Study: Few corporations use anti-spyware tools

To answer MsM's questions:

Well first background information, I work for a large Healthcare company. The way IT is broken down is that it goes from the top down and local support/admin is provided on a building by building basis. There is a standard Image company wide and there are other images out there. My building/IT department does not have a company wide image we use our image.

1. company wide: They deal with Spywares on a computer to computer basis.
My IT team: We handle it from the image. We have setup Hosts files provided by (www.mvps.org) and we have actually given classes on how to use Ad-Aware and Spysweeper.
And we also setup Firefox as one of 2 browsers on the image.

2. I believe as an administrator that spywares do only tack things like where people go (i.e cookies, etc...)

The reason why I am posting this information is that even though IT departments as a whole are going form computer to computer, I feel that in our company most of us are pushing the idea to IT management about the importance of Spywares. So as you all know how the process of changing the way things are in my neck of the woods its at least a process thats moving slowly.

Quote:

---

company wide: They deal with Spywares on a computer to computer basis.
My IT team: We handle it from the image. We have setup Hosts files provided by (www.mvps.org) and we have actually given classes on how to use Ad-Aware and Spysweeper.
And we also setup Firefox as one of 2 browsers on the image.

---

These weren't necessarily directed questions but comments or thoughts towards the issue. However, since you answered, I am curious as to why the user is required to determine and run the spyware application. Why not use something like WebSense beforehand so that the spyware never reaches the user and they don't have to deal with it? Users are notorious for being the weak link and we really shouldn't be depending on them to deal with this.

Quote:

---

I believe as an administrator that spywares do only tack things like where people go

---

You seriously believe that spyware is simply a cookie tracking system? You need to read some of the posts in this forum then. There are quite a few trojans and browser hijacking tools out there in the spyware world. Those "tools" are taking over machines and compromising. Given your environment (Healthcare) and the regulations you MUST follow (HIPPA), there should be every effort made to prevent any possible information about patients from getting out. How do you know with 100% certainty that this hasn't already happened? How do you know that your users are using the applications you provided? You say that Firefox is one of 2 browsers? Are you sure they aren't using IE?

In our environment, it's not that spyware is not a threat. The subject has been heavily debated. There are some caveats for large environments when it comes to deploying a new package. The cost of supporting yet another application can be immense and no one spyware application catches everything.
We would have to get the helpdesk trained so they can answer support calls.
We would have to educate the userbase about the uitility.
We would have to train the netadmins if the utility is to be centrally managed.
There would be cost in documenting the procedures to combat spyware.

It's a costly move, but it will happen eventually I am sure.

Spyware apps are even worse than antivirus applications when it comes to detection, and speaking of detection...the latest versions of mcafee and Symantec AV catch what is classified as "expanded threats" or spyware to you and me. It rarely catches spyware, but I think this is a trend we will see in the near future. It's only fitting that the AV companies be forced to incorporate anti-spyware with the anti-virus. Symantec and mcafee will probably fight over buying out lavasoft or pestpatrol. only time will tell.

To answer your questions MsM,

User's are extremely notorious for being weak links, and our environment is no exception. The classes we have given out to user's have helped us receive less ticket's when it comes to Spywares. Although, true there are still weak links here and there we fight less fires and user's have become better educated. As for WebSense, our IT department has pushed for it, but management still has it on the table for review.

As for patient information being released out into the open. You are correct we do need to strive to create 100% security due to the sensitivity of our information, and we are working towards achieving that 100%. As for my spywares comment, I really felt a homer *DOOH* when i re-read my post, I cant believe I wrote that, which is funny because I know better.. It was an inexcusable slip of the fast typing.

Quote:

---

I believe as an administrator that spywares do only tack things like where people go

---

Do you also then believe as an administrator that these spywares are using your bandwidth? After a time you'll find you've accumulated enough of them to slow your net down - then what?

I did a 'bubba' job for a neighbor's business just 3 days ago - he was swearing up and down to me he needed a new server. Now, I could've sold him a nice high dollar box to put on his net, moved all his files over, got it setup and configured, and made a fat amount of labor off him - but this guy's my friend and I'm ethical - His problem was just what I just described to you. He'd been doing regular virus scan updates and regular scans to his net, all was going well and applause to him for that, but both he and his employees had overloaded the net with spyware. On his machine alone spybot found 235 instances of the junk. That cleanup plus a quick msconfig on his machine (he was a sucker for systray items) had him up and running quite nicely, and took about 2 hours of my time. As an administrator which would you rather pay me? A new server + install, or 100 bucks for a cleanup?

I'm sure I saw a snippet the other day on the news about how AV progs will be carrying anti-spyware stuff on them as well. I honestly hope they do, and if they find it economically feasible to do this, it'll be because the business world finally woke up to the problem.

Just an update to my earlier post here..

Pest Patrol was acquired by Computer Associates,
and Symantec claims to be about 6 months away from adding spyware removal to their Symantec Client Security package.

I'm in the process of evaluating anti-spyware for a large corporation. I see the antispyware software industry very immature in enterprise level versions. Only 2 that I know of support centrally managed versions (PestPatrol and SpySweeper). Additionally, in my testing of multiple products, none of them are 100% effective. Corporations don't want to pay for something that is going to let thinks thru.

Even if you select a product, there is going to be one uncomfortable aspect that corporate management will have to deal with - how the machine got infected. I've piloted PestPatrol and scans of various laptop users and it showed a lot of cookies and such that come from browsing porn sites. Also, people put tools on their PCs that end up being detected (Eraser 5.7 is considered hacking spyware on my PC, and various VNC tools get detected).

A corporate VP whose laptop is scanned and a centrally managed antispyware log reports that he is infected and the source was a cookie from hotteens.com is going to be a little embarrassed.

shroutosaur,

A couple of questions: Have you looked into a tool like Websense to control what happens? and have you considered permanently removing IE and forcing users to use non-IE programs like Firefox, Mozilla, Opera?

No program will be 100% effective (even AVs aren't 100% effective). But if we can do steps to mitigate it as much as possible, then we are making it harder for spyware and/or other malicious types from gaining access.

Shroutosaur
Not only will he be a little embarrassed...he should be a little fired too.

We are in the process of evaluating anti-spyware software as well..the debate just reared its ugly head again..

General concensus for us is recommend alternate browsers, and distribute free software until Symantec shows us what it can do..I'm more than happy to look elsewhere though..and my vote was for pest patrol.
I think microsoft should step up to the plate and build something to be perfectly honest...afterall it's IE that has the problem...

Websense is interesting, but would it protect laptops disconnected from the network, working on their home network?

As far as looking at different browser, we are limited by the fact that many of applications require IE, and that these applications are regulated by various government agencies. Firefox is awesome and I'd love to go there. I use it personally.

The problem with a corporate mentality is, especially at the executive level, is that they want their cake and eat it too. They want to browse anywhere on the web they can, let their kids use their laptops to do who knows what, they want full admin rights to their PCs, install any software they want, and oh, by the way protect them from all the bad stuff out there.

Anyways, this forum is great and its good to see I'm not alone.