Indian buyer's guide to antispyware

Indian buyer's guide to antispyware

Tags:   antispyware strategy  buyer's guide  security threats

By Anil Patrick | Jun 22, 2009

As most Indian CIOs will readily attest, an antispyware strategy is not an easy task, considering spyware's ever-evolving nature. Many attackers use "blended attacks" that involve sending a spam email containing a link to an infected site. "Antimalware defenders try to block access to malware sites, but these sites keep moving, and in any case the attackers rely heavily on corrupting legitimate websites, making it difficult to rely on the reputation of a website in deciding whether to allow access," says Graham Titterington, principal analyst, Ovum.

So, what exactly constitutes spyware, and as a CIO, how do you go about buying an antispyware solution for the Indian business?

Understanding spyware

The generally accepted definition of spyware, also known as privacy-invasive software or potentially unwanted application (PUA), is any form of software that monitors a user's actions without his explicit consent. Spyware started out as a covert way to monitor user behaviour but has now taken largely criminal proportions.

Today, many spyware programs perform nefarious activity such as installing unwanted applications, stealing sensitive user information such as credit card details, hogging organizational bandwidth, relaying spam, changing network/client security settings and even assuming control of infected computers to launch distributed denial-of-service attacks.

Hindrances to spyware detection

Spyware detection and removal is difficult with the existing antivirus and antispyware solutions. When it comes to spyware detection, the traditional approaches rely mainly on detecting the code of known malware samples, aka "signatures". The underlying premises in these solutions are not in sync with the changing business and threat environment.

As Nugyal explains, the signature-based antispyware solution does not account for aspects such as dissolving the perimeter -- nor does it consider proliferation of alternate networks such as Wi-Fi, dial-up, infrared, Bluetooth and WiMax. "These solutions prove insufficient when dealing with aspects such as mass-scale bot infections and complex root kits. Today, social engineering through Web 2.0 vectors is highly evolved and difficult to detect. Yet another difficulty is the very quick hopping of C&C, phishing and suspect sites to new IPs," says Nugyal.

 
 
1234

Similar

Related Articles

Add comment

Post a Comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <img /> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <embed> <object> <strike> <caption>
  • Lines and paragraphs break automatically.
  • Use <!--pagebreak--> to create page breaks.

More information about formatting options

 

Similar

Related Articles

knowledge_central_tab

 
 
Knowledge Central
Outlook: Emerging security technology trends
As part of an ongoing discussion from IBM, this white paper helps us to gain a perspective on the security challenges organizations will face in the next few years. What fundamental technology trends are expected to impact organizations this and the following years? And how can organizations position themselves to profit from the myriad opportunities while managing the risk that inevitably accompanies them?
Top 10 challenges for managing emails
MessageLabs surveyed 157 IT professionals to understand the difficulties and opportunities faced by email managers. What kept them awake at night? What cost the most money or took the most time? And from these responses highlight some easy-to-manage solutions to their most pressing problems. This paper presents the results of the survey and actionable recommendations.
 
 
 
Hong Leong Financial opts for Juniper Networks at new Malaysia head office, data center
Hong Leong Financial Group Berhad builds complete and seamless data center and office network infrastructure with Juniper switches, security devices and Junos software.
Budget-conscious NGO cuts costs and improves IT productivity with Symantec
St James' Settlement reduces staff time spent on data protection administration by 80% and on software inventories by almost 100%.
 
 
 

Recent popular content

Most Read
Tripwire steps into SIEM territory
What to do with Microsoft SMB2 vulnerability
Internet Explorer vulnerabities cause data leakage
Microsoft expands SDL program
Top 10 challenges for managing emails

Site map
Search Security Asia
About Us
Print/Digital Subscription
Sales
Feedback
Security Tips
Expert Opinions
Research
White Papers
Case Studies

Blogs
Topics
Application security
Disaster recovery and business continuity
Identity management and access control
Information security careers, training and certifications
Topics
Network and Internet Security
Security best practices
Security threats
Surveillance and facilities management
Media
Videos
Podcasts
Webcasts
News
RSS