Desktop antispyware not up to scratch
- 16 March, 2005 08:34
Desktop antispyware software isn't doing the job, IT professionals have concluded.
According to an international survey by proxy appliance company Blue Coat Systems, 72 percent said desktop antispyware programs were ineffective in protecting their networks. Blue Coat surveyed 339 IT staff who used programs from Computer Associates International (PestPatrol), Kaspersky Lab, Lavasoft (Ad-Aware), McAfee, Microsoft, Spybot, Symantec or Webroot Software.
Eighty-four percent of respondents, from large, medium-sized and small organizations, reported their spyware problems were the same as or worse than three months ago, Blue Coat said.
Techworld found this conflicted with findings for home broadband users in the U.S. whom the National Cyber Security Alliance, an industry body, said saw a reduction in infection from 91 percent in February 2004 to 80 percent in October.
Steve Mullaney, vice president of marketing for Blue Coat, said: "While desktop software is the only answer for consumers, enterprises are likely to see their costs spiral unless they implement a 'defense-in-depth' strategy that includes a gateway antispyware solution."
Paul Wood, chief information analyst at e-mail security company Message Labs, said that because spyware was a grey area -- encompassing legitimate employer control programs and approved data harvesting as well as Trojan-type material and other malware -- it needed expert management.
"It's not like buying a washing machine or fridge-freezer, it's something you have to manage and look after.
Blue Coat's approach is to provide dedicated appliances on the edge of the company network to filter traffic. Message Labs offers an outsourced managed service.
Wood said IT managers had enough on their plates dealing with frequent Windows security upgrades to thousands of computers, for example, without having to be experts on the latest criminal IT threat from anywhere in the world -- hour by hour, day by day.
"We believe desktop software is certainly not as effective as you would expect in this area," he said. "It's a grey area, as well as spam and software for conducting phishing scams, you also get spyware as a legitimate part of applications -- for example music file-sharing. It's free but in return the end user licence agreement may allow them to use information about your Internet activities for marketing." He said some parental control programs allowed keylogging. "Desktop software has problems, especially when dealing with legitimate applications. Desktop software programs err on the side of caution."
He said the other major problem in IT managers relying on a desktop software approach was a lack of speed in response to new threats.
No matter how good the software, there was always an average 10 hour gap between a new threat breaking out and a sample being taken by the software companies through which their products could identify and block the new problem, he said.
"There is a window of vulnerability, it can spread quite considerably. The bad guys are sending out much more quickly and get a certain number out. Safety depends on your specific antispyware software identifying something as spyware.
Managed services, like that from Message Labs, route customers' email through central servers. The company has a global operation, which Wood said allowed it to respond to new threats faster.
"Normally, if something happens on the other side of the world, you're not going to know about it until it affects you."
He added that unless security is an IT manager's expert subject it's hard to ascertain the level of risk from each threat and therefore to prioritize. "IT managers are trying to deal with more regulations all the time -- corporate governance and so on. As e-mail gets bigger it becomes more of a burden, you have to look at scaling up.
"People are now realizing that desktop software isn't that effective against this stuff," he said.