Combating Spyware in the Enterprise

reviewed by Mike Hubbartt

Few computer users today are unaware of the threat of malicious programs dispersed through the Internet. Opening e-mail, even visiting websites can result in attacks on unwary systems. While Mac users have been spared the plethora of viruses that regularly plague Windows users, there are other types of attacks than can affect Macs, so it is important to know how these attacks can occur and how to prevent them.

Chapter one explains and defines the types of programs grouped as spyware. Useful background information, but not intended to solve spyware problems. Chapter two covers the evolution of spyware - some software was written as ad ware, as some companies merely wanted to track consumer preferences to better aim their product ads. Like chapter one, it is good background data covering the hows and whys spyware was developed, but doesnÕt offer a lot of solutions. For that, move on to the next chapters.

Chapter three covers keystroke loggers, Trojans and back doors, and includes a list of some of each as reference material. This is really the starting point for readers already familiar with spyware. Keystroke loggers track and send the actual keys pressed, enabling a hacker to steal username and passwords as well as private data. Trojans are programs that are meant to be installed on computers to allow someone unauthorized access, and that purpose is masked from users. Backdoors are hidden ways into a computer, which often happens when a hacker exploits Windows and Internet Explorer weaknesses. While good material, this chapter has little information pertinent to Mac users, except those that use Internet Explorer.

Now chapter four is packed with information, tips and tools addressing spyware used for crime and espionage: phishing and bots. Phishing is the technique of sending email to people with a dire warning that something has happened and the user must contact the company immediately and provide confidential information, using the supplied link. And these links appear to access legitimate websites but usually access faux sites that mimic the true sites and ply the user for personal information that can be used to steal money or enable identity theft. A bad situation, but one that is easily addressable by education.

Why should you e-mail your account information, social security number or motherÕs maiden name to someone?  Answer: you shouldnÕt. Ever. But many people fall prey to this ploy every day. Everyone out there that ever received email from Nigeria offering to send millions of dollars, please raise your hands. This is a scam, and the criminals are fishing for targets. Refer to CastleCops.com for help if you suspect youÕre being targeted by phishers, and think twice before you reveal private information in e-mail.

Bots are another matter. They are often used to let hackers gather information or launch remote attacks on websites. Hackers often rent these programs to spammers, as they keep the spammer isolated from discovery and retaliation by ISPs. It can be difficult to detect bots on computers, but the author covers tools and websites (e.g. sysinternals.com) to find and remove these pests. Very good chapter and one of my favorites in the book.

Chapter five goes into spyware solutions for individuals, and covers freeware and commercial applications and tools. There are several places on the internet that will scan for spyware, and the author of this chapter advises that people use more than one tool. This chapter covers the steps to use several spyware scanning tools and discusses toolbar add-ons from 12Ghosts, Yahoo and Google. Only bad news - 12Ghosts and YahooÕs toolbars are for IE users, while Google offers an IE and Firefox version. Not much help for Camino users, but these three toolbars mainly provide popup protection and Camino handles popup without needing an add-on.

Chapter six covers the Windows-specific places spyware uses to hide and tools that can reveal and remove these pests. There are several packages referenced that let a company block access to known spyware-related websites. Good information, but not for Mac users - skip this one and move on to chapter seven.

Chapter seven covers spyware that affects Linux and the Mac, both platforms with some, but near as much spyware as Windows. The author points out that Wikipedia lists 14 known viruses for Linux, and security researchers know of two instances of OS X malware: Leap-A and Inqtana. Leap-A caused little harm to Macs, but could have been a major problem in the Windows world, as is requires user intervention to run. Inqtana-A relied on an OS vulnerability and spread via bluetooth - Apple was quick to provide a patch to address this problem.

Something very important to Intel-based Macs is covered in this chapter. Boot Camp opens the path for a virus to infect Macs when booting Windows, yet infect OS X

damage. A very real danger and one we Mac users must not overlook in the future. The end of this chapter covers MacScan, the only tool designed to remove spyware (keystroke loggers and remote control software) on OS X. While Linux and OS X users have few spyware threats compared to Windows users, we should remain vigilant as Linux and Macs could be targeted more in the future.

Chapter eight goes into locking down IE, developing a security update strategy, securing e-mail and securing Windows. The material on locking down IE is worth reviewing for Mac users that donÕt use Camino or Mozilla browsers; the rest of the chapter is aimed at problems encountered by Windows users.

Conclusion: This book provides good coverage of the problems and threats internet users face with spyware. It not only explains the hazards, but provides links to online references that go into detail on many specific issues, and it covers tools to help find and remove spyware. And each chapter has FAQs at the end, and readers are encouraged to check the publisher website (syngress.com/solutions) to ask questions not addressed in the book. As the authors say, there are many sources of free and commercial tools that remove spyware, and it is incumbent on the user to use these tools to protect themselves.

Recommendation: Although Mac users currently face few spyware problems, we will in the future as the Mac market share increases. This book is recommended for people that access the Internet.