Leading vendors of enterprise-level anti-spyware packages currently include Sunbelt Software, CA, F-Secure, Symantec, Webroot Software, TrendMicro, McAfee and CounterSpy .

 

Not all spyware is downloaded from the Internet or by malicious third parties. Sometimes the PC owner installs a "monitoring program".


Virus Removal
 

The report, Corporate Anti-Spyware Market 2005-2009 by the Radicati Group, cites growing corporate concern over spyware designed to steal information. There is also concern about worker productivity being inhibited by the slow performance of machines infested with spyware. The report predicts that... Corporate Antispyware

 

A few competitors entered the market in February of this year. Symantec debuted its Client Security 3.0 and AntiVirus Corporate Edition 10.0, which are designed to automatically detect and remove spyware, adware and blended threats. McAfee unveiled its Anti-Spyware Enterprise, which is designed to remove spyware, adware, dialers, keyloggers, cookies and remote-control programs. (Microsoft has) ... Checkpoint

 

While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software... more on what is spyware.

Corporate Anti-Spyware Solutions


Definition: Corporate Anti-Spyware solutions are programs and other policing of a corporate computer network to block or remove any software that is installed surreptitiously on a user's PC or the company network that is designed to secretly intercept or take partial control over the user's interaction with the computer.

 

Corporate Anti-Spyware Solutions
 


Spyware is one of the most serious threats to the modern corporate office. It is usually defined as software which runs on your PC without your knowledge and has the capacity to initiate external network connections without your consent. There is some disagreement over how broad-ranging the definition should be. Almost every program installed nowadays grants itself the right to check for updates without the userís explicit consent. Should it be considered spyware? Opinions differ.

What is clear, however, is that not all spyware is malware, software which is actively malevolent. Some of it is fairly innocuous or only marginally annoying, such as applications which send usage data back to the company which created them or software designed to track your movements online, so that ad servers can target you with more appropriate ads. At the other end of spectrum, the more vicious spyware could harvest data from your corporate network and send it back out through the internet to be abused by some mystery malefactor; or could zombify your office PCs, hooking them up to a botnet, effectively turning them into slaves which will obey orders from an external source. These orders are likely to involve something at least mildly nefarious, which could be anything from serving up spam, launching hack attacks on protected sites, even acting as hosts for child porn or stolen credit card numbers. Whatever its purpose, though, even the most innocent spyware harms the efficiency of your corporate network by eating up processor cycles and network bandwidth. 


Corporate Anti-Spyware Solutions Ė Key Characteristics

How does corporate anti-spyware differ from conventional personal anti-spyware software? In nearly all cases, corporate anti-spyware packages are simply expanded versions of a personal anti-spyware solution. In fact, some companies do not make their anti-spyware solution available as a standalone product, only as an add-on to their main anti-virus app. The expanded features relate mainly to special deployment functions, remote management options and logging facilities. Principally, then, the corporate aspect of the software package is designed to allow IT administrators within the enterprise to control the anti-spyware activity on other usersí desktops. Often this can take place without the userís conscious knowledge.

Enterprise anti-spyware solutions can also be expected to include advanced reporting features. When spyware is found on specific machines, data on the event will be sent to the administration console. An administrator should be able to generate reports showing already installed spyware which was removed, or attempts at installation which were prevented, across the company, with the ability to zero in on specific spyware variants or individual machines, showing the history of actual or attempted infection.

Centralised administration of the anti-spyware software would be considered necessary in any environment where more than a couple of dozen PCs are being run. Above that level, the manual administration required by IT support staff, or reliance on unsophisticated users, would be too great a burden. Even if a personal anti-spyware solution was installed and set to update automatically, there is no guarantee that users will not interfere with it in some way, by, for example, disabling it or un-installing it. A network is only as strong as its weakest link, and a vulnerable PC can open the door to infection for many PCs.

Spyware detections, even if successful, might go unheralded by the user, leaving the local IT admin staff unaware of the attempted breach and therefore of what may be a systemic threat to of the corporate network.

Companies, of course, over and above the problem of random data-harvesting, also have to consider the problem of deliberately targeted attacks aka corporate espionage.

The Costs of Spyware for Businesses

Various reports have claimed that spyware already imposes a severe financial burden on business, requiring highly-paid IT staff to spend significant time cleaning up infected machines.

The presence of undiscovered spyware on a machine also tends to slow it down, both during ordinary operation and during the boot phase, when the machine is being started. Cumulatively, this can mean that well-paid workers are spending precious minutes each day waiting longer than they would usually have to, and the lost productivity this involves can be substantial.

The other costs of spyware, arising through the nefarious use of harvested data, are much harder to estimate. This is because, when data, such as a stolen credit card number, is used in illegal transactions, it is not always obvious where the data came from. In many cases, the companies which are either the source of the stolen data, or the victims of its use, are reluctant to publicise that fact.

Anti-Spyware in the Enterprise

Usually, anti-spyware vendors will market some deployment application which can be used to roll out and actively manage the anti-spyware software, and perhaps other products from the same vendor such as anti-virus software, to desktops within the company. Occasionally, the anti-spyware package will is also designed to operate with other, third-party deployment tools such as Microsoft System Centre Configuration Manager.

Anti-spyware software operates in two distinct ways : it scans a PC to look for spyware which has already installed itself, and it performs real-time monitoring to prevent spyware being installed in the first place. Not all anti-spyware packages have both capabilities. Many consumer-level anti-spyware solutions offer only retrospective scan and remove capabilities. Corporate anti-spyware packages are more likely to contain real-time monitoring options. Itís important to note, however, that real-time monitoring imposes costs of its own in the CPU cycles devoted to running the monitoring software.

To keep abreast of developing threats, anti-spyware software must be constantly updated. New forms and variations of spyware emerge constantly. Only through regular, dynamic updates can the problem be contained as new threat definitions are included. But where do spyware vendors get their intelligence about new spyware threats from? Normally, their own users. It might seem, then, that the installed user base of a product might be a significant factor in determining how useful its product is. Niche solutions might not have enough of a user base to generate sufficient reports about new threats. The size of the company itself might be a factor, too. Does a small company really have the resources required to monitor spyware developments worldwide? In fact, though superficially beguiling, these assumptions are invalid. Companies tend to share information about emerging threats, and, in some cases, smaller companies buy their spyware definition updates from larger companies, such as Microsoft.