Spyware Concerns on the Rise in 2005
One of the first security surveys of IT execs in 2005 finds spyware on their list of top concerns this year.
The poll, conducted by WatchGuard Technologies, Inc. defined spyware as, "Spyware is defined malicious software that installs on a computer without the user's knowledge and it can secretly gather information about a person or organization." Spyware can take the form of adware, tracking agents and most dangerously software built to hijack a Web browser.
Among the WarchGuard findings:
"In order to ensure network protection, education is the best defense. All users need to fully understand the security risks and financial impact associated with spyware attacks, as well as what practices they can implement to protect themselves and the network," said Mark Stevens, chief strategy officer at WatchGuard, in a statement released with the poll results.
While Stevens' group recommends that IT admins review commercial spyware products for their appropriate to their enterprise, he also offers some hands-on suggestions that IT orgs can do on their own to better defend against spyware. "An effective spyware strategy applies the time-tested security strategy of layered defenses," according to a"Spyware Recommendations" technical paper available at WatchGuard's site.
The paper also suggests specific precautions and countermeasures:
- Maintain current patch levels for Windows OS and Internet Explorer (if your organization uses a browser other than IE, keep current with new versions and patches for this software as well).
- Monitor bug reporting lists for browser and Operating System vulnerabilities that might offer exploit paths for spyware.
- Configure safe ActiveX security settings.
- Block Ad servers. Resolve domain names of known ad servers to 0.0.0.0 in a hosts file or at your DNS, or identify restricted sites in IE (see IE-SPYAD, above).
- Add known Ad servers list in your firewall's blocked sites or WebBlocker denied sites lists on your firewall (Note: the list is very long so you may wish to start with the frequent and repugnant offenders).
- Block potentially dangerous file types by content type (S/MIME type) at your firewall using HTTP-Proxy.
- Stay informed. Visit some of the many valuable Spyware discussion and resource sites.