Spyware Threat Marches On

By Matt Hines Eweek.com
November 13, 2006

Despite having technology and procedures in place to prevent and remediate attacks from spyware, many companies still have difficulty stopping the threats, researchers report.

According to a new study published by Ponemon Institute, based on interviews of over 500 North American IT security professionals, a resounding majority of workers admit that their companies are still plagued by problems related to spyware.

Some 47 percent of respondents to the survey indicated that their companies are incapable of removing spyware from their networks once attacked, with 35 percent saying their employers cannot prevent many spyware infections in the first place.

Only 19 percent of study respondents indicated that their companies were effective at defeating spyware, with 40 percent of respondents claiming that their firms are able to ward off spyware attacks with frequent success, according to Ponemon, based in Elk Rapids, Mich.

Spyware programs typically attempt to hide inside computer systems in order to track users' Internet habits and provide data to advertisers. In addition, spyware is increasingly being built with the goal of stealing personal information so that the data can be used to commit identity fraud. Business are also dealing with a growing number of spyware programs that steal sensitive corporate data to sell off as valuable intellectual property or to demand ransom payments for the information's return.

According to the Ponemon report, organizations' failures to block and remove spyware cannot be blamed on a lack of effort. In fact, some 83 percent of study respondents said their companies had full-time anti-spyware initiatives in place. However, many of those initiatives appear consist only of attempts to improve workers' computing habits, or the use of anti-virus software to address the issue, as only 24 percent of representatives of those companies said they use security applications specifically designed to stop spyware.

Part of the problem in containing today's increasingly sophisticated spyware, including attacks in the form of rootkits, is that many firms believe that they have already sufficiently defended themselves, said Larry Ponemon, chairman of the research company and author of the report. While many packaged anti-virus products have added anti-spyware capabilities, those tools may not be doing enough to stop the attacks, he said, yet business executives do not appear to see the logic in bringing additional anti-spyware tools in-house.

Of the respondents who said their companies do not have stand-alone anti-spyware technologies in place, 39 percent said they believe their companies are not vulnerable to spyware attacks, with 26 percent saying that manual procedures remain adequate to detect or prevent spyware infections. Another 23 percent reported that the detection of spyware was not a priority for their companies' senior management, while 11 percent said such tools were too expensive.

Of the technologies being used to fight spyware, 48 percent of respondents said they are only using software that seeks out the attacks at the desktop level, while another 18 percent are using only network-based defenses. Only 21 percent of the companies involved in the research said they are using both types of applications, with 13 percent using no spyware-specific protections at all

Another serious problem is that many laptop computers become infected while outside of protected corporate environments. Without near-constant scanning this will allow the most sophisticated programs to slip through the cracks, Ponemon said.

Some 98 percent of companies with anti-spyware technologies in place listed firewalls as their primary line of defense in the survey, which is extremely problematic since most of today's attacks are written explicitly to exploit security vulnerabilities in firewall products, according to Ponemon.

"Several years ago when the spyware program was first widely publicized we saw a lot of firms spending money on tools to fight it, and a lot of those companies have not looked at spyware as a unique problem again since that time," Ponemon said. "We also see a challenge where many companies are viewing adware and other crimeware as unrelated issues, but the methods used by attackers have obviously brought all these elements together, and spyware has become much harder to stop."

Despite the lack of action on the part of these companies to block spyware, 64 percent of respondents to the survey said they do view spyware as a serious concern. By comparison, only 33 percent of IT workers surveyed said that adware was a serious threat.

Some experts have predicted that the inclusion of anti-spyware technologies in Microsoft's next-generation Windows Vista operating system, due out before the end of November, will cripple the market for providers of stand-alone applications. However, Ponemon said the findings of his report indicate that there very well could be a strong market for the products, as spyware attacks continue to arrive in more varied and complex formats.

"I think there will still be a market, even if we do see some consolidation in the anti-spyware space driven by Vista," he said. "The platform approach that integrates anti-spyware with other security technologies is likely the best model for end users going forward, but it's pretty clear that there is a long way to go in terms of convincing people to adopt the tools that are already out there."