WEBROOT SOFTWARE A GUIDE TO SECURITY …® SOFTWARE A GUIDE TO SECURITY FOR SMALL & MEDIUM BUSINESS...
Transcript of WEBROOT SOFTWARE A GUIDE TO SECURITY …® SOFTWARE A GUIDE TO SECURITY FOR SMALL & MEDIUM BUSINESS...
W E B R O O T® S O F T W A R E
A GUIDE TO SECURITY FOR SMALL &M E D I U M BUSINESS
Companion Guide toState of Internet Security: Protecting the SMB
Full report available at www.webroot.com
Table of Contents
Are You an SMB? ............................................................................................ 1
Why the Focus on Internet Security? ............................................................... 2 • PervasiveInternetUse ........................................................................................... 2 • Home-BasedandRemoteWorkers ......................................................................... 2 • ValuableInformation ............................................................................................. 3 • HighInfectionRates .............................................................................................. 3 • RegulatoryRequirements ...................................................................................... 4 • UnderestimationofCertainThreats ...................................................................... 4 • BudgetandResourceConstraints .......................................................................... 5
WhataretheRisks? ......................................................................................... 7
HowtoProtectYourCompany ........................................................................ 9
TipsforProtection ......................................................................................... 10
FindingtheBestSolution ............................................................................... 11
Glossary ........................................................................................................ 13
Appendix:SymptomsofaSpywareInfection ................................................. 18
AboutWebrootSoftware ............................................................................... 19
1
SMB Security Guidebook
Are You an SMB?Smallandmedium-sizedbusinesses(SMBs)aregenerallycompanieswithfewerthan1,000employees,whilesomegroupsincludecompanieswithupto5,000employeesintheirdefinition.TheU.S.andCanadiangovernmentsdefinesmallbusinessesasthosewithlessthan500employees.Manyprivatesectorcompanies,includingsomeprominentindustryanalystfirms,suchasForrester,GartnerandIDC,definesmallbusinessesasthosewithfewerthan100employees.Thesesamefirmsdefinemid-size ormediumbusinessesasthosewith100to999employees.
Whiletheprecisedefinitionsvarysomewhat,thereisglobalconsensusthatSMBsareasignificantpartoftheeconomiclandscape.Thesecompaniesaresignificantcontributorstotheworld’seconomiesintermsofbothrevenuegeneration andemployment.
AccordingtotheU.S.SmallBusinessAdministration(SBA),99.7%ofthecompanies intheU.S.have500orlessemployees,andthesecompanies:
• Producehalfoftheprivate,non-farmgrossnationalproduct(GNP) • Providehalfofallprivate-sectorjobsand45%oftheU.S.privatepayroll
AccordingtotheCanadiangovernment,businesseswithlessthan100employees:
• Comprise95%ofCanada’s2.2millionbusinessentities • Representroughlyathirdofthegrossdomesticproduct(GDP) • Employabout40%ofallworkingCanadians
2
SMB Security Guidebook
Why the Focus on Internet Security?Smallandmedium-sizedbusinesses(SMBs)faceacomplexInternetsecuritylandscapethatincludes:
• PervasiveInternetuse • Home-basedandremoteworkers • Valuableinformation • Regulatoryrequirements • Highinfectionrates • Underestimationofcertainthreats • Budgetandresourceconstraints
Pervasive Internet UseVirtuallyeverysmallandmedium-sizedbusinessusestheInternet.Wide-spreadnetworkaccess,decliningcostsofbandwidthandtheexpanseofInternetresourceshavemadeiteasierforentrepreneursandbusinessownerstolaunchandgrow theircompanies.
Networkconnectivityenablessmallandmediumsizedbusinesstomoreeasily:
• Communicatewithcustomersandsuppliers • Markettheirservicestoaglobalaudience • Researchproductstrategies • AccessWeb-baseddistributionchannels,suchasAmazon®andeBay®
WhiletheInternethasservedasakeydriverinthegrowthandvibrancyoftheSMBsector,thosenetworkconnectionsalsoexposeSMBstonewsecuritythreats.
Home-Based and Remote WorkersManySMBsstartoutorremainhome-basedbusinesses.Oftenthesebusinesseslackinformationtechnologyexpertiseandspecializedpersonneltomonitorand maintainsecurity.
