Special to ZDNet
What's the biggest threat to business networks in 2005? Front-line IT managers and security firms increasingly peg spyware as public enemy No. 1.
At Saturn Electronics & Engineering, a Detroit-based provider of manufacturing outsourcing services, the problems began last summer. The company's 500 users noticed that Web browsing was sometimes slow. Very slow. IT Manager Dave Higgins suspected virus activity, but manual virus scans turned up nothing. He then scoured the machines with Lavasoft's Ad-Aware and found the culprit: spyware. Once removed, the systems returned to normal operation.
"We now often scan for spyware before we check for viruses," Higgins said. "We are currently seeing Bargain Buddy, GAIN, b3d projector, Gator, n-Case, SaveNow, Search Toolbar, Webhancer, (and) Search Assistant."
Putting spyware first may become standard operating procedure this year. Businesses report spyware incidents rising sharply in recent months, and many IT departments have been on the receiving end of a nasty wake-up call. Typically associated with unprotected home PCs, spyware could soon qualify as the top security headache in the corporate world.
"An incredible problem"
At Southwire, a producer of building wire and utility cable, at least 70 percent of the company's 2,500 computer users encountered some form of spyware in the last 18 months. That's according to Tim Powers, a senior network administrator at the Carrollton, GA, firm. "Spyware is becoming a larger and larger problem for our desktop support staff," he said.
It's a similar situation at Time Warner Cable in Greensboro, N.C. "We get all kinds of spyware problems," said Sanjeev Shetty, director of information technology services for the 450-user location. "We had one PC that had 1,400 pieces of spyware on it." Shetty estimated that his staff deals with 8-10 spyware-related incidents per week. "It can take anywhere from two hours to all day to fix these. With a limited staff, this can really tie up resources."
Spyware poses challenges for other kinds of institutions as well. At Marist College in Poughkeepsie, NY, the IT department devotes upwards of 90 percent of its resources to combating spyware and issues related to it, according to Analyst Dave Hughes in the school's ResNet department. "ResNet as a whole has spent thousands of hours running spyware scans and other removal tools," he said.
"It's an incredible problem," added Kathleen LaBarbera, Marist's manager of operations and ResNet. "Spyware on a PC can be just as dangerous as having a virus. Most PC users have heard of spyware, but don't really know what it is or does."
Do you mean adware, malware, Trojans…?
Many analysts and administrators agree that while spyware's impact is rising, its definition remains elusive. The umbrella term most commonly refers to a wide range of unethical software, from difficult-to-uninstall toolbars to home-page hijackers and pop-up window generators. In a new poll of security administrators and IT managers, conducted by security firm WatchGuard Technologies, 50 percent of respondents said the vast majority of users don't know what spyware is.
Two-thirds of respondents said they feel less protected against spyware than against phishing or viruses. And the kicker: 67 percent of the IT professionals in WatchGuard's survey cited spyware as the greatest security threat to their networks in 2005.
The problem has become so serious that Microsoft is working to combat it at the OS level. With 2004's release of Windows XP SP2, the company retrofitted Internet Explorer with a pop-up blocker and gave users a more-robust firewall. In early January, Microsoft unveiled Windows AntiSpyware for Windows 2000, XP, and Server 2003. The software is a rebranded collection of utilities from Giant Software, which Microsoft purchased late last year. The package promises not only spyware detection and removal but also real-time protection. (Many other free utilities must be run manually.) Currently in beta, Windows AntiSpyware will be free until July, at which time Microsoft is expected to charge for the software and service.
The Firefox solution
What remains to be seen is whether these efforts can keep users from migrating to Mozilla's Firefox. Part of the attraction of the open-source browser is its reputation as being significantly more spyware-proof than Internet Explorer. Corporations have been slower than individuals to change browsers, citing compatibility concerns, but many IT departments are taking a close look at Firefox.
"We have been evaluating Firefox as a more secure browser to help prevent all malware infections," said Higgins of Saturn Electronics. "Currently, it runs about 90 percent of our intranet applications."
"Internet Explorer is an inherently vulnerable browser, partly because it has such a high user base and also due to poor coding by Microsoft," said Hughes. "Here at Marist, we recommend that users use (it) only for Internet Explorer-specific tasks, such as Windows Update, and use Mozilla Firefox for all other browsing."
With spyware attacks now coming from even the most innocuous-seeming software, enterprises may decide to follow suit. Security researchers at Panda Software recently discovered a pair of Trojans — programs that let outsiders make changes to a user's PC, including loading other spyware — that leverage DRM (digital rights management) technology built into Windows Media Player. When a user attempts to download a license requested by WMP, the Trojans redirect the browser to a Web site that attacks the user's system with a barrage of spyware.
"Spyware costs money"
Regardless of how a PC gets infected, the results can be serious: compromised company security, overloaded networks, and significant user downtime and inconvenience. Although the symptoms of a system that's overwhelmed with spyware vary, the primary indicators include sluggish performance, broken Internet connections, and possibly even an unusable PC.
"We've seen individual issues ranging from hijacked home pages and pop-ups to aggravatingly slow performance to completely unstable platforms," said Nick Twentyfive, senior network analyst for CTG, an IT and outsourcing solutions company in Buffalo, N.Y. "Back doors installed by spyware can be used by third parties for more serious security breaches. Lost network bandwidth and computer performance reduces productivity. Basically, spyware costs money."
And the problem isn't going away anytime soon. "Spyware's getting harder and harder to remove," he said. "Some of the spyware variants out now have forced anti-spyware companies to make targeted plug-ins to properly deal with them. That's just evil."
Perhaps unsurprisingly, as of mid-January a pair of anti-spyware utilities — Lavasoft's Ad-Aware SE and PepiMK Software's Spybot Search & Destroy — ranked as the No. 1 and No. 2 most popular downloads at CNET Download.com. But at least one observer thinks the spyware epidemic is overblown, at least where corporations are concerned.
"Much or even most spyware comes from consumers installing 'free' content or software that they shouldn't," said Jeff Duntemann, author of Degunking Your Email, Spam, and Viruses. "At the enterprise level, businesses have the talent and budget to create and enforce policies that prevent staffers from installing things themselves."
Southwire's Tim Powers disagrees: "Misspell a common domain name and you are likely to land on a domain that will inject spyware into your PC." For users today, he said, "It is difficult to avoid getting spyware if you surf the Internet at all."