Webroot Aims To Weed Out Enterprise Spyware

According to an April survey, spyware has become a major privacy invasion interview, placing sensitive data at risk.

June 15, 2004

4 Min Read
Network Computing logo

Webroot on Monday shipped Spy Sweeper Enterprise, its corporate-level anti-spyware server-client solution that follows by just a few days the roll-out of a similar product from rival PestPatrol.

The tag used for software loaded surreptitiously on systems, "spyware" typically piggybacks on popular programs such as file-sharing tools. It can be used for relatively innocuous tasks, such as tracking a user's online activity, or can be placed on systems by hackers to later insert key loggers to steal personal data.

Spyware is a major problem according to a survey of more than a million systems that Internet service provider EarthLink and Webroot did in April, when the two companies found nearly 28 pieces of spyware on the average PC. The most recent EarthLink-Webroot spyware audit, said David Moll, the chief executive officer of Webroot, showed an even more disturbing trend.

"[April's survey] was scary enough, but in our newest audit we discovered half a million key loggers on the million and a half machines investigated," Moll said of the yet-unpublished numbers.

"Spyware is a serious privacy invasion issue, especially in any enterprise where there's sensitive data, such as financial services, the high-tech industry, the legal community, and health care," Moll added.Like PestPatrol's Corporate Edition 5.0, Webroot Spy Sweeper Enterprise takes a server-client approach to detecting and deleting spyware across a network, then puts the controls in the hands of administrators, not end users, to guarantee that spyware is eliminated company-wide.

Spy Sweeper Enterprise is composed of a server component -- which is installed and maintained on the customer's hardware by Webroot -- a centralized administrative console to manage deployment of the anti-spyware tools, and a client that's installed in the background by IT to Windows-running desktops.

"We're taking the well-proven architecture from the anti-virus world -- centralized management and client deployment -- to lock down the," said Moll.

The Webroot Enterprise Server periodically downloads new spyware definitions and profiles to keep the defense up-to-date, while the management console allows IT staff to set spyware sweep schedules and anti-spyware policies, generate infection notifications, and produce reports. Administrators can set the server component to automatically handle all new spyware threats -- scanning the systems, deleting the spies, and repairing any damage done -- or manually review the proposed maneuvers before giving the OK.

Scans can be forced on systems that re-connect with the network -- a laptop, say, brought in from the field and jacked back into the environment -- but Webroot's not yet able to scan machines proactively before they log on. "We're working toward the ability to recognize and authenticate [before log on], but that's something best addressed holistically. It's something bigger than us right now," said Moll.Webroot's prime competitor for enterprise anti-spyware dollars, said Moll, is PestPatrol, an opinion seconded by Eric Ogren, an analyst with Yankee Group. "PestPatrol and Webroot are the two best positioned here," said Ogren.

Moll pooh-poohed the idea that traditional anti-virus firms, such as Symantec and McAfee, were major threats to Webroot's spyware business. "It's laughable the job they've done so far," he said.

The problem for security vendors coming out of anti-virus, Moll claimed, is that they're trying to fit a round peg into a square hole.

"At the end of the day the difference that underlies spies versus viruses make it harder [for them] to slam in a new definition. If you're a Symantec, you want to use the hammer that's in your hand, but getting rid of spyware is more complex than deleting viruses.

"It isn't just detecting and deleting one or two little files. Spyware is structured in an extremely complex way, with some making as many as 20,000 changes to the [Windows] Registry," he said.Remove those changes in the wrong order, Moll claimed, and "you muck things up so that they're worse than when you started."

Webroot and PestPatrol, he said, have much greater experience with spyware, and have databases of spy signatures that vastly outnumber the ones used by other security firms.

"Removing spyware is so complex that we've gone to a one-to-one removal method. That's something [anti-virus vendors] are going to be struggling with. They simply can't retrofit their anti-virus engines to handle spyware," he added.

"There's going to be an arms race [in spyware] just as in viruses," promised Moll, because one of spyware's underlying themes is a financial motive [unlike viruses]. You can count on a big spiraling battle in the enterprise."

Webroot Spy Sweeper Enterprise is available now, costs $12 to $20 per seat per year, and requires a server running Windows NT 4.0 SP5, Windows 2000, Windows XP, or Windows Server 2003.0

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights