Minimizing liability and productivity risks: How to control the impacts of spyware, hacker tools and other harmful applications (page 1 of 6)

These unwanted applications, which are not detected by antivirus programs, pose an escalating danger to corporate data security and employee productivity. Businesses that wish to reduce potential liability and improve workforce efficiency will benefit from supplementing existing antivirus and other security strategies with comprehensive protection from these malicious programs.

eTrust™ PestPatrol® Anti-Spyware Corporate Edition (eTrust PestPatrol) from Computer Associates International, Inc. (CA) is a powerful, flexible solution for organization-wide protection against nonviral malware. This white paper explains how CA's unique solution helps companies minimize risk and improve productivity without increasing administrative overhead.

Understanding Spyware, Adware and Other Pests
Today's computer users are under attack from spyware, adware, hacker tools and other unsolicited applications that are often installed without the user's permission or knowledge. Collectively known as "pests" or "nonviral malware," these malicious applications can perform a host of activities ranging from nuisances, such as surreptitiously tracking web-surfing habits and displaying unsolicited advertisements, to potentially devastating actions, such as reconfiguring operating systems and web browsers, monitoring email, logging and transmitting keystrokes (including passwords), and compromising access to confidentialdata. These applications typically enter a PC through one of the following methods:

• Automatic web-based downloads or scripts.
Depending on the security settings of an employee's browser, visiting a spyware — or adware-infested web page can cause these items to be automatically installed on a computer without the employee's knowledge.

• Hidden installation alongside a desired application.
Pests can enter an organization when employees open solicited or unsolicited email attachments or intentionally download and install apparently legitimate applications from the Internet. Legitimate applications, including today's peer-to-peer file sharing programs such as KaZaA and Grokster, often contain adware as part of the installation set. Other more insidious programs illegally install undocumented malware applications whose presence is not disclosed in the licensing agreement. Additionally, they may compromise data security and integrity for the employee's system or the company at large.

• Intentional malicious installation.
Individuals who wish to damage a company or profit from illegally obtaining confidential information can exploit a variety of internal and external vulnerabilities to install malicious applications, such as hacker tools, keyloggers, password crackers and others. In all of the above cases, spyware, adware and other unwanted applications would in most instances not be stopped by firewalls, intrusion detection systems or antivirus programs. These items appear to be legitimate applications, seemingly approved — expressly or tacitly — by the user.

Corporate Liabilities From Spyware, Adware and Other Non-Viral Malware
When pests enter a business, they have the potential to introduce significant legal liabilities (particularly in regulated industries). In addition, they can compromise trade secrets, damage corporate reputation and reduce employee productivity throughout the organization.

Legal Liabilities. Businesses that maintain any kind of confidential data, such as financial, customer or employee information, are governed by a wide range of regulations regarding data privacy and integrity.