Contents
Introduction
Identifying the Culprit
How to Battle Spyware
Spyware, adware, greyware, scumware . . . whatever you call it, you don’t want it on your employee’s computers.
The trouble started when Bill M., an employee at a major university, downloaded what he assumed was a required program for an online MBA class he was attending at night. The freeware program purported to improve performance when accessing e-learning courseware.
“Almost immediately, my computer became very unstable and acted funny, freezing, crashing, and maxing out the CPU.,” Bill says. “Every time I launched my Web browser, it would redirect my home page. When I’d attempt to perform a Google search, I’d land on unknown search results pages that were clearly designed to entice me to ‘Apply Now for a Student Credit Card,’ or ‘Earn a Diploma in Your Spare Time.’ It became impossible to do my job, and I lost countless hours as the computer continued to crash over and over again. It was like my computer had become possessed.”
The demon was spyware, or more specifically in this case, adware, a program bundled with freeware with the "spy" being a marketing company that makes a commission from serving ads or recording surfing habits for research purposes. A widespread and growing problem, 92 percent of IT managers report that spyware has infected their organizations, with an average of 29 percent workstations affected, according to a 2004 Harris poll. In addition to the hours of lost user productivity, once installed, adware is notoriously difficult to remove. Sometimes removal is impossible, as the offending culprit often invites more adware to install itself.
This was the case with Bill's computer. "Our IT administrator ran several spy-detection and removal tools on my computer. Some caught it, others did not," he says. "None of the products was able to remove the adware completely, as it had made thousands of changes to the registry and kept reinstalling. After spending more than 50 hours attempting to clean up the system, we finally gave up and scrapped the entire hard drive."
Was it a safety risk? Not necessarily. More reputable adware vendors are quick to point out that they no longer record surfing habits and relay the information to third-party researchers. Safety risk or no, this particular adware created productivity loss -- user productivity as well as IT support -- which is hard to ignore, especially when extrapolated across hundreds of workstations.
Although adware may be increasing support calls because it often makes its presence painfully known to the user, spyware, because it is purposefully designed to be stealthy and transparent while recording and relaying keystrokes, poses an undeniable, serious security risk.
Spyware's origins are in perfectly legitimate programs designed in the 1990s to monitor computer use. Marketed to parents to monitor minor children's online activities or to employers wishing to monitor employee computer use, many of these programs eventually touted "remote installation" -- the ability to install without having physical access to the monitored computer -- as a key feature.
The evolution of these programs, however, brought us to today's challenges. Hackers and identity thieves are increasingly developing and exploiting spyware programs that enable them to record passwords and other sensitive information such as credit card and Social Security numbers, as well as corporate secrets.
In the business environment, the best approach starts with a sound security policy that is communicated to employees and enforced by effective technologies:
It's important that any antispyware product you choose provide comprehensive enterprise-management features. For example, Cisco Security Agent provides flexible policy control as well as application investigation, the ability to identify unauthorized or unknown applications that are installed or run on remote computers. This feature enables you to build a list of suspected spyware applications from throughout the enterprise for analysis. From this analysis, you can develop policies regarding what adware can and cannot do, such as automatically prohibiting the program from installing on additional computers, strictly limiting its behavior where it is already installed, or completely disabling it.
Next Steps: For additional details, read the white paper Cisco Security Agent: An Enterprise Solution for Protection Against Spyware and Adware or find additional information about Cisco Security Agent at http://www. cisco.com/go/csa.
This document is part of the Cisco Security portal. Cisco provides the official information contained on the Cisco Security portal in English only.
This document is provided on an “as is” basis and does not imply any kind of guarantee or warranty, including the warranties of merchantability or fitness for a particular use. Your use of the information in the document or materials linked from the document is at your own risk. Cisco reserves the right to change or update this document without notice at any time.