Spyware in the Enterprise
More than 80 percent of enterprise desktops are infected with at least one type of spyware. Even more concerning, malicious spyware, which includes system monitors and Trojan horses, remains prevalent within the enterprise, averaging more than one per infected machine.
Spyware describes programs that monitor online activity and often secretly transmit information to a third party without end user's knowledge. The most nefarious forms of spyware continue to appear on enterprise networks at an alarming rate - and just a single undiscovered intruder can cause extensive damage to your business.
Malicious spyware developers distribute spyware using a variety of means, including Web sites, e-mail, instant messaging services or bundled with freeware and/or shareware.
Surprisingly, spyware can also infect a client through an inadvertent installation by the end user. For example, spyware writers include an overwhelming amount of information in their End User License Agreements (EULA). Knowing that most users will ignore the lengthy and ambiguous language of the EULA, spyware developers are able to "obtain" permission to download their spyware onto a client machine.
Traditional defenses inadequate
Spyware and other unwanted programs often bypass traditional security defenses like firewalls and other perimeter solutions because the malicious programs are often disguised as legitimate traffic entering through well-established ports. As depicted in the diagram above, a firewall is not sufficient to block spyware from coming onto a user's desktop. And, once installed on a system, most spyware applications disguise themselves as trusted programs, allowing them to communicate freely with the Internet over TCP ports that are commonly left unprotected on firewalls.
Additionally, legacy security solutions and anti-virus software underestimate the differences between spyware and viruses. Spyware signature definitions are very different from those of anti-virus threats. Spyware removal techniques are considerably more complex due to the multiple strains occurring on the desktop. While many viruses come through SMTP e-mail traffic, spyware can enter from any IP traffic, application or program.
Viruses usually cause downtime and immediate pain to the enterprise, while spyware is often developed for financial gain and is used to steal sensitive information. Many anti-virus solutions employ the same engine that was developed for virus removal when combating spyware and other unwanted programs - which has proven ineffective.
