Spyware in the office

Computerworld - In a perfect world, corporate laptops and desktops would be outfitted with only authorized software that was appropriately configured, always up to date and patched, and protected by layers of security. Corporate information security policies would be painstakingly followed by professionals who never failed to employ best practices. IT audits, in turn, would be a formality -- a regular activity that simply confirmed a flawless IT environment.
What's far more likely is that corporate laptops and desktops include outdated, misconfigured and even unapproved applications. Users might download free games, utilities and media players on their corporate laptops or desktops or install peer-to-peer file-sharing programs.
In many cases, use of such utilities and programs is against corporate policy and a security risk to the organization. Why? Because many of these popular programs include spyware.
Threat or nuisance?
Spyware, sometimes called adware, snoopware or sneakware, is software that secretly gathers information about a user and relays that information to another party over the Internet. In many cases, users unknowingly install spyware when they download freeware or shareware, even though references -- often obscure -- to spyware might be included in the program's end-user agreement. In other instances, spyware programs are automatically installed when a user simply views an HTML e-mail or visits a certain Web page.
At its mildest, spyware is a simple tool used by advertisers to track users' Web-surfing preferences.
At its worst, spyware is used to monitor keystrokes, scan files, install additional spyware, reconfigure Web browsers, snoop e-mail and other applications, and more. Some of today's spyware can even capture screenshots or turn on webcams.
In a corporate environment, these capabilities pose a major threat to corporate security, especially since much of this activity goes on without anyone's knowledge.
Even in computing environments that encrypt data, spyware remains a threat to the security of corporate data because its keystroke-logging components capture input before it's encrypted.
An aid to spam
But that's not all. Spyware also leads to spam and vice versa. When spyware finds e-mail addresses, it sends them back out over the Internet to be traded, shared or sold to spammers. When unsolicited commercial e-mail finds a user who clicks to see an advertised product, spyware secretly downloads as the advertisement unfolds. This creates an administrative nightmare for corporate IT professionals, not to mention the legal implications it introduces as inappropriate content floods in-boxes.
Spyware also consumes memory and system resources. Because it constantly phones home to deliver user information and then sends back more pop-ups, banner ads

Spyware in the office

Computerworld - In a perfect world, corporate laptops and desktops would be outfitted with only authorized software that was appropriately configured, always up to date and patched, and protected by layers of security. Corporate information security policies would be painstakingly followed by professionals who never failed to employ best practices. IT audits, in turn, would be a formality -- a regular activity that simply confirmed a flawless IT environment.
What's far more likely is that corporate laptops and desktops include outdated, misconfigured and even unapproved applications. Users might download free games, utilities and media players on their corporate laptops or desktops or install peer-to-peer file-sharing programs.
In many cases, use of such utilities and programs is against corporate policy and a security risk to the organization. Why? Because many of these popular programs include spyware.
Threat or nuisance?
Spyware, sometimes called adware, snoopware or sneakware, is software that secretly gathers information about a user and relays that information to another party over the Internet. In many cases, users unknowingly install spyware when they download freeware or shareware, even though references -- often obscure -- to spyware might be included in the program's end-user agreement. In other instances, spyware programs are automatically installed when a user simply views an HTML e-mail or visits a certain Web page.
At its mildest, spyware is a simple tool used by advertisers to track users' Web-surfing preferences.
At its worst, spyware is used to monitor keystrokes, scan files, install additional spyware, reconfigure Web browsers, snoop e-mail and other applications, and more. Some of today's spyware can even capture screenshots or turn on webcams.
In a corporate environment, these capabilities pose a major threat to corporate security, especially since much of this activity goes on without anyone's knowledge.
Even in computing environments that encrypt data, spyware remains a threat to the security of corporate data because its keystroke-logging components capture input before it's encrypted.
An aid to spam
But that's not all. Spyware also leads to spam and vice versa. When spyware finds e-mail addresses, it sends them back out over the Internet to be traded, shared or sold to spammers. When unsolicited commercial e-mail finds a user who clicks to see an advertised product, spyware secretly downloads as the advertisement unfolds. This creates an administrative nightmare for corporate IT professionals, not to mention the legal implications it introduces as inappropriate content floods in-boxes.
Spyware also consumes memory and system resources. Because it constantly phones home to deliver user information and then sends back more pop-ups, banner ads

