Spyware Prevention Requires Multi-Layered Strategy

Spyware is growing so rapidly that in order to fight back, prevention efforts need to take place on many fronts, said spyware experts.

Spyware experts on Wednesday advised companies and consumers to take a more aggressive approach toward fighting the electronic scourge, emphasizing that since spyware is evolving, prevention efforts should, too.

During Ziff Davis Internets Security Virtual Tradeshow, panelists focused on how easily spyware can be downloaded onto a system without user knowledge, and urged tradeshow participants to develop multi-layered strategies that tackle the problem at numerous levels.

Steve Weisman, author of "50 Ways to Protect Your Identity and Your Credit," noted that it is far too easy to get spyware on a system through e-mail attachments, software downloads or pop-up ads, but that getting rid of the software takes a much greater, focused effort.

Companies, as well as home users, should consider a firewall as a basic starting point, since it can identify suspicious-looking information coming into the network.

Also important are frequent updates to the operating system and Web browser software, and putting reputable anti-spyware software in place.

One habit that is particularly crucial should be reading license agreements, said Weisman. "Too few people read these agreements, so they dont really know what theyre agreeing to when theyre downloading," he said. "It can be a pain in the neck to read through them, but youll know whats coming onto your computer."

Because of the number of users, enterprises especially need to examine their reaction to threats, and what type of protections they have in place, noted Irfan Salim, chief executive and president of Tenebril.

Anti-spyware measures put in place months or even years ago may not be enough for companies now, given the rate of change with spyware and malware.

"There are evasive threats now," said Salim. "That means malware is now being designed to circumvent existing technology. Some spyware is even capable of updating itself."

/zimages/6/28571.gifClick here to read about how spyware is growing rampant in the enterprise.

Current protective technologies are often too limited to fight the threat effectively, Salim believes. Signature-based products show poor performance, and are defeated by mutation techniques that are favored by spyware developers, while behavior-based products give too many false positives, he said.

Rather than relying on one type of anti-spyware product, its necessary for companies to employ multiple layers of protection, said Scott Cummings, president of Excalibur Technologies.

A comprehensive plan will likely include a border firewall, Web site blocking and monitoring software, patching, guest access security, employee awareness training and the creation and enforcement of an acceptable Internet use policy.

/zimages/6/28571.gifMicrosoft canceled its September patch day update. Click here to find out why.

Technical strategies include e-mail filtering, devices that use multiple scanning engines, tweaking unneeded services and locking down user permissions.

Because spyware has become such a scourge at some companies, Cummings noted that some enterprises may need to go beyond digital solutions and think about becoming "Big Brother."

"There are applications that will let you monitor everything your employees do, from instant messaging chats to their use of Hotmail," he noted. "You can see what files theyre sending out, and if spyware is coming in, you can trace its path."

Cummings admits the approach is "a little scary" but that for some companies with spyware problems, the potential to avoid attack is worth playing Big Brother to minimize damage to company data and systems.

In general, boosting employee awareness and creating policies that define how the Internet is used within the company can go a long way toward reducing spyware incidents, Cummings said.

"Employees will be your biggest spyware asset or liability," he noted. "Once you have your border firewall and other protections set up, the only way spyware can get in is with human help."

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.