The Spy in Our Midst

As so often happens with the Internet, minor annoyances that have been around for a long time become major problems simply by virtue of their sheer volume. For years, spam e-mails have been a source of irritation, but now they have turned into a real plague which poses a costly threat. The development of spyware and adware has followed a similar pattern. Ways of finding out the surfing behavior of a user and sending him specially targeted advertising have been around for a long time. However, more and more users are now seeing their private and business IT security jeopardized by these programs.
The terms adware and spyware are often used synonymously, but this is a very coarse simplification. There is one tiny but key difference between these two types of program. Adware is not deliberately malicious. The purpose of this software is to fill pop-ups or advertising banners on the Internet with targeted content geared to the supposed interests of the user – a practice that can indeed benefit the user. Nor is adware installed secretly as a rule – the user must give their explicit consent. What’s more, adware often helps finance free software. The developer incorporates the adware of a third-party provider in his product and gets paid for doing so. The software can then be used free of charge by the end user. Small programs such as icon collections are almost always financed by adware, but high-quality software like the alternative browser “Opera” also adopt this strategy.

Sneaking in through the backdoor

Spyware on the other hand secretly spies on PCs and users and sneaks into the computer without the user’s knowledge. Forrester Research defines spyware as “any sort of code that records the behavior of the user without his or her explicit consent”. Spyware is not always aimed at targeting the user with advertising. What viruses and worms can do, spyware has been doing for a long time. As well as “remote control” of the PC by a third party, these spies also search for passwords or credit card details. In the worst cases, spyware records all the keystrokes and sends this log to a remote computer. While spyware is always an unwelcome guest on the PC, adware can be to the user’s benefit. Simply by surfing the Internet, a user can contaminate his or her PC with spyware. If the computer does not have the latest patches, software can be installed secretly when opening a website.
The big problem with detecting adware and spyware is that it is very hard to distinguish between good and bad by automatic means. Malicious spyware is in principle no different in terms of its structure to adware that the user wants to have on his computer or accepts as a way of financing a useful tool.

The spread of spyware

Adware and spyware are a phenomenon that has increased dramatically over the last few years. For example, a recent study by security company Blue Coat Systems found that 84 percent of 300 IT managers surveyed had witnessed an increase in or a consistently high level of spyware over the last three months. In a study conducted in spring 2004, web content filter provider Websense revealed that every third computer within a company is infected with spyware. An investigation by Equation Research commissioned by software manufacturer Webroot found that over 80 percent of 275 IT managers surveyed had detected spyware on their systems. The figures seem to indicate a trend, with market researchers IDC reporting very similar findings. According to an IDC study in December 2004, 67 percent of all PCs have been attacked by spyware.
The danger posed by this type of software is not to be underestimated. Meta Group classifies spyware as a “extended threats”. However, it is not just the criminal activities of malicious spyware that put companies under threat. Analysts believe the principal danger of adware and spyware lies in the fact that the software is often badly programmed and therefore undermines the stability of browsers and PCs. It occupies unnecessary bandwidths in the corporate network and keeps the user support busy with unstable clients, which results in additional costs. Forrester Research also warns about spies on the hard disk. “In addition to the impact on performance and bandwith, organizations have complained of information theft, in some cases, serious theft”, said a paper drafted in May 2004.

Manufacturers’ response

Naturally, the software manufacturers have also recognized that spyware is a serious issue. In his speech at the RSA Conference in San Francisco in February this year, Microsoft boss Bill Gates ranked spyware alongside phishing as a form of “social engineering”. Gates summed up the special feature that distinguishes spyware from other IT threats: “These are cases where from a technical point of view there’s no exploit or anything, they’ve simply taken the privilege of the user and fooled them into running code that they don’t want to run.” In last year’s takeover of anti-spyware provider Giant, Microsoft acquired the necessary technology and on this basis is set to launch a tool for Windows 2000 and Windows XP operating systems.
However, most providers have not yet targeted their solutions to the needs of corporate customers. Forrester Research states in its paper of May 2004 that almost all tools for removing spyware are geared to home users. They lack key features such as central administration and are therefore ill suited for use in large corporate infrastructures. However, security software providers have pinpointed an increasing need and are adapting their suites accordingly. At this year’s CeBIT, some of the solutions on show featured integrated spyware protection. For instance, Finnish provider F-Secure presented the Beta version of its “Client Security 6.0”, due for official release in May 2005. The product has an integrated spyware blocker, “Adware Pro”, and will be sold as both a corporate and an end-customer solution.
Virus protection manufacturer McAfee has also reacted to market needs and is offering central administration of its spyware solution for SMBs in the new version of its “Protection Pilot”. Russian security specialist Kaspersky Labs is also paying more serious attention to this issue. In the new version of its security suite, for example, the options for averting attacks such as browser hijacking have been expanded. Web filter systems provider Blue Coat Systems has now included spyware in its product as a category to be blocked.
The market for anti-spyware solutions has excellent prospects. IDC is forecasting huge growth in sales – from USD 12 million in 2003 to over USD 300 million in 2008. This is because, just like spam, spyware and adware has crossed a threshold. The mass of spies that can now worm their way into a PC will sooner or later require effective solutions to stop it becoming a plague.

Jan Schulze
Jan Schulze