Combating The Hidden Dangers Of Adware
by Dr. Horst Joepen - SVP Strategic Alliances CyberGuard & CEO Webwasher AG - Monday, 2 February 2005.
The Web, not email, poses the biggest security threat to systems

To most companies, the perception is that the biggest threat to their users’ security continues to come from email and Spam.

In today’s world, corporate communications systems are totally reliant on giving their employees Web access and email to conduct their business. Take away access to email and the Web for most employees, and they’d claim their productivity would fall. So the focus today of most IT security vendors and corporate security budgets is still on protecting email traffic.

But is e-mail really the biggest threat?

If you were a burglar looking to attack a domestic property, you’d surely choose the weakest, least protected point to gain access to property. The same applies to anyone who would attack your company’s infrastructure searching for the weakest link. It’s not the already well-protected email system they’ll attack; it’s the comparatively less well-protected, and so vulnerable, Web traffic.

The Web is undoubtedly a prime channel for attack, because the defence mechanisms are less clear-cut. It is a couple of years since the Code Red worm exploited a known vulnerability in Microsoft IIS server to attack end user desktops. And in those two years, little has changed. Although there is standards work on security in train, there is no accepted security standard for Web sites to provide any guarantee of data safety for a website you are surfing to, and so nothing to prevent the risks to your business from Web traffic.

At the heart of the problem is Adware, which is bandwidth consuming, presents privacy and security concerns, can cause stability and performance problems where it is installed and is distracting to employees. In fact, most employees who are allowed to surf the Web at work probably have some form of Adware on their workstation. The bandwidth consumption alone is enormous as Adware can account for up to 50% or more of a company’s network traffic.

Adware is a form of Spyware. Often installed without the user’s consent, as a drive-by download, or as the result of clicking some option in a deceptive pop-up window, Adware may be bundled with other software or downloaded in peer-to-peer (P2P) networks such as music-swapping sites. Once installed, the software follows a user's Internet surfing habits, and delivers advertisements based on these habits. Such Spyware also engages in more deceitful practices such as monitoring keystrokes to gather confidential information, such as a user's e-mail address, location, or even credit card information.

And the problem is only getting worse. One antivirus alert group recently predicted that exploits and Adware account for over 60 per cent of security problems for home users. The group suggested Adware and unwanted content transmitted via email and the Web will continue to increase in 2005, with programs becoming increasingly complex, combined with content such as Spam and Phishing as the year progresses.

On average, at least 13 Adware components can be found on every user’s machine. Its prevalence is becoming more of a threat than email-borne worries because most consumers use Internet Service Providers that proactively scan and clean email viruses before being delivered to the consumer. But they cannot do the same for Web traffic.

How do you prevent this insidious Adware taking hold of your machine?

Content filtering is the best way forward. But the market penetration of Content Security products is about 30%. So, 70% of users don't have protection in place, despite needing it now. Ironically, the market penetration of firewalls is far over 90% - but firewalls don't help prevent Web Ad attacks. Firewalls check authentication but not transmitted content. Antivirus scanners have no signature file in the AV database for most Adware and do not analyse content or provide any customisable filters to stop it.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th