a crawl before it crashes completely. Some spyware programs are extremely hard to remove. At least one alters a kernel file in MS XP Professional that is created during installation. Since it is unique to the computer, it cannot easily be cleaned or replaced. The spyware is, essentially, unremovable even using instructions from various anti-virus or a-s vendors.

The bottom line is that you need an AS product that interdicts these internet nasties before they burrow deep into the operating environment. If you do not have a prevention program in place, you will become infected, no matter how well your computer is otherwise protected. Spyware infestations are dangerous to organizational networks because they spread very easily.

There is another, far more threatening use of spyware, industrial espionage. Spyware programs, written specially for the purpose, infect organizational computers and steal from them. What they steal could be trade secrets, logon information or other important organizational information assets. Finally, spyware can steal your identity. There was a recent case of a spyware program emailing personal information on thousands of users to a site in China.

There are many different types of spyware, such as remote access trojans (RATs), backdoors, financials, password stealers and crackers, proxys, keyloggers, downloaders and hijackers.

What to buy

We, with the help of West Coast Labs and the Checkmark Certification system, evaluated most of the leading anti-spyware products in the market. Our protocol was the same one that we used for the anti-virus evaluation (see pg. 57). The products, all with good catch rates, are laid out in a features matrix to make it easy to compare products and features.

When buying an anti-spyware product, look for one that meets your specific needs. Are you an individual or are you buying for an organization. If an organization, you may want a product that is part of an anti-malware suite. In either case, AS products that are being updated regularly and have the ability to catch unknown spyware are at the top of the buy list.

In an organizational environment, the most dangerous spyware never hits the street. It was custom made just for you. While that sort of thing is, today anyway, rare, it

is the toughest catch for an anti-spyware product. As always, fit your purchase to your need. However, in the case of spyware, assessing that need is very important and, in some cases, not easy.

- Mike Stephenson contributed to this Group Test.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.