WEBROOT SOFTWARE A GUIDE TO SECURITY …® SOFTWARE A GUIDE TO SECURITY FOR SMALL & MEDIUM BUSINESS...

W E B R O O T® S O F T W A R E

A GUIDE TO SECURITY FOR SMALL &M E D I U M BUSINESS

Companion Guide toState of Internet Security: Protecting the SMB

Full report available at www.webroot.com

Table of Contents

Are You an SMB? ............................................................................................ 1

Why the Focus on Internet Security? ............................................................... 2 • PervasiveInternetUse ........................................................................................... 2 • Home-BasedandRemoteWorkers ......................................................................... 2 • ValuableInformation ............................................................................................. 3 • HighInfectionRates .............................................................................................. 3 • RegulatoryRequirements ...................................................................................... 4 • UnderestimationofCertainThreats ...................................................................... 4 • BudgetandResourceConstraints .......................................................................... 5

WhataretheRisks? ......................................................................................... 7

HowtoProtectYourCompany ........................................................................ 9

TipsforProtection ......................................................................................... 10

FindingtheBestSolution ............................................................................... 11

Glossary ........................................................................................................ 13

Appendix:SymptomsofaSpywareInfection ................................................. 18

AboutWebrootSoftware ............................................................................... 19

1

SMB Security Guidebook

Are You an SMB?Smallandmedium-sizedbusinesses(SMBs)aregenerallycompanieswithfewerthan1,000employees,whilesomegroupsincludecompanieswithupto5,000employeesintheirdefinition.TheU.S.andCanadiangovernmentsdefinesmallbusinessesasthosewithlessthan500employees.Manyprivatesectorcompanies,includingsomeprominentindustryanalystfirms,suchasForrester,GartnerandIDC,definesmallbusinessesasthosewithfewerthan100employees.Thesesamefirmsdefinemid-size ormediumbusinessesasthosewith100to999employees.

Whiletheprecisedefinitionsvarysomewhat,thereisglobalconsensusthatSMBsareasignificantpartoftheeconomiclandscape.Thesecompaniesaresignificantcontributorstotheworld’seconomiesintermsofbothrevenuegeneration andemployment.

AccordingtotheU.S.SmallBusinessAdministration(SBA),99.7%ofthecompanies intheU.S.have500orlessemployees,andthesecompanies:

• Producehalfoftheprivate,non-farmgrossnationalproduct(GNP) • Providehalfofallprivate-sectorjobsand45%oftheU.S.privatepayroll

AccordingtotheCanadiangovernment,businesseswithlessthan100employees:

• Comprise95%ofCanada’s2.2millionbusinessentities • Representroughlyathirdofthegrossdomesticproduct(GDP) • Employabout40%ofallworkingCanadians

2


Why the Focus on Internet Security?Smallandmedium-sizedbusinesses(SMBs)faceacomplexInternetsecuritylandscapethatincludes:

• PervasiveInternetuse • Home-basedandremoteworkers • Valuableinformation • Regulatoryrequirements • Highinfectionrates • Underestimationofcertainthreats • Budgetandresourceconstraints

Pervasive Internet UseVirtuallyeverysmallandmedium-sizedbusinessusestheInternet.Wide-spreadnetworkaccess,decliningcostsofbandwidthandtheexpanseofInternetresourceshavemadeiteasierforentrepreneursandbusinessownerstolaunchandgrow theircompanies.

Networkconnectivityenablessmallandmediumsizedbusinesstomoreeasily:

• Communicatewithcustomersandsuppliers • Markettheirservicestoaglobalaudience • Researchproductstrategies • AccessWeb-baseddistributionchannels,suchasAmazon®andeBay®

WhiletheInternethasservedasakeydriverinthegrowthandvibrancyoftheSMBsector,thosenetworkconnectionsalsoexposeSMBstonewsecuritythreats.

Home-Based and Remote WorkersManySMBsstartoutorremainhome-basedbusinesses.Oftenthesebusinesseslackinformationtechnologyexpertiseandspecializedpersonneltomonitorand maintainsecurity.

Internetconnectivityalsoallowsemployeestoworkremotelyfromtheirhomesmoreeasily.SMBscanonboardhome-basedemployeesmorerapidlyandminimizetheoverheadcostsoflargeofficespaces.

Whileworkingremotelyhasbecomethenorminmanycompanies,itisgenerallymoredifficulttomaintainsecurityonremotePCs.It’scommonforemployeestouseunauthorizedmobiledevicestoaccesssensitivecorporatedata,ortorelyonopen,unsecuredwirelessnetworkstoconnecttowork.Thiscreatesevenmoreroutesformalicioussoftwaretoinfectcomputersandcompanynetworks.

3


Valuable Information Personalinformationaboutcustomersandemployeeshasamonetaryvalueintheecosystemofnetcriminals.Patentnotes,tradesecretsandotherbusinessintellectualpropertyalsohavemonetaryvalues,andthushaveamarketofwould-becriminals.

Inadditiontostealinginformationthatcanbeeasilysoldorusedinidentitytheftandsimilarcrimes,manyspywareinfectionsalsoaimtogaincontrolofaPCsothatitcanbeexploited,withouttheuser’sknowledge,todistributeadwareandspam.

Whetherdistributedviaawebsite,email,instantmessagingorsomeothermeans,thesespywareprogramsthenseektousetheInternetconnectionasameanstocommunicatebacktothesourceand/ortodownloadadditionalspywareonto thecomputer.

High Infection RatesInarecentsurveyofSMBsbasedintheU.S.andCanadaconductedbyWebrootSoftware,approximately6outof10respondentsreportedavirusinfectioninthepastyear,inspiteof97%respondingthattheyhaveanantivirussolutioninstalled.

Approximately7outof10oftheSMBssurveyedindicatedtheirbusinesshadaspywareinfectioninthepastyear.Theseresultsonlyreflectself-reportedinfectionsofspyware,anddonotincludethoseinfectionsthatmayhavegoneundetected.

TheAnti-SpywareCoalitiondefinesspywareastechnologiesdeployedwithoutappropriateuserconsentand/orimplementedinwaysthatimpairusercontrolover:

• Materialchangesthataffecttheiruserexperience,privacy,orsystemsecurity; • Useoftheirsystemresources,includingwhatprogramsareinstalledontheir computers;and/or • Collection,use,anddistributionoftheirpersonalorothersensitiveinformation.

Theongoingmisappropriationofsystemresourcesandtheftofsensitiveinformationmakethishighrateofspywareinfectionsparticularlyalarming.

0% 20% 40% 60% 80% 100%

PharmingRootkit

KeyloggerSystem Monitor

Trojan HorsePhishing

VirusAdware

SpywareSpam

0% 20% 40% 60% 80% 100%

PharmingRootkit

KeyloggerSystem Monitor

Trojan HorsePhishing

VirusAdware

SpywareSpam

Figure 1 – Source: Webroot Software, SMB Survey, 2007

4


Regulatory Requirements Governmentsinmanypartsoftheworldhaveinstitutedadditionaldataprotectionmeasurestocompelcompaniestoadequatelyprotectthesensitivecustomerdataintheirpossession.Forexample,theHealthInsurancePortabilityandAccountabilityAct(HIPAA)legislationrequiresthattheprivacyofmedicalinformationbeadequatelyprotectedagainstunauthorizedaccessandmisuse.Inthefinancialsector,theGramm-Leach-BlileyActrequiresthatorganizationswhichmaintaincreditinformationforcustomersbeheldaccountableifthatdataisaccessedorcompromisedbyanunauthorized thirdparty.

AllpubliccompaniesmustcomplywithSarbanes-Oxley(SOX)whichincludesattestingtotheriskassessmentandauditcontrolsrequiredbytheAct.Incidentsofunauthorizednetworkaccess,systemmonitorsandTrojanscanbringtheauthenticityofreportingintoquestion,andwillraiseconcernsofSOXnon-compliance.

CompliancewiththesemeasurescanbechallengingandexpensiveforSMBs.However,thepotentiallegalliabilityandnegativepublicityforcompaniesthatfail tocomplycanbesignificantlymorecostly.

Underestimation of Certain ThreatsInsomecases,SMBsmayalsobeunderestimatingtheconsequencesofcertaininfections.Forexample,85%reportedspamattacks,yetlessthanonethirdidentifiedthoseasveryorextremelyserious.Whilemostwouldagreespambyitselfismoreof anuisancethanaseriousthreat,oftenspamisacarrierformoreseriousthreats,such asspyware,virusesandworms.

0% 10% 20% 30% 40% 50% 60%

Spam

Employee Errors

Insider Sabotageor Data Theft

Hackers

Spyware

Viruses & Worms

0% 10% 20% 30% 40% 50% 60%

Spam

Employee Errors

Insider Sabotageor Data Theft

Hackers

Spyware

Viruses & Worms


5


Spamischeapforcompanies.Thereisalmostzerocostassociatedwithmassjunkmailings.Thismakesitaneasyandcheapdeliverymechanismformaliciousattacks.Userswhoclickadsinspam,orevenlookataspame-mailintheirpreviewpane,maybeatriskofdownloadingspyware–commonlyreferredtoasadrive-bydownload.

Aparticularlyharmfultypeofspamisphishing.Theappearanceoftheseemails,andfakesitestheylinkto,aremadetolookidenticaltovalid,trustworthycompanies,howeverthescamthenasksforpersonalinformation,suchascreditcard,bankaccount,PIN,orSocialSecuritynumbers.

Figure 3 – A 2006 report from ScanSafe indicated that the number of new spyware threats increased by 254% last year while viruses were on the decline.

Similarly,over70%ofrespondentsreportedspywareinfectionswhilelessthanhalfconsiderspywaretobeaveryorextremelyseriousthreat.Thisisparticularlyconcerning.Spywarepurveyorsareconstantlyreleasingnewprogramsdesignedtodefydetection,resistremovalandmorphfrequently.Unlikeviruses,spywareisfinanciallymotivatedwhichprovidesincentiveandfundstodriverapidtechnologicalinnovationandbroaddistribution.

Budget and Resource ConstraintsSMBs,particularlythosewith200to5,000employees,arelargeenoughtoattractattentionasatargetforcybercriminals,yettheymaylackthesametechnicalexpertiseaboutInternetsecurityissuesthatistypicallyfoundinlargerfirms.

InMarch2007,theNationalFederationofIndependentBusinesses(NFIB)andVisa® USAannouncedtheresultsofasurveyofcompanieswithfewerthan250employeeswhichfound: • 61%haveneversoughtinformationabouthowtoproperlyhandleand storecustomerinformation • 57%didnotseesecuringcustomerdataassomethingthatrequires formalplanning • 52%keepatleastonetypeofsensitivecustomerinformation • 39%relyon“commonsense”tokeepdatasafe

SMBshavefarfewerinformationtechnology(IT)stafftosupporttheircomputerandnetworkneeds.IntheWebrootSMBSurvey,63.5%oftherespondentcompanieshavefewerthan10peopleintheirITdepartmentstostaffalltheirITneeds–desktop,softwareandserversupport–aswellastohandleInternetsecuritymatters.

6


Theseorganizationsarelikelytohaveremoteofficesand/orremoteworkerswithoutanyon-siteordedicatedITsupportormanagement.EvenSMBswithlarger,mature ITorganizations,oftenlackadedicatedorcentralizedsecurityteam.

0% 5% 10% 15% 20% 25% 30%

500+

100 to 499

25 to 99

10 to 24

3 to 9

1 to 2

None/No IT Dept.

0% 5% 10% 15% 20% 25% 30%

500+

100 to 499

25 to 99

10 to 24

3 to 9

1 to 2

None/No IT Dept.


7


What are the Risks?Manylargecorporationshavesignificantlystrengthenedtheirnetworksecurityinfrastructure.Likeallcriminals,spywarepurveyorswillconcentrateontheeasiestmarks,makingSMBsprimetargets.

• TherearemanymoreSMBsthanlargecompaniesintheworld. • MostallSMBsholdsensitivepersonalinformationabouttheir employeesandcustomers. • Yet,SMBsoftenlackthefinancialandhumanresourcesavailable atlargercompaniestocombatspyware.

Onlinecriminalsusesophisticatedtoolstofindunprotectedandvulnerablenetworksandcomputers.Inaddition,manyoftoday’sonlinethreatsaremuchmoredifficulttodetectandremoveunlessspecializedantispywaresoftwarehasbeeninstalledandconfiguredproperly.

Incontrasttoviruses,thattypicallymaketheirpresenceknownbyspreadingacrossmanysystemssimultaneouslyandseriouslyimpactingmachinefunctionality,thesuccessofspywareprogramsdependsontheirstealthnature.Giventhesignificantfinancialincentivestostealingsensitivedataorservingnuisanceadvertising,spywareprogramwritersareadeptatcovertlyinfiltratingasystemandinstallingprograms deepwithinacomputerornetwork.

IntheWebrootsurvey,themajorityofSMBssurveyedindicatedspam,spyware,adwareand/orvirusinfectionduringthepastyear.Ofthese,spywareandviruses mostthreatentoresultinthetakingordestructionofsensitiveinformation.Theseinfectionscanhavenumerousnegativebusinesseffectsincluding:

• Lossofsensitiveinformation • Slowedsystemperformance • Employeedowntime • Costlycomputerrepairs • Legalfeesifthereisadatabreachlawsuit • Brand/reputationdamage • Companyclosure

• replicates by attaching to files• spreads quickly• visible damage• inconvenient

• monitors/controls/records keystrokes• steals passwords and personal data• hidden damage• financially motivated

8


SMBsthathaveexperiencedinfectionsoverthepastyear,sharedinformationabouttheimpactsofthoseinfectionsontheirbusiness.

Impact of Infections in the Past Year (n=625)

Type of IssueA lot / A great deal Some / A Little Not at all / Don’t Know

Spyware Viruses Spyware Viruses Spyware Viruses

Slowed System Performance 36.6% 27.6% 48.1% 47.2% 15.4% 25.3%

Drained IT resources orincreased help desk time to repair spyware damage

24.9% 21.5% 52.4% 49.1% 22.7% 29.5%

Reduced employee productivity 24.6% 19.9% 55.3% 50.7% 20.0% 29.4%

Disrupted business activities 23.4% 18.6% 49.7% 48.4% 26.8% 33.2%

Threatened sensitive online transactions 14.5% 13.8% 36.1% 32.6% 49.3% 53.6%

Compromised confidential information 12.9% 14.2% 37.2% 32.0% 49.8% 53.7%

Caused loss of sales 9.8% 10.7% 30.1% 29.3% 60.2% 60.0%

0% 20% 40% 60% 80% 100%

Virus

Adware

Spyware

Spam

0% 20% 40% 60% 80% 100%

Virus

Adware

Spyware

Spam



9


How to Protect Your CompanyForthemanySMBsthatacceptcreditcardpayments,thereisstrongguidanceaboutbestpracticesprovidedbythePaymentCardIndustry(PCI)DataSecurityStandard.ThesesameguidelinesareequallyimportantforallSMBs,eventhosethatdonotprocesscreditcardpayments.

ThePCIstandardstatesthatcompaniesshould:

• Buildandmaintainasecurenetwork • Protectcardholderdata • Maintainavulnerabilitymanagementprogram • Implementstrongaccesscontrolmeasures • Regularlymonitorandtestnetworks • Maintainaninformationsecuritypolicy

ThePCIstandardprovidesdetailsabouthowtobestfulfilleachoftheseobjectives.Specificelementsofthestandard,suchasensuringthatantivirusprogramscanprotectagainstotherformsofmaliciouscodesuchasspywareandadware,areimportantguidanceforallcompanies,eventhosethatdonotacceptcreditcardsasaform ofpayment.

CentraltoeffectivelyprotectingSMBsarethetechnologicaltoolstodefendagainstmalwareandhackers.SMBsneedtechnicaltoolsthatprovide:

• Seamless,scalabledeployments • Centralized,customizableusermanagement,includingcoveragefor laptopsandremoteemployees • Assureaccuratethreatdetectionthatminimizesfalsepositives • Deliverscomprehensiveremovalinreal-time • Advancesintechnologytoprovideproactivedefenses

10


Tips for ProtectionWebrootisafoundingmemberoftheAnti-SpywareCoalitionwhichassembledthesetipsforprotectingnetworksandmitigatingspywareinorganizations.AdditionalinformationabouttheAnti-SpywareCoalitioncanbefoundat www.antispywarecoalition.org

Protect Company PCs from Spyware • Maintainup-to-datedetectionpatternsandsoftwareupdates. • Selectdesktopsecuritysoftwarethatcanbecentrallydeployedandmanaged. • Maintaincurrentoperatingsystemandbrowserpatchestominimize vulnerabilitytosecurityexploits. • Ensurewebbrowsersaresettoatleast“medium”inthesecurityand privacysettings. • DonotallowuserstosurftheInternetwhileloggedonwith“administrator” privilegestothenetwork. • Maintainalistofallowablesoftwareand/orexecutablefilesandrunaweekly scheduledcheckagainstPCsinthenetwork.Checkresultsfornon-standard entriesandtakeappropriateactionstoremoveunapprovedprograms. • Considerre-imagingchronicallyspyware-infectedPCs.

Block Spyware at the Gateway • Configuregatewayproxiesandfirewallstoprevent: o “driveby”downloads(non-approvedCABandOCXfiles). o executabledownloadsfromknownspywaresites(identifiedbycontent filteringlists). o executabledownloadsfromsuspected/high-risksites(sitesincategories withhighincidentsofspyware) o PCcommunicationtoknownspyware“phonehome”sitesandreport whichPCsarelikelyinfectedwithspyware. • Scanfilesatthegatewayforknownspywarecode. • Maintainstronganti-spamprotection.

Educate Employees and Other Network Users • RequirenetworkuserstoagreetoanAcceptableUsePolicyindicating unauthorizedprogramscanbeblocked. • Teachemployeesandothercomputeruserstounderstandthatmany“free” programsandservicesontheInternetinstallspywarethatdrasticallyslows PCs,installsannoyingpopups,andstealsprivateandcorporateinformation. • EnsureITsupportstaffistrainedtorecognizethelessovertspywaresymptoms, includingverylongbootup,slowanderraticapplicationperformanceand frequentcomputercrashessothatproperremediationcanbetaken.

11


Finding the Best SolutionFreeware is Not Really FreeFreewareisasoftwareprogramthatcanbedownloadedfreeofcharge.WhilethisapproachmaybetemptingtoSMBswithtightbudgets,theadage,“yougetwhatyoupayfor”comestomind.Typicallyorganizationsofferingfreewarerelyonvoluntarycontributionstocreateandupdatetheirsoftware.Theseprogramslackrobustfunctionality,centralizedmanagementcapabilitiesanddailyupdates–allcriticaltoensuringaneffectivelevelofprotection.

Theremayalsobelegalimplicationsforcompaniesrelyingonfreeware.Manyofthesesolutionsareintendedforindividualconsumerdesktops,andarenotintendedfordeploymentonmultiplecompanycomputers.Oftentheuseragreementsrevealthatusingthesoftwareinacorporateenvironmentdoesrequirealicensingfee.

Firewalls are Only Part of the SolutionWhilegatewayprotectionintheformoffirewallscanhelptoblockcertainkindsofmaliciouscode,theyleaveaverysignificantvulnerability.Spywareistypicallyembeddedinlegitimatetraffic,suchasemailoronwebsiteswithothervalidpurposes.Further,onceinstalledonasystemmostspywareprogramsdisguisethemselvesastrustedprograms,allowingthemtocommunicatefreelywiththeInternetoverportsthatareoftenleftunprotectedbyfirewalls.

SpywareandothermaliciousprogramscaninfectacomputerfromarangeofentrypointsincludingInternet-basedapplications,peer-to-peersharingchannelsandremovablemedia.Regardlessofhowitarrives,spywaremustexecuteonthedesktop orlaptoptoinfectthecomputer.Thus,todetect,blockandremovespywareand preventdamagetothenetworkandothercomputersinthecompany,thereshould beantispywaresoftwareoneverydesktopthatispartofanoverall,centrally- managedsolution.

One Size Does Not Fit AllSecuritysoftwareprogramsthatclaimtodoitallforallkindsofcompaniescannotdeliverthespecializedexpertiseneededtoaddressthemostseriousthreats.Spywareinparticularisuniquelydevelopedtoburyitselfinacomputerfilestructure,makingitbothhardtodetectandevenhardertoremovewithoutcausingotherdamagetothecomputer.Extensiveexperienceanddedicatedresearchteamsarecriticaltothedevelopmentofthemosteffectivesolution.

12


Select a Specially Designed Product to Address the ProblemToensurethatSMBsarefullyprotected,theirInternetsecuritysolutionshouldincludeanantispywareprogramthatprovides:

Regulardefinitionupdates–Manyfreeantispywaresoftwaredownloadsdonotprovideadequateprotectionagainstspywareprogramsbecausetheyarenotsupportedbyongoingthreatupdates.ThisleavesPCsopentoattackfromnewlyevolvedorintroducedmaliciousspywareprograms.Regularupdatestoyourthreatdatabaseprotectsyoufromnewlyintroducedorchangedapplications,aswellasthelatest wormsanditsfamilyofvariants.

Refinedspywaredetection–Someantispywaresoftwarescansyieldfalsepositivesgivingtheappearancethattheyaredetectingmoretracesofspywarethantheytrulyare.Trulyusefulandbeneficialantispywaresoftwareonlyfindsandremoves truespyware.

Proactiveprotection–Detectionandremovalofspywareprogramsisonlyhalfoftheantispywaresoftwaresolution.It’sequallyimportanttostopspywareprogramsbeforetheyreachyourcomputer.Proactiveprotectionpreventsspiesfrominstallinganddefendssystemandbrowserelementswhilesimultaneouslyguardingyour informationandprivacy.

Designatedthreatresearchteam–Often,it’snotfinanciallypossibleforcompaniesthatofferfreeantispywaresoftwaretohouseateamofdedicatedthreatresearchers.Updatesmaybeerratic,poorlyprogrammedornon-existent.Athreatresearchteamknowswhattolookfor,andhowtomosteffectivelyfindandremovespywarefrom auser’sPC.

Customerservice–Mostfreeantispywaresoftwareisnotbackedbyexpertcustomersupport,e-mailsupportoronlinehelpsections.Dependablecompaniesnotonlyprovidesoftwarethatremovesspyware,theyalsooffercustomersupportresources tohelpuserswithanyspyware-relatedissuestheyencounter.

Easy-to-useinterface–Ittakesseveralversionstodeterminethebestandmostuser-friendlyinterface.Likeresearchteams,interfaceimprovementisnotalwaysanarea offocusforprovidersoffreeantispywaresoftware.

Stablecompanytobackupthesoftware–It’simportanttoidentifycredibleanti-spywaresoftwarethatisbackedbyanestablishedcompanysoyouhaverecourse ifyouencounteraproblemwithyourpurchaseorsoftwarefunctionality.

13


GlossaryAdwareAdwareisadvertising-supportedsoftwarethatdisplayspop-upadvertisements.AdwareisusuallyavailableviafreedownloadsfromtheInternet.Adwareisoftenbundledwithorembeddedwithinfreeware,utilitarianprogramslikefilesharingapplications,searchutilities,information-providingprograms(suchasclocks,messengers,alerts,weather,andsoon),andsoftwaresuchasscreensavers,cartooncursors,backgrounds,sounds,etc.Althoughseeminglyharmless,someadwareprogramsmaytrackyourWebsurfinghabits.Deletingadwaremayresultinthedeletionofthebundledfreewareapplication.

Antispyware softwareAntispywaresoftwareprotectsaPCfromspywareinfection.Spywareprotectionsoftwarewillfindandremovespywarewithoutsysteminterruption.

BotnetAbotnetisacollectionofcomputersrunningremotecontrolsoftwareprogramsandunderacommoncommandandcontrolinfrastructureviaapublicorprivatenetwork.Botnetscanbeusedforsendingspamremotely,installingmorespywarewithoutconsent,andotherillicitpurposes.

Browser HijackersSometimescalledHomePageHijackers,browserhijackershavetheabilitytochangeyourdefaulthomepageaswellasotherWebbrowsersettings.Commonbehavioralsoincludesaddingadvertising,pornographic,orotherunwantedbookmarks,creatingpop-upadvertisements,andredirectingmistypedorincompleteURLs.Additionally,browserhijackersmayredirectyoursearchesto“pay-per-search”Websites.

Cookie (or Adware Cookie)CookiesarepiecesofinformationthataregeneratedbyaWebserverandstoredonyourcomputerforfutureaccess.CookieswereoriginallyimplementedtoallowyoutocustomizeyourWebexperience.However,someWebsitesnowissueadwarecookies,whichallowmultipleWebsitestostoreandaccesscookiesthatmaycontainpersonalinformation(surfinghabits,usernamesandpasswords,areasofinterest,etc.),andthensimultaneouslysharetheinformationwithotherWebsites.Adwarecookiesareinstalledandaccessedwithoutyourknowledgeorconsent,andinsomecasesthissharingofinformationallowsmarketingfirmstocreateauserprofilebasedonyourpersonalinformationandsellittootherfirms.

DialerDialershavetheabilitytodisconnectyourcomputerfromyourlocalInternetproviderandreconnectyoutotheInternetusinganexpensivepornographic,toll,orinternationalphonenumber.Theydonotspyonyou,buttheyhavetheabilitytoruninthebackground,hidingtheirpresence.Dialersmayrackupsignificantlongdistancephonecharges.

14


Distributed Denial-of-Service (DDoS) AttackAmeansofburdeningoreffectivelyshuttingdownasystembybombardingitwithanoverwhelmingamountoftraffic.DDoSattacksareoftenlaunchedusingbotnets.AvulnerabilityinonecomputersystemcanbeexploitedtomakeittheDDoSmaster.

Drive-by downloadWhenprogramsaredownloadedwithouttheuser’sknowledgeorconsent.Mostoftenaccomplishedwhentheuserclickstocloseoreliminatearandomadvertisementorotherdialoguebox.

EncryptionEncryptionisthescramblingofdatasoitbecomesdifficulttounscramble andinterpret.

Exploit/Security ExploitApieceofsoftwarethattakesadvantageofaholeorvulnerabilityinauser’ssystemtogainunauthorizedaccesstothesystem.

FirewallAfirewallpreventscomputersonanetworkfromcommunicatingdirectlywithexternalcomputersystems.Afirewalltypicallyconsistsofacomputerthatactsasabarrierthroughwhichallinformationpassingbetweenthenetworksandtheexternalsystemsmusttravel.Thefirewallsoftwareanalyzesinformationpassingbetweenthetwoandrejectsitifitdoesnotconformtopre-configuredrules.Firewallsprovideeffectiveprotectionagainstworminfection,butnotagainstspywarelikeTrojans,whichhideinlegitimateapplications,theninstallsecretlyonauser’sPCwhentheapplicationislaunched.

Hijackers (Home Page Hijacker or Browser Hijacker) HijackershavetheabilitytochangeyourdefaulthomepageaswellasotherWebbrowsersettings.Commonbehavioralsoincludesaddingadvertising,pornographic,orotherunwantedbookmarks,creatingpop-upadvertisements,andredirectingmistypedorincompleteURLs.Additionally,homepagehijackersmayredirectyoursearchesto“pay-per-search”Websites.

Information PrivacyTheinterestanindividualhasincontrolling,oratleastsignificantlyinfluencing,thehandlingofdataaboutthemselves.

Host FileThehostfilestorestheInternetProtocoladdressofadeviceconnectedtoacomputernetwork.Somespywarecanchangeahostfileinordertoredirectusersfromasitethattheywanttovisittositesthatthespywarecompanywantsthemtovisit.

15


KeyloggerAkeyloggerisatypeofsystemmonitorthathastheabilitytorecordallkeystrokesonyourcomputer.Therefore,akeyloggercanrecordandlogyoure-mailconversations,chatroomconversations,instantmessages,andanyothertypedmaterial.Theyhavetheabilitytoruninthebackground,hidingtheirpresence.Insomecases,athirdpartymaybeabletoobtainprivateinformationsuchasusernames,passwords,creditcardnumbersorSocialSecuritynumbers.

Operating SystemTheoperatingsystemisusuallytheunderlyingsoftwarethatenablesyoutointeractwiththecomputer.Theoperatingsystemcontrolsthecomputerstorage,communicationsandtaskmanagementfunctions.Examplesofcommonoperatingstemsinclude:MS-DOS,Macintosh,Linux,Windows.Also:OS,DOS.

Personally Identifiable Information (PII)Informationsuchasname,address,phonenumber,creditcardinformation,bankaccountinformation,orsocialsecuritynumber.

PrivacyAprivacypolicyoutlinestheresponsibilitiesoftheorganizationthatiscollectingpersonalinformationandtherightsoftheindividualwhoprovidedthepersonalinformation.Typically,thismeansthatanorganizationwillexplainwhyinformationisbeingcollected,howitwillbeused,andwhatstepswillbetakentolimitimproperdisclosure.Italsomeansthatindividualswillbeabletoobtaintheirowndataandmakecorrectionsifnecessary.

Privacy PolicyAfirewallpreventscomputersonanetworkfromcommunicatingdirectlywithexternalcomputersystems.Afirewalltypicallyconsistsofacomputerthatactsasabarrierthroughwhichallinformationpassingbetweenthenetworksandtheexternalsystemsmusttravel.Thefirewallsoftwareanalyzesinformationpassingbetweenthetwoandrejectsitifitdoesnotconformtopre-configuredrules.Firewallsprovideeffectiveprotectionagainstworminfection,butnotagainstspywarelikeTrojans,whichhideinlegitimateapplications,theninstallsecretlyonauser’sPCwhentheapplicationislaunched.

Registry Acomputerregistryisadatabaseintegratedintocertainoperatingsystemswhichstoresinformation,includinguserpreferences,settingsandlicenseinformation,abouthardwareandsoftwareinstalledonauser’scomputer.Spywareoftenchangesregistryvaluesinordertotakecontrolofpartsofthesystem.Thesechangescanimpairtheregularfunctionofthecomputer.

16


“Remove Me”Removemeisanoptionoftenincludedinspamwhichisfake.Thatis,ifyourespondtorequestremoval,youverywellmaybesubjectingyourselftomorespam,becausebyresponding,thesenderknowsthatyouremailaccountisactive.A2002studyperformedbytheFTCdemonstratedthatin63%ofthecaseswhereaspamoffereda“removeme”option,respondingeitherdidnothingorresultedinmoreemail.

RootkitArootkitisaprogramthatfraudulentlygainsormaintainsadministratorlevelaccessthatmayalsoexecuteinamannerthatpreventsdetection.Onceaprogramhasgainedaccess,itcanbeusedtomonitortrafficandkeystrokes;createabackdoorintothesystemforthehacker’suse;alterlogfiles;attackothermachinesonthenetwork;andalterexistingsystemtoolstocircumventdetection.RootkitcommandsreplaceoriginalsystemcommandtorunmaliciouscommandschosenbytheattackerandtohidethepresenceoftheRootkitonthesystembymodifyingtheresultsreturnedbysuppressingallevidenceofthepresenceoftheRootkit.

SharewareSoftwaredistributedforevaluationwithoutcost,butthatrequirespaymenttotheauthorforfullrightsiscommonlycalledshareware.If,aftertryingthesoftware,youdonotintendtouseit,yousimplydeleteit.Usingunregisteredsharewarebeyondtheevaluationperiodispirating.

SpamSpamisthecommonnameforunsolicitedcommercialemail.Itissent,usuallyinbulk,through“open-relays”tomillionsofpersons.Spamiscost-shiftedadvertising.IttakesatollonInternetusers’time,theirresources,andtheresourcesofInternetServiceProviders(ISP).Mostrecently,spammershavebeguntosendadvertisementsviatextmessagetocellphones.

SpywareSpywareisanyapplicationthatmakespotentiallyunwantedchangestoyourcomputerwhilecollectinginformationaboutyourcomputeractivities.Thisinformationmaythenbesenttoathirdpartyformaliciouspurposes,withoutyourknowledgeorconsent.Spywarecanbedistributedbybundlingwithfreewareorshareware,throughe-mailorinstantmessenger,asanActiveX®installation,orbysomeonewithaccesstoyourcomputer.Unliketraditionalpersonalizationorsessioncookies,spywareisdifficulttodetect,anddifficult(ifnotimpossible)fortheaverageusertoremovewithouttheuseofaneffectiveanti-spywareprogram.

17


System MonitorSystemmonitorshavetheabilitytomonitorallcomputeractivity.Theyrangeincapabilitiesandmayrecordsomeorallofthefollowing:keystrokes,e-mails,chatroomconversations,instantmessages,Websitesvisited,programsrun,timespent,andevenusernamesandpasswords.Theinformationisgatheredviaremoteaccessorsentbye-mail,andmaythenbestoredforlaterretrieval.Insomecases,athirdpartymaybeabletogainaccesstoprivateinformationsuchasusernames,passwords,creditcardnumbersorSocialSecuritynumbers.

