No `Silver Bullet' to Fight Spyware, Says META Group.STAMFORD, Conn. -- Enterprises Forced to Battle Extended Threats Using Piecemeal Combination of Policies, Procedures, and Products Through 2005 The spyware threat to enterprise security will increase over the next few years without an enterprise-class tool to prevent it, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. META Group, Inc. (Nasdaq: METG METG Military Effects Test Group ), a leading provider of information technology (IT) research, advisory services advisory services advisory services provided to the public, in their capacity as owners and managers of animals, are an important part of veterinary science. They may be provided by government bureaux, by commercial companies who deal in pharmaceuticals or animals or animal , and strategic consulting. Spyware is typically categorized cat·e·go·rize tr.v. cat·e·go·rized, cat·e·go·riz·ing, cat·e·go·riz·es To put into a category or categories; classify. cat as any unwittingly downloaded software that secretly relays private information from a user's PC to a third party without proper authorization. Different from viruses, spyware has both good and bad properties that make it difficult for traditional antivirus software See antivirus program. (tool) antivirus software - Programs to detect and remove computer viruses. The simplest kind scans executable files and boot blocks for a list of known viruses. to identify and clean up, leaving only a handful of consumer and emerging corporate solutions to combat the problem. An enterprise-level spyware infection can impact a business in numerous ways: --Loss of bandwidth for corporate activities due to spurious advertising traffic --Loss of personal productivity as end users attempt to cope with changing browser behavior and annoying pop-up ads --Increased workload for help desk personnel tasked with manually cleaning desktops --Loss of personal privacy due to cookies that track Web-surfing patterns --Increased teleworking/remote-access cost due to dialer hijacking See modem hijacking. "IT organizations must understand the spyware threat environment and develop a mitigation plan," said Peter Firstbrook Peter Firstbrook (born May 11, 1933) was a Canadian figure skater who competed in mens singles. He won the gold medal at the Canadian Figure Skating Championships three times and competed at the 1952 Winter Olympics, finishing fifth. , senior research analyst with META Group's Infrastructure Strategies. "Unfortunately, there is no 'silver bullet' enterprise-class tool to protect against spyware yet, so the IT organization must address the problem through a combination of policies, procedures, and products until more complete enterprise-class solutions become available in 2005." META Group expects vendors to work toward providing capabilities designed to enable better data protection, privacy, and system integrity, making it more difficult for keystroke loggers to record activities. Antivirus vendors are in the best position to provide extended threat protection once they enable comprehensive actions (e.g., quarantine, remove, ignore, selective ignore), cleanup tools, and a more complete signature database of these extended threats. To fight the extended threat of spyware today, META Group recommends developing policies (including end-user education and patch management The installation of patches from a software vendor onto an organization's computers. Patching thousands of PCs and servers is a major issue. A patch should be applied to test machines first before deployment, and the testing environments must represent all the users' PCs with their unique ) and deploying targeted tools based on trust level and security domain. For relatively static domains, locking the desktop and tightening browser settings using group policies will be the simplest, most effective strategy, albeit not foolproof. Where this is less appropriate, employing a number of business processes -- combined with antivirus, firewall, intrusion detection See IDS and IPS. , and two-factor authentication The use of two independent mechanisms for authentication; for example, requiring a smart card and a password. The combination is less likely to allow abuse than either component alone. See authentication. -- is necessary, including: --Tightening the Web gateway policy to limit downloads and where users can go --Using two-factor authentication to thwart password theft via keystroke loggers --Using PC software asset-tracking tools to monitor desktops for known malicious code --Selectively using single-purpose anti-spyware tools to clean up infected desktops --Deploying enterprise anti-spyware tools as they become available About META Group META Group is a leading provider of information technology research, advisory services, and strategic consulting. Delivering objective and actionable guidance, META Group's experienced analysts and consultants are trusted advisors to IT and business executives around the world. Our unique collaborative models and dedicated customer service help clients be more efficient, effective, and timely in their use of IT to achieve their business goals. Visit metagroup.com for more details on our high-value approach. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion