Spyware is a term which, almost literally, encompasses a multitude of sins. Normally it is taken to refer to standalone programs that monitor the user's computer practices without their knowledge. However it can be bundled in with applications, such as peer-to-peer file sharing software, with or without the user's knowledge and consent.
Because spyware can capture private information before it is encrypted, it can relay the data back to a third party, bypassing traditional security measures such as firewalls, secure connections and virtual private networks. This makes it a particularly potent threat to corporate security.
And the problem is reaching epidemic proportions: a 2005 survey of 500 UK IT departments by Internet security company SurfControl found 62% of networks had been affected by Spyware. And the overhead to the IT function is considerable: SurfControl found that nearly one-quarter of those interviewed spent over two hours a week cleaning up after infections. Analyst company IDC, meanwhile, rates spyware as a greater threat to corporate security than spam.
Larry Bridwell, the Content Security Programs manager at security product certification body ICSA Labs, says there are three main drivers for the increasing volumes of spyware: the extension of corporate networks to users outside of the firewall; greater availability of bandwidth and processing power to disseminate malicious code; and a lack of security education among users.
What is more, says Bridwell, spyware writers are becoming increasingly sophisticated: "Malware writers used to just do it to impress their peers, now they're writing it for money and that always ups the ante. They're now doing quality assurance – releasing new ‘improved' versions if the original has not had the saturation they wanted – and co-operating with each other."
The result is predicted to be an explosion in corporate investment in anti-spyware products. IDC estimates that spending on anti-spyware software will rise by over 80% between 2005-06. Much of the anti-spyware software operates by building and maintaining comprehensive signature files, which can then be used to detect and remove suspect software.
But businesses can also take steps to increase protection without having to find additional funds from security budgets. By raising the security level of Internet browsers – and blocking ActiveX controls – companies can reduce the likelihood of software being installed surreptitiously.
Frequently, spyware takes advantages of known vulnerabilities, so a patch management programme can mitigate some of the risk. Education also has a role to play: explaining the risks of downloading ‘free', programs or surfing unknown web sites may help reduce spyware infections.