Home Random Page


CATEGORIES:

BiologyChemistryConstructionCultureEcologyEconomyElectronicsFinanceGeographyHistoryInformaticsLawMathematicsMechanicsMedicineOtherPedagogyPhilosophyPhysicsPolicyPsychologySociologySportTourism






SPYWARE HITS BUSINESS

Spyware used to mean annoying pop-up ads at home. Now it?s a tool of corporate espionage.

Antonio Messana was confused. As the systems and technology director of information systems at Banca Fideuram, an asset-management firm based in Rome, Italy, Messana helped the company implement a ?1.5 million security revamp, starting in 2000. But 18 months ago he noticed a 20 percent increase in calls to IT help desk. PCs had slowed to a crawl, and employees were getting frustrated with pop-up windows, which appeared every 10 minutes, even when users were offline. ?No one understood what was happening,? Messana says. After several weeks, he realized what was wrong: Banca Fideuram had been infected with spyware.

Spyware hit home PCs with a vengeance in about 2002, but business IT specialists thought that corporate firewalls and other security measures would keep the problem at bay. They were wrong. In the past year, businesses have increasingly realized that spyware companies are a major threat to them as well. In fact, the problem has gotten so severe that many corporate IT departments have begun to view spyware as their biggest or second-biggest security threat, says Brian Burke, an analyst at IDC, a Massachusetts-based market-research firm. Indeed, in a 2005 survey by ITtoolbox, an information provider for the IT industry, 88 percent of business professionals detected spyware on their networks in the past 12 months.

Corporate firewalls have proven ineffective against scourge because they often don?t prevent employees from downloading files through the Web browser, the main channel through which spyware sneaks onto computers. This can happen in several ways. The more begin forms of spyware ? marketing software that tracks Web sites people go to and generates targeted pop-up adds ? are often secretly bundled in ?free? music, games and screensavers. Other forms of spyware, however, generally hack into networks using techniques such as the ?drive-by download?: software installs itself on a PC the moment the user clicks on a Web site. This more malicious form of spyware is used to steal personal information and trade secrets for profit.

Once inside PCs, spyware is becoming increasingly difficult to detect and remove. The latest versions hide out in the most integral parts of Microsoft?s popular Windows operating system; that makes it difficult to remove without damaging the computer. If that?s not tricky enough, spyware companies have found ways to hide from the computer itself. ?These programs are blowing smoke to disguise the presence of the files,? says Eric Howes, a spyware expert and a graduate student at the University of Illinois. Spyware companies are also building multiple programs onto each computer to monitor each other. ?If one [piece of spyware] goes down, the others replace it,? says Howes. ?We?re at the point now where if you remove 100 [pieces of spyware] and miss one, it?s all going to come back.?

This burgeoning threat is costing businesses some big money ? almost $350 a year per PC in administrative and help-desk expenses, estimates the Radicati Group, a Palo Alto, California, technology market-research firm. And in the past year, antispyware spending has skyrocketed. IDC says antispyware revenue stood at $12 million in 2003 and expects it to reach $106 million this year. It?s no wonder. Banca Fideuram, for instance, has roughly ?60 billion in assets under management; to protect itself, the company pays Computer Associates, the New York-based computer giant, roughly ?250,00 per year for its eTrust Pest Patrol antispyware protection. Thus far, Computer Associates has installed antispyware software on each of the company?s 2,000 PCs. By next year, all 5,000 private bankers that the firm deals with will have protection as well.



But the problem isn?t likely to end there ? not for Banca Fideuram or anybody else. Spyware companies have a huge financial incentive to invent more treacherous ways of circumventing security measures. ?These guys have business teams [and] market plans,? says Roger Thompson, director for malicious-content research at Computer Associates. The surreptitious nature of the industry makes hard information scarce, but Web-root, a Colorado-based security company, estimates that spyware is $2 billion-a-year business.

In the past year the problem has grown large enough that even Microsoft is getting into the antispyware market. The company released a free test version of its antispyware product in January and it plans to offer support on the enterprise level, though it hasn?t said when. Microsoft?s entry has some rival antispyware companies peeved. Gregor Freund, the CEO of Zone Labs, a San Francisco, California-based security company, says Microsoft deserves some of the blame for spyware?s rapid proliferation; its Web browsers and operating system, he says, have security flaws that make them vulnerable to infiltration. ?The extent that Microsoft wants to profit by jumping into the security industry instead of fixing their product? seems to me like an inherent conflict of interest,? says Rick Carlson, the president of Aluria, an antispyware vendor in Orlando, Florida. Microsoft argues that it?s unreasonable to expect every potential security hole to be patched without sacrificing some degree of user freedom on the Internet. The company adds that it?s aggressively improving overall computer security, especially as it relates to spyware.

Not everyone is crying foul about Bill Gates & Co.?s latest foray. Other antispyware companies have welcomed Microsoft?s entry, even it means greater competition. They think the firm will help spawn much-needed innovation, and that the market is big enough for many parties to succeed. ?It?s not possible for any company to identify and prevent all forms of spyware,? says Fernando Francisco, the vice president of strategy and business at Lavasoft, an antispyware vendor in Helsinki, Finland.

Corporations, meanwhile, are taking a hard look at their own advertising practices, which may have inadvertently helped fuel the spyware industry. Their advertising spending has a way of trickling down through the big advertising firms to smaller and smaller Internet marketing firms, which are paid by the number of hits on particular Web sites.

To keep these firms from supporting spyware-related activities, companies such as America Online have implemented a zero-tolerance policy. Some Internet-advertising firms have done the same. ?We?re at a point now where I wouldn?t be comfortable endorsing any of the [major Internet marketing] companies,? says Jeff Lanctot, the vice president of media and client services at Avenue A/Razorfish, an interactive advertising agency. ?[Their] strategies until the last year or so was to get big by any means necessary, and then once you get [there] you ask the industry to forgive you for the sins of the past.?

Now, spyware analysts say corporate pressure is forcing Internet-marketing firms to clean up their acts, or at least appear to be doing so. Leading firms such as Claria, WhenU and 180 Solutions, which call themselves adware or sponsorware and deny any connection to spyware, are now making strides to show their bona fides, says Kent Allen the head of the Research Trust, an online market-research firm. Lawmakers are also beginning to draw a hard line. New York State Attorney General Eliot Spitzer filed a lawsuit in April against Intermix Media, claiming the Los Angeles, California-based company does not give users proper consent before loading their PCs with marketing software. Intermix says it has stopped distributing these programs and the two parties have reached an agreement in principle.

With spyware growing more threatening and harder to remove, this mounting pressure is good news for firms like Banca Fideuram. At war against a shadowy, well-financed enemy, businesses will need all the help they can get.

R.M. Schneiderman

/Newsweek, Aug.22, 2005/

 

Set Work


Date: 2016-06-12; view: 96


<== previous page | next page ==>
IX. Make up a dialogue between two cybercops. Use the words from the article. | V. Points for discussion.
doclecture.net - lectures - 2014-2024 year. Copyright infringement or personal data (0.005 sec.)