Spyware needs global cure

Litigation, legislation, self-regulation and education make a good anti-spyware recipe.

This was the underlying message that resonated at a one-day workshop sponsored by the Anti-Spyware Coalition (ASC) held in Ottawa last month. The event attracted close to 200 attendees from various sectors including policy makers, anti-spyware vendors as well as players in the adware space.

Protecting the corporate network from spyware

? Educate employees and other network users ? Block spyware at the gateway ? Protect corporate PCs through anti-spyware applications

Dubbed Developing International Solutions for Global Spyware Problems, the workshop emphasized the global nature of the spyware issue and called for the establishment of internationally-accepted “norms of minimum accepted behaviours” when it comes to potentially unwanted technologies, said David Fewer, staff counsel for Ottawa-based Canadian Internet Policy and Public Interest Clinic, a member of the ASC.

Participants also discussed the “shortcomings of the law” and the need for drafting legislation aimed at curbing spyware and other potentially unwanted programs. “For example, Canada has a comprehensive privacy law, but the shortcomings of that law with respect to enforcement, with respect to the deterrent effect or the behavioural-shaping effect of the law are questionable,” Fewer said.

While the requirements for legislation and international standards were discussed, the forum also focused on the need for self-regulation as a way of curbing the spyware problem. Fewer said self-regulation applies to all links in the spyware chain where users, for instance, would take responsibility for the protection of their desktop through anti-spyware and anti-virus tools.

Through self-regulation Internet advertisers also take responsibility for ensuring that their ads are placed and used legitimately, with consent from the intended viewer of the advertising, said Fewer.

“One way to do that is by… making sure that their agreements with ad placement agencies include quality of service obligations — that they won’t place ads in non-consensual popup vehicle, for example,” he explained.

Similarly, ad distribution firms could exercise self-regulation by ensuring that they do not use an ad distribution vehicle that’s being used for spyware distribution. The Ottawa workshop was the second anti-spyware forum conducted by the coalition this year. The first was held in Washington in February.

The ASC recently released a document that details measures enterprises can take to protect against spyware to “reduce IT costs, abuse of system resources and productivity loss associated with malicious and commercial spyware.”

Educating employees about computer usage is one way of preventing spyware attacks in the enterprise, said the ASC. Employees should be required to agree to an Acceptable Use Policy that allows administrators to block and remove unauthorized programs, it added.

Gateway proxies or firewalls can also be configured to prevent spyware from reaching networked PCs through a combination of: defining policy to prevent “drive-by” downloads such as non-approved CAB and OCX files; defining policy to prevent executable downloads from known spyware sites and suspected or high-risk sites; scanning files at the gateway for known spyware code; defining policy to block PC communication to known spyware “phone home” sites and report which PCs are likely infected with spyware; analyzing logs of PC communications for unusually high traffic and high frequency destinations; and maintaining a strong anti-spam protection to limit spyware hidden in spam.

QuickLink 065012

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now