Trojan Horse (also known as Trojan or Backdoor Trojan)ATrojanhorseisaprogramthatallowsahackertomakechangestoacomputerwithouttheuser’sknowledge.Unlikeavirus,aTrojandoesnotreplicateitself.Itisgenerallydisguisedasaharmlesssoftwareprogramanddistributedasane-mailattachment.Onceyouopentheattachment,theTrojanmayinstallitselfonyourcomputerwithoutyourknowledgeorconsent.Ithastheabilitytomanagecomputerfiles,includingcreating,deleting,renaming,viewing,ortransferringfilestoorfromthecomputer.Itmayutilizeaprogrammanagerthatallowsahackertoinstall,execute,open,orclosesoftwareprograms.ThehackermayhavetheabilitytoopenandcloseyourCD-ROMdrive,gaincontrolofyourcursorandkeyboard,andmayevensendspambysendingmasse-mailsfromyourinfectedcomputer.Trojanshavetheabilitytoruninthebackground,hidingtheirpresence.

VirusAprogramorcodethatreplicates,thatisinfectsanotherprogram,bootsector,partitionsectorordocumentthatsupportsmacrosbyinsertingitselforattachingitselftothatmedium.Mostvirusesjustreplicate,manyalsododamage.

WormAprogramthatreplicatesitselfoveracomputernetworkandusuallyperformsmaliciousactions,suchasusingupthecomputer’sresourcesandpossiblyshuttingthesystemdown.Thenameisanacronymfor“writeonce,readmany.”

ZombieAzombiemachineisonethathasbeentakenoverusingremotecontrolsoftware.Zombiesareoftenusedtosendspamortoattackremoteserverswithanoverwhelmingamountoftraffic(aDistributedDenialofServiceAttack).Acollectionofmanyzombiescompriseabotnet.

18


Appendix: Symptoms of a Spyware InfectionSomecommonvisiblesymptomsofaspywareinfectioninclude:

• Abarrageofunsolicitedpop-upads • Browserhijackingsothatthewebsitethatappearsisnottheonetypesin theaddressbar • Suddenorrepeatedchangestothecomputer’sInternethomepagenotmade bytheuser • New,unexpectedorunrequestedtoolbars • New,unexpectedorunknowniconsappearingonthedesktoporinthetray atthebottomofthescreen • Problemswithkeysmalfunctioningornotworkingatall • Randomerrormessages • Performancedegradationwithlongdelaysinopeningprogramsorsavingfiles • Anti-spywareoranti-virussoftwareisturnedoff,ormalfunctioning • Unidentifiedtollchargesonyourphonebill

Itisimportanttonotethatoftenthemostdangerousformsofspywarewillnotdisplayanyvisiblesigns,astheyaredesignedtobestealthandremainonthecomputerunnoticedbytheuser.

19


About Webroot SoftwareWebrootSoftware,Inc.providesindustryleadingsecuritysoftwareforconsumers,enterprisesandsmallandmedium-sizedbusinessesworldwide.Webrootsecuritysoftwareconsistentlyreceivestopratingsbyrespectedthird–partymediaandhas beenadoptedbymillionsglobally.

WebrootAntispywareCorporateEdition(formerlySpySweeper®Enterprise)isacomprehensive,centrallymanagedenterprisesolutionthataggressivelyblocks,detectsanderadicatesspywareondesktopsacrossthenetwork.WebrootAntispywareCorporateEditionwithAntivirusofferscombinedprotectionforspywareandviruses.Webrootproductscanbefoundatwww.webroot.comandontheshelvesofleadingretailersworldwide.

Tofindoutmorevisitwww.webroot.comorcall800.870.8102.

© 2007 All rights reserved. Webroot Software, Inc. Webroot, Spy Sweeper and the Webroot icon are registered trademarks

of Webroot Software, Inc. in the United States and other countries. All other trademarks are properties of their

respective owners.

NO WARRANTY. Information based on research conducted by Webroot Software, Inc. The information is provided AS-IS

and Webroot makes no warranty as to its accuracy or use. Any use of the technical documentation or the information

contained herein is at your own risk. Documentation may include technical or other inaccuracies or typographical errors.

Webroot reserves the right to make changes without prior notice.

2560 55th Street • Boulder, CO 80301 • USA Telephone: 800.870.8102 • Fax: 303.476.2222

www.webroot.com

WEBROOT SOFTWARE A GUIDE TO SECURITY …® SOFTWARE A GUIDE TO SECURITY FOR SMALL & MEDIUM BUSINESS...

Documents

Transcript of WEBROOT SOFTWARE A GUIDE TO SECURITY …® SOFTWARE A GUIDE TO SECURITY FOR SMALL & MEDIUM BUSINESS...