Spyware: An Update
by Brian Foster - Senior Director Product Management, Symantec Client & Host Security - Friday, 21 January 2005.
All of this recent attention comes as traditional notions of spyware are evolving. Indeed, Gartner in July noted that spyware has evolved -- from simple cookies to a range of sophisticated user-tracking systems. The researcher went so far as to issue a report this summer titled ďA Field Guide to Spyware Variations.Ē

In that report, Gartner observed that, midway through 2004, its clients were seeing a ďsurge in manifestationsĒ of spyware. Moreover, new methods to snare users are appearing all the time, including greater exploitation of multimedia and mobile and wireless systems. Gartner clients reported that cleanup efforts typically take a few hours; however, in no time at all, the same systems will become infected again.

Gartnerís research underscores a key finding of the latest Symantec Internet Security Threat Report: namely, that these violations are becoming more problematic. The Threat Report found that six of the top 50 malicious code submissions to Symantec Security Response in the first six months of 2004 were adware.

The Threat Report noted that adware packages perform numerous operations, including displaying pop-up ads, dialing to high-cost numbers through the systemís modem if one is present, modifying browser settings such as the default home page, and monitoring the userís surfing activity to display targeted advertisements. The effects range from mere user annoyance to privacy violations to monetary loss.

Reasons to be vigilant

While the threats posed by these programs may be difficult to quantify, that doesnít mean they arenít a security concern to todayís enterprises. Because spyware and adware programs are unauthorized, surreptitiously installed software, administrators have no knowledge of or control over what the programs may be running. For instance, they could be used to monitor usersí browsing habits, constituting a loss of privacy. Most spyware and adware packages are also capable of dynamically updating themselves, often with new functionality that the user is unaware of.

As the Internet Security Threat Report observed, Symantecís research has shown that there are good technical countermeasures to spyware and adware, such as implementing more restrictive Web browser settings. In addition, many companies have security policies in place that prohibit users from downloading or installing unauthorized software on corporate computers. Despite this, users often knowingly engage in activities that risk exposure of confidential information.

For this reason, it is important for users to read and understand the End User License Agreement (EULA) and other notification methods before installing any software. Spyware EULAs typically contain ambiguous language designed to mislead users about the information-gathering functionality of the software. At the same time, it is equally important that software publishers provide users with clear and unambiguous notifications of the actions that their software performs.

For its part, Gartner recommends that IT organizations promote cooperation between end-user groups, technical support, and security teams to ensure that a companyís response to spyware keeps pace with this growing threat to privacy.


As the spate of recent legislative and FTC activity attests, public intolerance of spyware has reached a new plateau. In the enterprise environment, spyware is rapidly becoming a serious security concern, particularly as most corporate networks allow HTTP traffic, the means by which spyware is propagated.

Symantec continues to view spyware as a significant threat and recommends that enterprise users be vigilant about updating their antivirus software. Security administrators should take extra measures to maintain a strong security posture on client systems. They should also ensure that client system patch levels are up-to-date and that acceptable usage policies are in place and enforced.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th