News

SHARE: Businesses Still Not Taking Spyware Seriously

• By Kathleen Ohlson
• August 29, 2005

Most businesses have tackled viruses, hammering best practices into their users and implementing anti-virus software. However, these same enterprises and their users still don’t realize spyware’s potential damage, according to a session at a recent SHARE user conference in Boston.

“Viruses became a significant problem when they made it so mainstream, and the world had to react,” says Robert Stanley, a SHARE board member who led the near-capacity session, “Spyware 201: Spy/Anti-Spy Software: What is it and why should I care if E.T. phones home?”

“[Spyware] hasn’t reached the conscience of the executive, and if it’s not reached the corporate level yet,” Stanley says, so vendors aren’t rushing into selling anti-spyware software. “There’s no money equation to sell [anti-spyware] software,” so businesses must rely on “enthusiastic believers,” he says. Companies that market spyware detection software include LavaSoft, JavaCool Software and PepiMK.

Some businesses rely on VPNs, firewalls and other technology for their security protection—almost too much, Stanley adds. “VPNs are [generally] lazy in performance, and not all of the data is encrypted,” he says.

This false sense of security is certainly part of the reason businesses don’t realize spyware’s potential damage. Spyware creates all sorts of headaches, from identity theft, system destruction or degradation to the invasion of privacy. Spyware frequently tracks which apps are running and logs keystrokes to capture passwords or credit cards numbers. Spammers often use spyware to track users’ surfing habits for future attacks.

Browsers aren’t the only launching pad for spyware; cell phones, pagers, gaming systems, satellite-based navigation systems, vehicle diagnostic system and smart cards are devices that can used to send spyware.

According to ScanSafe, spyware now accounts for approximately 20 percent of Web-based threats like worms and Trojan horses. The Web security firm says spyware transmissions sent to the “mother ship” accounted for up to 8 percent of the total outbound Web traffic during a recent 10-week pilot test.

The added challenge is there’s spyware that is not harmful, which makes it tricky for enterprises to track spyware in general, according to Stanley. For example, loyalty cards to supermarkets, department stores and other retailers track a customer’s buying habits, creating profiles and services such as discount coupons based on the customer’s habits.

“The question is where does trust begin, and where does trust end,” Stanley says.