Ten-Minute Guide To Killing Network Malware

If you have any doubts about how serious an issue malware has become, just check in with the company help desk. They're probably in constant motion, trying to revive PCs that have slowed to a crawl.

"It's unbelievable," Forrester Research analyst Natalie Lambert says. "If you ask any company why it has invested in anti-spyware tools, the first thing they'll say is that every PC was running so slowly that they couldn't function."

And it's getting worse, Lambert says. As annoying as spyware and adware might be, someone is making money off it, and that has spawned a whole industry of malware professionals, motivated by the almighty dollar. "It's getting worse because virus and worm writers have discovered that, by switching their skills to spyware, they can make a good living," she says. "They're paid to see how devious they can be."

Indeed, they can be pretty devious. In addition to clogging system processes with so much digital gunk that they barely work, spyware can install keyloggers, Trojans and all kinds of other nasties without users ever being the wiser. "The performance issues are bad enough, but spyware can mean that you have intellectual property getting out to people who you don't want to know your secrets," Lambert says. "This stuff is often installed by drive-by download, so controlling it can be a problem."

Nevertheless, it's not so much of a problem that it can't be controlled. In fact, there are a number of fairly straightforward steps any organization or user can take to kill, or at least start controlling malware in ten minutes. The first step is pretty obvious -- deploy some kind of anti-spyware program. Malware has become so much of a problem that fairly complete and affordable software tools are available from McAfee, Ad-Aware and Symantec.However, anti-spyware tools are only part of the solution. As always a bigger part of the puzzle is making sure that your users are in the loop about system use policies and the malware risk. "One of the most important, but least-done things you can do is to educate users about what spyware does and how it gets onto your organization's systems," Lambert says. "Your users have to know what's at stake."

Part of the problem with spyware is that it often piggybacks on adware; and part of the problem with adware is that users have become conditioned to expect ads. Indeed, ads of some sort, from pop-ups on bookstore sites, to "free," ad-supported Internet access have become so common that it seems reasonable to accept some advertising for a cool, free program.

Not all adware is anything more than annoying, but enough of it is so closely connected to spyware that organizations have to take it seriously. "The thing to remember is that some people are willing to accept the ads so they can use the applications," Lambert says. "Companies can respond by prohibiting certain known adware applications. Better still, it's easier to just allow users to use authorized applications."

Assuming that users follow the rules, that should take care of adware-borne problems, but drive-by downloads are another issue. These usually happen without the user's knowledge, let alone consent, and are a frequent vector for some of the more malicious malware.

"One way to deal with this quickly is just to set browser settings to medium or higher security," Lambert says. "Sure, it's common sense, but not everyone does it."

The last step in malware prevention and control is simply to keep up-to-date with software patches and updates. "Spyware and Trojans sometimes come through software vulnerabilities, so patch management is a big part of it," Lambert says. "As long as you have good patch management procedures, you can prevent one more opening for Trojans."Unfortunately, Lambert says that, while patch management procedures are improving throughout many organizations, it is often overlooked. Admittedly, keeping up with patching can be taxing work, so it is understandable that many organizations approach the process with lukewarm enthusiasm. "The question is about getting acceptable risk with minimum cost," Lambert says. "Some companies can live with more risk than others."

The amazing thing about malware is that most people can remember a time when it just didn't exist. You have to wonder if, with everyone taking the appropriate precautions, and with vendors making anti-spyware tools available at a reasonable cost, we'll ever see the end of the scourge. And with government and regulatory bodies taking a closer look at the problem, surely there will be a legal solution.

Lambert id doubtful. "There's a lot of talk about legislation against spyware and adware," she says. "These are great measures to take, and they might help. But there is also legislation protecting us from spam, and it certainly hasn't gone away."

It's a sobering thought that we could be stuck with malware forever.