No `Silver Bullet' to Fight Spyware, Says META Group

Business Wire, June 29, 2004

STAMFORD, Conn. -- Enterprises Forced to Battle Extended Threats Using Piecemeal Combination of Policies, Procedures, and Products Through 2005

The spyware threat to enterprise security will increase over the next few years without an enterprise-class tool to prevent it, according to META Group, Inc. (Nasdaq: METG), a leading provider of information technology (IT) research, advisory services, and strategic consulting.

Spyware is typically categorized as any unwittingly downloaded software that secretly relays private information from a user's PC to a third party without proper authorization. Different from viruses, spyware has both good and bad properties that make it difficult for traditional antivirus software to identify and clean up, leaving only a handful of consumer and emerging corporate solutions to combat the problem. An enterprise-level spyware infection can impact a business in numerous ways:

--Loss of bandwidth for corporate activities due to spurious advertising traffic

--Loss of personal productivity as end users attempt to cope with changing browser behavior and annoying pop-up ads

--Increased workload for help desk personnel tasked with manually cleaning desktops

--Loss of personal privacy due to cookies that track Web-surfing patterns

--Increased teleworking/remote-access cost due to dialer hijacking

"IT organizations must understand the spyware threat environment and develop a mitigation plan," said Peter Firstbrook, senior research analyst with META Group's Infrastructure Strategies. "Unfortunately, there is no 'silver bullet' enterprise-class tool to protect against spyware yet, so the IT organization must address the problem through a combination of policies, procedures, and products until more complete enterprise-class solutions become available in 2005."

META Group expects vendors to work toward providing capabilities designed to enable better data protection, privacy, and system integrity, making it more difficult for keystroke loggers to record activities. Antivirus vendors are in the best position to provide extended threat protection once they enable comprehensive actions (e.g., quarantine, remove, ignore, selective ignore), cleanup tools, and a more complete signature database of these extended threats.

To fight the extended threat of spyware today, META Group recommends developing policies (including end-user education and patch management) and deploying targeted tools based on trust level and security domain. For relatively static domains, locking the desktop and tightening browser settings using group policies will be the simplest, most effective strategy, albeit not foolproof. Where this is less appropriate, employing a number of business processes -- combined with antivirus, firewall, intrusion detection, and two-factor authentication -- is necessary, including:

--Tightening the Web gateway policy to limit downloads and where users can go

--Using two-factor authentication to thwart password theft via keystroke loggers

--Using PC software asset-tracking tools to monitor desktops for known malicious code

--Selectively using single-purpose anti-spyware tools to clean up infected desktops

--Deploying enterprise anti-spyware tools as they become available

About META Group

META Group is a leading provider of information technology research, advisory services, and strategic consulting. Delivering objective and actionable guidance, META Group's experienced analysts and consultants are trusted advisors to IT and business executives around the world. Our unique collaborative models and dedicated customer service help clients be more efficient, effective, and timely in their use of IT to achieve their business goals. Visit metagroup.com for more details on our high-value approach.