Skip navigation

Windows IT Pro UPDATE--Spyware: the Greatest Threat Yet to the Corporate Desktop?--March 1, 2005

Subscribe to Windows IT Pro: ============================

Make sure your copy of Windows IT Pro UPDATE doesn't get mistakenly blocked by antispam software! Be sure to add [email protected] to your list of allowed senders and contacts.

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertiser's Web sites and show your support for Windows IT Pro UPDATE.

Free White Paper: Measuring the ROI of Systems Management Software

Exchange Availability: Never Failover on a Monday!


1. Commentary
- Spyware: the Greatest Threat Yet to the Corporate Desktop?

2. Hot Off the Press
- European Commission Consults Industry About Microsoft Compliance

3. Peer to Peer
- Featured Thread: New Women's IT Forum
- Tip: How can I force my Microsoft Systems Management Server (SMS) 2003 clients to check for new program advertisements?

4. New and Improved
- Remotely Control KVM Switch

==== Sponsor: Free White Paper: Measuring the ROI of Systems Management Software ====
Argent delivers what a growing number of enterprises need today: flawless management of Windows, UNIX, and application servers; low total cost of ownership; flexible configuration; scalable architecture; modular products; positive ROI; and outstanding customer support. Every enterprise IT department wants value without sacrificing performance, and that describes Argent's value proposition. To read the entire paper, click here:


==== 1. Commentary: Spyware: the Greatest Threat Yet to the Corporate Desktop? ====
by Paul Thurrott, News Editor, [email protected]

I wrote about spyware for the first time last year in "Still Waiting for a Truly Secure System"( see the URL below). I described how a Microsoft Internet Explorer (IE)-based Trojan horse infected my laptop, leading to weeks of investigation into what ended up being a new threat at the time--spyware. Since then, spyware has become the most dangerous and insidious form of electronic attack. If you're not already evaluating corporate antispyware solutions, I recommend that you start immediately. You'll be shocked to discover what your employees have installed, unknowingly, on their systems.

What Is Spyware?
Microsoft describes spyware as software that performs tasks on your computer without your consent. Spyware can be programs that present advertising in Web browsers or standalone applications (sometimes called adware), but it can also include all kinds of malicious software (malware), including trackers, key loggers, email harvesters, and more. Because of the large number of spyware types--antispyware vendor Sunbelt Software documents 36 different varieties--the name spyware isn't very descriptive of this pervasive threat. Unfortunately, the name has stuck, but it's important to remember that spyware encompasses far more than just software that tracks your movements online.
Spyware is far more malicious than viruses and other similar, but suddenly old-fashioned electronic attacks. That's because spyware is cunningly written to subvert the security systems in place on your PC and adapt to antispyware solutions. Some spyware installs itself in multiple locations on your PC, for example, with each instance monitoring the others. When your antispyware application finds and deletes one instance, the other copies create more instances on the fly, with unique names, and located in unique locations on your hard disk. I liken spyware to cancer: In some ways, it's the perfect software--able to not just stay alive, but to grow in adverse conditions. However, spyware, like cancer, is not good for the host. PCs infected with spyware can cough up your personal information, such as credit card numbers, and slow your machine to a crawl.

Financial Incentives of Spyware
Spyware exists because people can use it to make money. Sunbelt founder and chief operating officer (COO) Stu Sjouwerman told me that two primary financial incentives are behind spyware, and neither is particularly upstanding. The more legitimate of the two schemes, if you can call it that, exists solely to push advertising. This type of spyware, which is primarily adware and arguably legal, presents itself as a well-meaning software application and often includes an End User License Agreement (EULA), whereby you apparently agree that you want advertising to spontaneously spawn on your PC. And here's an interesting fact: Antispyware vendors such as Sunbelt and Microsoft actually receive cease and desist legal threats from the purveyors of legal adware, even when their insidious software is clearly designed to surreptitiously install on users' PCs.
The second scheme is pure black market, the electronic equivalent of the Russian Mafia, as Sjouwerman calls it. This even more malicious form of spyware is purely illegal and encompasses everything from credit card number harvesting to identity theft. The illegal spyware market even buys and sells networks of bots, groups of compromised computers that can be used for almost any purpose without the knowledge of their owners.