Three steps for defending against internal threats

Computerworld - Mydoom and its variants demonstrate the threats that worms and viruses pose to internal corporate networks. They have crawled their way into enterprise networks across the globe, propagating, wreaking havoc and forcing IT administrators to work overtime to rid their systems of the pests.
For years, computer security experts and analysts have been talking about internal threats to enterprise information, yet no elegant solutions have presented themselves. Risks from internal threats are the most difficult to defend against and are generally more damaging than better-known external threats.
Companies today face a delicate balance between empowering employees and protecting corporate resources. Today's firewalls go well beyond traditional packet-header inspection; instead they examine packet contents and reassemble traffic to investigate the data in its intended formats. This progress comes as shifts in the market have reduced costs. It's time to rethink internal enterprise security options.
First let's look at some of these key threats -- worms and internal hackers.

Disruptive worms
Worms such as Mydoom and Sobig are among the latest internal threats. A worm will typically be launched externally, but once inside a network, the IT administrator and staff must stop the worm and minimize the internal damage from the infestation. Blended threats are extremely disruptive, consuming corporate and IT resources to stop their effects and repair damaged systems. Each new worm is more complicated and destructive than the last.

Internal hackers
Once a hacker has access to a network, his work is generally three quarters complete. An internal hacker might be a strong technical resource within an organization. With a keycard to enter the building, the hacker might have all the authorizations needed within a typical enterprise to access just about any information needed. This employee level of access is the main reason internal threats are so detrimental. Further, the introduction of wireless technology into the workplace and the general acceptance of telecommuting have all but made physical security obsolete.


Technology advances, markets shift
Advanced threats combined with market and technology shifts are encouraging businesses of all sizes to deploy enhanced internal threat protection. Meanwhile, the cost of security technology has dropped considerably over the past few years as technologies like firewalls and VPNs have become commodities. As these traditional technologies mature, efforts are made to extend the life of existing security and networking equipment as with complementary departmental gateway antivirus devices.
Below are three simple and relatively inexpensive steps your company can take to better defend against internal threats.

1. Deploy 'intrawalls' (firewalls between departments)
Firewalls are commonplace and

Three steps for defending against internal threats

Computerworld - Mydoom and its variants demonstrate the threats that worms and viruses pose to internal corporate networks. They have crawled their way into enterprise networks across the globe, propagating, wreaking havoc and forcing IT administrators to work overtime to rid their systems of the pests.
For years, computer security experts and analysts have been talking about internal threats to enterprise information, yet no elegant solutions have presented themselves. Risks from internal threats are the most difficult to defend against and are generally more damaging than better-known external threats.
Companies today face a delicate balance between empowering employees and protecting corporate resources. Today's firewalls go well beyond traditional packet-header inspection; instead they examine packet contents and reassemble traffic to investigate the data in its intended formats. This progress comes as shifts in the market have reduced costs. It's time to rethink internal enterprise security options.
First let's look at some of these key threats -- worms and internal hackers.

Disruptive worms
Worms such as Mydoom and Sobig are among the latest internal threats. A worm will typically be launched externally, but once inside a network, the IT administrator and staff must stop the worm and minimize the internal damage from the infestation. Blended threats are extremely disruptive, consuming corporate and IT resources to stop their effects and repair damaged systems. Each new worm is more complicated and destructive than the last.

