Madeleine Acey, Techworld.com
Tuesday, March 15, 2005
Desktop anti-spyware software isn’t doing the job, IT professionals have concluded.
According to an international survey by proxy appliance company Blue Coat Systems, 72 percent said desktop anti-spyware programs were ineffective in protecting their networks. Blue Coat surveyed 339 IT staffers who used programs from Computer Associates International (PestPatrol), Kaspersky Lab, Lavasoft (Ad-Aware), McAfee, Microsoft, Spybot, Symantec, or Webroot Software.
Eighty-four percent of respondents, from large, medium-size, and small organizations, reported their spyware problems were the same as or worse than three months ago, Blue Coat said.
Techworld found this conflicted with findings for home broadband users in the U.S. whom the National Cyber Security Alliance, an industry body, said saw a reduction in infection from 91 percent in February 2004 to 80 percent in October.
Still Okay for Consumers
Steve Mullaney, vice president of marketing for California-based Blue Coat, said: «While desktop software is the only answer for consumers, enterprises are likely to see their costs spiral unless they implement a ‘defense-in-depth’ strategy that includes a gateway anti-spyware solution.»
Paul Wood, chief information analyst at e-mail security company Message Labs, said that because spyware was a gray area–encompassing legitimate employer control programs and approved data harvesting as well as Trojan-type material and other malware–it needed expert management.
«It’s not like buying a washing machine or fridge-freezer, it’s something you have to manage and look after.
Blue Coat’s approach is to provide dedicated appliances on the edge of the company network to filter traffic. Message Labs offers an outsourced managed service.
Wood said IT managers had enough on their plates dealing with frequent Windows security upgrades to thousands of computers, for example, without having to be experts on the latest criminal IT threat from anywhere in the world–hour by hour, day by day.
«We believe desktop software is certainly not as effective as you would expect in this area,» he said. «It’s a gray area, as well as spam and software for conducting phishing scams, you also get spyware as a legitimate part of applications–for example, music file sharing. It’s free but in return the end user license agreement may allow them to use information about your Internet activities for marketing.»
Wood said some parental control programs allowed keylogging. «Desktop software has problems, especially when dealing with legitimate applications. Desktop software programs err on the side of caution.»
Lack of Speed
The other major problem for IT managers relying on a desktop software approach, Wood said, was a lack of speed in response to new threats.
No matter how good the software, there was always an average 10-hour gap between a new threat breaking out and a sample being taken by the software companies through which their products could identify and block the new problem, he said.
«There is a window of vulnerability; it can spread quite considerably. The bad guys are sending out much more quickly and get a certain number out. Safety depends on your specific anti-spyware software identifying something as spyware.
Managed services, like that from Message Labs, route customers’ e-mail through central servers. The company has a global operation, which Wood said allowed it to respond to new threats faster.
«Normally, if something happens on the other side of the world, you’re not going to know about it until it affects you.»
He added that unless security is an IT manager’s expert subject it’s hard to ascertain the level of risk from each threat and therefore to prioritize. «IT managers are trying to deal with more regulations all the time–corporate governance and so on. As e-mail gets bigger it becomes more of a burden; you have to look at scaling up.
«People are now realizing that desktop software isn’t that effective against this stuff,» he said.
Madeleine Acey, Techworld.com