Finding a Managed Antispyware Solution
Although it's heartening to see major security vendors finally attacking the spyware problem for consumers, solving the problem for corporations is a larger problem. That's because managed corporate desktops are often connected with many other PCs and servers, and given the right credentials, they can access the most privileged data stored on the planet.
When you evaluate a corporate antispyware solution, you need to look for several important features. First, the program should be centrally managed and support various agent deployment types so that different kinds of organizations can easily roll out the product regardless of the organization's infrastructure. It should be policy based and integrate with Active Directory (AD) if it's a Windows-based solution. The client agents should support real-time monitoring, which is the primary benefit of consumer-oriented antispyware solutions.
I don't know of any tools today that support all that functionality, but Sunbelt's CounterSpy Enterprise comes close, and an update due in the first half of 2005 will provide the much-needed real-time monitoring functionality. Sunbelt's products also benefit from an agreement with Microsoft, in which the company will provide Sunbelt with antispyware definitions through July 2007. And Microsoft, of course, plans to ship a corporate antispyware solution by the end of 2005.

The Future of Spyware Fighting
In the early days of antispyware (i.e., 1 year ago) otherwise unknown companies such as Lavasoft offered first-generation tools for dealing with different kinds of malware. Today, spyware and antispyware technology has matured to the point at which more pervasive security toolkits are needed. That is, spyware isn't a problem that should be attacked individually; it's part of a wider security problem that encompasses many areas, including antivirus, email protection, and firewall. Therefore, I expect to see many vendors offering security suite products for both consumers and businesses.
Sunbelt is one such company. By the end of 2005, Sunbelt CounterSpy Enterprise will morph into a more complete security console that also provides protection against viruses. And although Microsoft hasn't announced plans to combine its enterprise-oriented antispyware and antivirus tools--both of which will ship in late 2005--I do expect the company to at least package them and, eventually, combine them. Microsoft is, after all, the company that popularized the office productivity suite.
In the meantime, most enterprises already have established security policies and antivirus solutions. But you should begin evaluating corporate antispyware solutions as well. By the end of 2005, I believe spyware will be a bigger problem than all other electronic attack types combined. Don't be caught with your (virtual) pants down.
If you're evaluating or deploying corporate antispyware solutions, please drop me a line. There's a lot more to this story, and I'm interested in all your spyware-related experiences.

Still Waiting for a Truly Secure System


==== Sponsor: Exchange Availability: Never Failover on a Monday! ====
Most companies test their Exchange replication and failover on Friday evenings or Saturdays, to minimize the impact on business. Both unplanned and planned Exchange failovers continue to be complex and risky processes, typically leading to outages and data loss. This white paper examines the flaws of traditional data replication systems and recommends best practices to ensure continuous Exchange availability. It introduces MessageOne's OneSwitch, a solution that takes the risks out of Exchange replication, enabling you to easily failover your critical systems within 15 minutes, any day of the week.


==== 2. Hot Off the Press ====
by Keith Furman, [email protected]

European Commission Consults Industry About Microsoft Compliance
The European Union's (EU's?) European Commission confirmed Friday that it has been consulting with the computer industry to determine whether Microsoft has complied with last year's antitrust ruling that required that the company offer a version of Windows without Windows Media Player (WMP) and license its Windows Server communication protocols. The Commission has written to IT companies, PC manufactures, and retailers to judge whether the compliance terms are acceptable. Microsoft has developed a new version of Windows XP without WMP, but the company has yet to come up with an acceptable name for the product. Microsoft originally planned to call the new version Windows Reduced Media Edition, which the Commission rejected because terms of the ruling clearly stipulated that the new version not be marketed as inferior to the standard OS. According to new reports, the company has now proposed the names Windows XP N (or another letter) or Window XP not including WMP. Read the rest of the story at the following URL:

==== Events and Resources ====
(from Windows IT Pro and its partners)

The Security Event Log: All the Information Microsoft Doesn't Give You
Randy Franklin Smith, one of the foremost authorities on Windows Security Event Logs, shines a light on this dark and mysterious corner of cryptic event IDs and codes and inaccurate Microsoft documentation. Here's your chance to ask Randy your questions about the Event Log and get answers Microsoft doesn't provide.