Internal hackers
Once a hacker has access to a network, his work is generally three quarters complete. An internal hacker might be a strong technical resource within an organization. With a keycard to enter the building, the hacker might have all the authorizations needed within a typical enterprise to access just about any information needed. This employee level of access is the main reason internal threats are so detrimental. Further, the introduction of wireless technology into the workplace and the general acceptance of telecommuting have all but made physical security obsolete.


Technology advances, markets shift
Advanced threats combined with market and technology shifts are encouraging businesses of all sizes to deploy enhanced internal threat protection. Meanwhile, the cost of security technology has dropped considerably over the past few years as technologies like firewalls and VPNs have become commodities. As these traditional technologies mature, efforts are made to extend the life of existing security and networking equipment as with complementary departmental gateway antivirus devices.
Below are three simple and relatively inexpensive steps your company can take to better defend against internal threats.

1. Deploy 'intrawalls' (firewalls between departments)
Firewalls are commonplace and

Top execs urged to zero in on security

Companies should make information security a focus at the top levels of management and corporate strategy, rather than leaving the issue solely to technology departments, the group said as part of a policy statement on digital security.

Making the issue a top-level focus would alert more companies to the dangers and costs of viruses and computer break-ins, as well as improve overall national security, the group said.

Top execs urged to zero in on security

Companies should make information security a focus at the top levels of management and corporate strategy, rather than leaving the issue solely to technology departments, the group said as part of a policy statement on digital security.

Making the issue a top-level focus would alert more companies to the dangers and costs of viruses and computer break-ins, as well as improve overall national security, the group said.

Microsoft investigates 'download warning' flaw

Microsoft has said it will take "appropriate action" to fix a problem in Internet Explorer and Windows XP SP2 that allows a malicious Web site to bypass the browser's warnings when downloading potentially harmful content.

On Monday, French Web site K-otik published exploit codes that could take advantage of the vulnerability. On Tuesday, a Microsoft representative said that the risk from the flaw is low because "significant user interaction and user interface steps have to occur before any malicious code can be executed."

However, the software giant did admit that it was possible to bypass the security warnings in IE--even when using Windows XP with Service Pack 2.

"Microsoft is investigating this method of bypassing the Internet Explorer download warning and will take appropriate action to cover this scenario in order for customers to be properly advised that executables downloaded from the Internet can be malicious in nature," the representative said.

The representative acknowledged that if the file were saved in the start-up folder, it would automatically run the next time the user restarted his computer.

"The user must go to the folder containing that executable and choose to run it, or log off and log back onto the computer if the attacker attempted to save the malicious executable into the user?s Windows start-up folder," the representative said.

However, the representative said the problem was not a security vulnerability but actually a clever use of social engineering.

"It is important to note that this is not the exploitation of a security vulnerability, but an attempt by an attacker to use social engineering to convince a user to save an executable file on the hard drive without first receiving the Internet Explorer download warning," the representative said.

Still, some security experts disagree with Microsoft on this point.

Sean Richmond, senior technology consultant at antivirus company Sophos Australia, agreed that the exploit would require some user interaction but said this was definitely bypassing a security feature in IE and SP2.

"This is certainly something that is bypassing some of the security features that are meant to be there. It is a way of bypassing the dialogs in IE. It will result in the (malicious) file being saved on the user's computer," said Richmond, who added that the matter would be worse if that file could be saved in a computer?s start-up folder.

Richard Starnes, an information security professional with around 20 years' experience in information security, incident response, computer crime investigation and cyberterrorism, said that legislation could be used to force Microsoft--and other software developers--to improve their code and take financial responsibility for their customers' losses.

"I wonder how solid Microsoft's coding would become if strategic governments around the world removed the liability shield that software manufactures now currently enjoy," Starnes said. "They would then have some real financial incentive to get it right the first time, instead of this Computer Science 101 coding they are continually churning out."

Starnes believes the quality of software development has fallen in the past two decades.

"Most commercial releases of software today wouldn't have made it out of beta 20 years ago," he added.