Contain malware - before being driven 'mal'

Spyware, a form of malware (malicious software) that literally spies on computers and their usage, is currently the rogue of the IT security sector.

With surveys claiming that anything between 60-90% of all Internet-connected computers are infected with some form of this growing threat, spyware has ousted viruses from the throne as the most pernicious and problematic form of undesirable programming in the business - and private - sectors.

According to Richard Hepplestone, application performance management consultant at Compuware, spyware initially emerged as a benign application, as innocent as cookies. "Cookies are simple programs that recognise your PC when next you surf a site. It allows you to automatically log-in to certain sites without filling in all your details again," he explains.

However, Hepplestone says this simple application can be easily abused. Tracking surfing habits allows any person or company to know which sites you visit, how often, and for how long. More troublesome is the use of keystroke loggers that can note every keystroke you input while on a web site, including passwords. This program then e-mails the information off to another address - all without the user knowing what is happening behind the scenes.

"In a corporate setting, spyware can be enormously worrisome. Most spyware easily navigates through firewalls and anti-virus software. Anti-virus software is only now tackling the problem, but spyware may already have affected many corporate networks. Imagine the very real possibility for corporate espionage or your customer's sensitive information being stolen," says Hepplestone.

Spyware can also significantly impact a company's IT network, with the traffic generated by the programs consuming valuable bandwidth necessary to ensure the effective running of dispersed applications.

Hepplestone believes one of the best solutions to identify the presence of spyware is an effective network monitoring tool.

"Such products enable network administrators to retain, examine and manipulate network and security information - giving a comprehensive enterprise-wide view of current and historical usage data for each connection. This allows the network administrators to analyse and notice any unusual trends or unauthorised network utilisation - typified by clandestine spyware behaviour.

"A product like CompuwareVantage, for example, can pinpoint which sites on the Internet are accessed from a specific workstation at a particular time, making it easier to identify possible origins of spyware programs. The application performance management solution also enables the administrators to set thresholds and alerts that immediately notify them when there is potential malicious activity on the network. Then they can quickly identify the individual machines that are producing illegitimate traffic," she explains.

By identifying each application running on the network and monitoring the traffic generated over time, it becomes easy to spot any suspicious activity. Any change in network traffic patterns can raise a red flag for spyware activity. With Vantage, the offending application, machine, or person can then be easily identified and annulled - before the spyware is able to cause any damage.