According to the National Cyber Security Alliance, spyware currently affects 80% to 90% of desktops. Spyware is an unwanted byproduct of the business-critical Web channel, which is, unfortunately, completely unguarded. Hackers and spyware producers know this, and increasingly drive their wares through the Web. Even with current patches, a single click from an unknowing end user installs anything through a browser.
Dependency on the Web makes organizations vulnerable, and spyware has something different from most threats – economic motivation. Whether malicious (motivated by fraud) or commercial (motivated by advertising revenues), the impetus behind spyware is more powerful and consistent than that of threats such as viruses and worms , where the motivations are pride or ego.
Because spyware technologies are served via Web sites, it’s easy to recompile modules and change installation technologies, making spyware highly signature resistant. Affiliate Web sites – spyware’s distribution channel – may use their own techniques and exploits to improve spyware installation rates. This has resulted in astronomical growth – the number of different flavors of spyware created over the last few years will soon surpass the number of viruses created over the last 25 years.
As a result, spyware-driven advertising is everywhere, and companies have become familiar with a variety of paid and free anti-spyware desktop tools. Unfortunately, these tools have proven inadequate – according to Blue Coat’s recent survey of 339 IT professionals, 74% of organizations resort to re-imaging desktops. Furthermore, large technology companies are buying up desktop anti-spyware and designating it a feature rather than a product. This consolidation may slow innovation in this market.
The other side: The desktop is the best place for stopping spyware
Your thoughs on spyware protection
Join our forum
It’s not that organizations shouldn’t do anything to try to keep spyware off the desktop. Spyware prevention, however, is largely impossible on the desktop. Desktop tools are a passive defense and “better” spyware will always get through.
To address the problem, organizations must develop a new acceptable-use policy that includes permitted desktop installations. Then, they must enforce it. The issue is, how? Spyware prevention must be effective without impeding business. It must be affordable, yet extensible and adaptable. Architecturally, few solutions meet these criteria – most cannot prevent spyware without breaking legitimate applications .
Using a Web proxy may be the only manageable, cost-effective, business-friendly way to prevent spyware – because with a proxy, organizations have a variety of techniques to understand and manage Web content. Web proxy architectures have the advantage of natively understanding content, identifying the requestor and source, and determining whether it’s carrying an exploit. Such accuracy lets organizations stop unauthorized installations – regardless of whether a vendor’s research has deemed it spyware or not.
Ositis is CTO of Blue Coat Systems. He can be reached at vositis@bluecoat.com.




