Corporate Anti-Spyware Solutions
Definition: Corporate Anti-Spyware solutions are programs and other
policing of a corporate computer network to block or remove any software that is
installed surreptitiously on a user's PC or the company network that is designed
to secretly intercept or take partial control over the user's interaction with
Spyware is one of the most serious threats to the modern corporate office. It is
usually defined as software which runs on your PC without your knowledge and has
the capacity to initiate external network connections without your consent.
There is some disagreement over how broad-ranging the definition should be.
Almost every program installed nowadays grants itself the right to check for
updates without the userís explicit consent. Should it be considered spyware?
What is clear, however, is that not all spyware is malware, software which is
actively malevolent. Some of it is fairly innocuous or only marginally annoying,
such as applications which send usage data back to the company which created
them or software designed to track your movements online, so that ad servers can
target you with more appropriate ads. At the other end of spectrum, the more
vicious spyware could harvest data from your corporate network and send it back
out through the internet to be abused by some mystery malefactor; or could
zombify your office PCs, hooking them up to a botnet, effectively turning them
into slaves which will obey orders from an external source. These orders are
likely to involve something at least mildly nefarious, which could be anything
from serving up spam, launching hack attacks on protected sites, even acting as
hosts for child porn or stolen credit card numbers. Whatever its purpose,
though, even the most innocent spyware harms the efficiency of your corporate
network by eating up processor cycles and network bandwidth.
Corporate Anti-Spyware Solutions Ė Key Characteristics
How does corporate anti-spyware differ from conventional personal anti-spyware
software? In nearly all cases, corporate anti-spyware packages are simply
expanded versions of a personal anti-spyware solution. In fact, some companies
do not make their anti-spyware solution available as a standalone product, only
as an add-on to their main anti-virus app. The expanded features relate mainly
to special deployment functions, remote management options and logging
facilities. Principally, then, the corporate aspect of the software package is
designed to allow IT administrators within the enterprise to control the anti-spyware
activity on other usersí desktops. Often this can take place without the userís
Enterprise anti-spyware solutions can also be expected to include advanced
reporting features. When spyware is found on specific machines, data on the
event will be sent to the administration console. An administrator should be
able to generate reports showing already installed spyware which was removed, or
attempts at installation which were prevented, across the company, with the
ability to zero in on specific spyware variants or individual machines, showing
the history of actual or attempted infection.
Centralised administration of the anti-spyware software would be considered
necessary in any environment where more than a couple of dozen PCs are being
run. Above that level, the manual administration required by IT support staff,
or reliance on unsophisticated users, would be too great a burden. Even if a
personal anti-spyware solution was installed and set to update automatically,
there is no guarantee that users will not interfere with it in some way, by, for
example, disabling it or un-installing it. A network is only as strong as its
weakest link, and a vulnerable PC can open the door to infection for many PCs.
Spyware detections, even if successful, might go unheralded by the user, leaving
the local IT admin staff unaware of the attempted breach and therefore of what
may be a systemic threat to of the corporate network.
Companies, of course, over and above the problem of random data-harvesting, also
have to consider the problem of deliberately targeted attacks aka corporate
The Costs of Spyware for Businesses
Various reports have claimed that spyware already imposes a severe financial
burden on business, requiring highly-paid IT staff to spend significant time
cleaning up infected machines.
The presence of undiscovered spyware on a machine also tends to slow it down,
both during ordinary operation and during the boot phase, when the machine is
being started. Cumulatively, this can mean that well-paid workers are spending
precious minutes each day waiting longer than they would usually have to, and
the lost productivity this involves can be substantial.
The other costs of spyware, arising through the nefarious use of harvested data,
are much harder to estimate. This is because, when data, such as a stolen credit
card number, is used in illegal transactions, it is not always obvious where the
data came from. In many cases, the companies which are either the source of the
stolen data, or the victims of its use, are reluctant to publicise that fact.
Anti-Spyware in the Enterprise
Usually, anti-spyware vendors will market some deployment application which can
be used to roll out and actively manage the anti-spyware software, and perhaps
other products from the same vendor such as anti-virus software, to desktops
within the company. Occasionally, the anti-spyware package will is also designed
to operate with other, third-party deployment tools such as Microsoft System
Centre Configuration Manager.
Anti-spyware software operates in two distinct ways : it scans a PC to look for
spyware which has already installed itself, and it performs real-time monitoring
to prevent spyware being installed in the first place. Not all anti-spyware
packages have both capabilities. Many consumer-level anti-spyware solutions
offer only retrospective scan and remove capabilities. Corporate anti-spyware
packages are more likely to contain real-time monitoring options. Itís important
to note, however, that real-time monitoring imposes costs of its own in the CPU
cycles devoted to running the monitoring software.
To keep abreast of developing threats, anti-spyware software must be constantly
updated. New forms and variations of spyware emerge constantly. Only through
regular, dynamic updates can the problem be contained as new threat definitions
are included. But where do spyware vendors get their intelligence about new
spyware threats from? Normally, their own users. It might seem, then, that the
installed user base of a product might be a significant factor in determining
how useful its product is. Niche solutions might not have enough of a user base
to generate sufficient reports about new threats. The size of the company itself
might be a factor, too. Does a small company really have the resources required
to monitor spyware developments worldwide? In fact, though superficially
beguiling, these assumptions are invalid. Companies tend to share information
about emerging threats, and, in some cases, smaller companies buy their spyware
definition updates from larger companies, such as Microsoft.