Get Ready for SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!

Keeping Critical Applications Running in a Distributed Environment
Get up to speed fast with solid tactics you can use to fix problems you're likely to encounter as your network grows in geographic distribution and complexity, learn how to keep your network's critical applications running, and discover the best approaches for planning for future needs. Don't miss this exclusive opportunity--register now!

Learn What You Can Do When Exchange Disaster Strikes
Messaging administrators can't always adequately plan for or prevent some kinds of disasters. In this free Web seminar, join Exchange MVP Paul Robichaux, as he describes some operational scenarios in which "disaster recovery" takes a back seat to "business continuance." Learn how to be prepared for events that might otherwise wipe out your messaging capability. Register now!

Meet the Risks of Instant Messaging Head On in This Free Web seminar
Don't overlook Instant Messaging in your compliance planning. Attend this free Web seminar and learn how to minimize IM's authentication and auditability risks and prevent security dangers. You'll also receive a list of the top requirements to consider when choosing a secure IM solution. Sign up now!

==== Instant Poll ====

Results of Previous Poll:
The voting has closed in Windows IT Pro's nonscientific Instant Poll for the question, "Which client OS does your organization use?" Here are the results from the 364 votes:
- 43% Windows XP Service Pack 2 (SP2)
- 21% XP SP1 or earlier
- 28% Windows 2000
- 3% Windows 9x
- 5% Other

New Instant Poll
The next Instant Poll question is, "Have you implemented a corporate antispyware solution?" Go to the Windows IT Pro home page and submit your vote for a) Yes, b) No, but we plan to soon, or c) No, spyware is not a significant problem for us.

==== 4. Peer to Peer ====

Featured Thread: New Women's IT Forum
Join the Women's IT Forum, where we're discussing what it means and how it feels to be a woman working in a male-dominated profession. Find support, resources, community, and just a darned-good continuing conversation. Both women and men are welcome.

Tip: How can I force my Microsoft Systems Management Server (SMS) 2003 clients to check for new program advertisements?
by John Savill,

Find the answer at the following URL:

==== Announcements ====
(A complete Web and live events directory brought to you by Windows IT Pro: )

Get Windows IT Pro at 44% Off!
Windows & .NET Magazine is now Windows IT Pro! Act now to get an entire year for just $39.95--that's 44% off the cover price! Our March issue shows you what you need to know about Windows Server 2003 SP1, how to get the best out of your IT staff, and how to fight spyware. Plus, we review the top 10 features of Mozilla Firefox 1.0. This is a limited-time, risk-free offer, so click here now:

Get SQL Server Magazine and Get Answers
Order SQL Server Magazine today and get unlimited online access to every article ever published in the magazine! You'll get thousands of problem-solving solutions, expert tips, tricks, and the latest insider notes to help you get all the answers you need when you need them. Sign up today:

==== 4. New and Improved ====
by Angie Brew, [email protected]

Remotely Control KVM Switch
Fujitsu Components America released Servis Cat5 Extender, which lets you operate a computer's keyboard/video/mouse (KVM) switch from as far as 200 meters away by using a Category 5 UTP cable. The system provides any size data center with the bandwidth needed to transmit high-quality video and audio over extended distances and supports audio bandwidth up to 20KHz. A 16-bit digital audio converter provides CD-quality sound transmission using a 44.1KHz sampling rate. The Cat5 Extender also features an integrated RGB color quality adjustment circuit to support XGA, SXGA and UXGA monitors. For pricing, contact Fujitsu Components America at 408-745-4900.

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to mailto:[email protected].

==== Sponsored Links ====

Automate Patch Management with Symantec ON iPatch;14381010;8214395;x?

Quest Software
See Active Directory in a whole new light. And get a free flashlight!;13695556;8214395;t?

==== Contact Us ====

About the newsletter -- [email protected] About technical questions -- About product news -- [email protected] About your subscription -- [email protected] About sponsoring UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Pro, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today!

View the Windows IT Pro Privacy policy at Windows IT Pro is a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538, Attention: Customer Service Department Copyright 2005, Penton Media, Inc. All Rights Reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.