Spyware infiltrates the enterprise
Spyware and adware are pouring into enterprise desktops. How severe is the threat? And what can be done about it?
Follow @infoworldThis article has been modified from its original version. Certain quoted material has been removed because its veracity could not be confirmed.
Desktops littered with pop-up ads, computers grinding to a halt under the weight of snoopy software, private data snatched off networks and sent to a server somewhere in Siberia or San Francisco … all these unfortunate occurrences can be attributed to spyware, a generic term for software that regularly collects demographic and usage information from a computer and transmits it to a marketing company or other interested parties without the user’s explicit permission.
Spyware is far more intrusive than spam and can cause more real problems than many computer viruses. The more benign versions -- sometimes called adware -- confine themselves to downloading and displaying “targeted” ads and may only be resource hogs. But many spyware applications go farther. They auto-update themselves, alter system configurations, download and install additional software, and access and disclose data stored on computers they infect -- or on any shared network resources that the affected computer can access.
ISP EarthLink offers subscribers a free spyware scanning service. Of the more than 2 million computers scanned since January, one in three harbor spyware, with an average of 28 spyware programs per infected machine. Hardware vendor Dell says 12 percent of the support requests it receives concern spyware. Dell and EarthLink believe their respective support calls and scan requests come mainly from home or small-business users. Are enterprise networks spyware-free?
According to the results of a recent survey conducted on behalf of enterprise security vendor Secure Computing by independent research company TheInfoPro, only 25 percent of polled enterprise IT managers thought spyware was a major problem. That was not the response Tim McGurran, president and COO of Secure Computing, was expecting.
“Frankly, we were surprised that so few enterprises appear to be worried about spyware,” McGurran says. “Statistics definitely show that spyware is a serious problem in the enterprise. Equally disturbing was that the majority of the respondents also said that they have spyware policies in place in their organizations but that the policies aren’t really enforced.”
Secure Computing’s survey didn’t ask IT managers whether spyware was or had been present on their systems. A recent poll by Harris Survey did ask, and 92 percent of polled IT managers said their organizations had been infected with spyware -- with an average of 29 percent of their corporate PCs infected.
Because both surveys were conducted according to accepted rules of research, we’re left with a conundrum: IT administrators admit a large percentage of enterprise computers have been infected and yet insist spyware isn’t a real problem. Enterprise security vendors themselves have only recently begun to take spyware seriously, meaning that the best software for detecting and removing spyware still originates from a handful of small, relatively obscure software vendors.
 Click for larger view. |