Internetconnectivityalsoallowsemployeestoworkremotelyfromtheirhomesmoreeasily.SMBscanonboardhome-basedemployeesmorerapidlyandminimizetheoverheadcostsoflargeofficespaces.
Whileworkingremotelyhasbecomethenorminmanycompanies,itisgenerallymoredifficulttomaintainsecurityonremotePCs.It’scommonforemployeestouseunauthorizedmobiledevicestoaccesssensitivecorporatedata,ortorelyonopen,unsecuredwirelessnetworkstoconnecttowork.Thiscreatesevenmoreroutesformalicioussoftwaretoinfectcomputersandcompanynetworks.
3
SMB Security Guidebook
Valuable Information Personalinformationaboutcustomersandemployeeshasamonetaryvalueintheecosystemofnetcriminals.Patentnotes,tradesecretsandotherbusinessintellectualpropertyalsohavemonetaryvalues,andthushaveamarketofwould-becriminals.
Inadditiontostealinginformationthatcanbeeasilysoldorusedinidentitytheftandsimilarcrimes,manyspywareinfectionsalsoaimtogaincontrolofaPCsothatitcanbeexploited,withouttheuser’sknowledge,todistributeadwareandspam.
Whetherdistributedviaawebsite,email,instantmessagingorsomeothermeans,thesespywareprogramsthenseektousetheInternetconnectionasameanstocommunicatebacktothesourceand/ortodownloadadditionalspywareonto thecomputer.
High Infection RatesInarecentsurveyofSMBsbasedintheU.S.andCanadaconductedbyWebrootSoftware,approximately6outof10respondentsreportedavirusinfectioninthepastyear,inspiteof97%respondingthattheyhaveanantivirussolutioninstalled.
Approximately7outof10oftheSMBssurveyedindicatedtheirbusinesshadaspywareinfectioninthepastyear.Theseresultsonlyreflectself-reportedinfectionsofspyware,anddonotincludethoseinfectionsthatmayhavegoneundetected.
TheAnti-SpywareCoalitiondefinesspywareastechnologiesdeployedwithoutappropriateuserconsentand/orimplementedinwaysthatimpairusercontrolover:
• Materialchangesthataffecttheiruserexperience,privacy,orsystemsecurity; • Useoftheirsystemresources,includingwhatprogramsareinstalledontheir computers;and/or • Collection,use,anddistributionoftheirpersonalorothersensitiveinformation.
Theongoingmisappropriationofsystemresourcesandtheftofsensitiveinformationmakethishighrateofspywareinfectionsparticularlyalarming.
0% 20% 40% 60% 80% 100%
PharmingRootkit
KeyloggerSystem Monitor
Trojan HorsePhishing
VirusAdware
SpywareSpam
0% 20% 40% 60% 80% 100%
PharmingRootkit
KeyloggerSystem Monitor
Trojan HorsePhishing
VirusAdware
SpywareSpam
Figure 1 – Source: Webroot Software, SMB Survey, 2007
4
SMB Security Guidebook
Regulatory Requirements Governmentsinmanypartsoftheworldhaveinstitutedadditionaldataprotectionmeasurestocompelcompaniestoadequatelyprotectthesensitivecustomerdataintheirpossession.Forexample,theHealthInsurancePortabilityandAccountabilityAct(HIPAA)legislationrequiresthattheprivacyofmedicalinformationbeadequatelyprotectedagainstunauthorizedaccessandmisuse.Inthefinancialsector,theGramm-Leach-BlileyActrequiresthatorganizationswhichmaintaincreditinformationforcustomersbeheldaccountableifthatdataisaccessedorcompromisedbyanunauthorized thirdparty.
AllpubliccompaniesmustcomplywithSarbanes-Oxley(SOX)whichincludesattestingtotheriskassessmentandauditcontrolsrequiredbytheAct.Incidentsofunauthorizednetworkaccess,systemmonitorsandTrojanscanbringtheauthenticityofreportingintoquestion,andwillraiseconcernsofSOXnon-compliance.
CompliancewiththesemeasurescanbechallengingandexpensiveforSMBs.However,thepotentiallegalliabilityandnegativepublicityforcompaniesthatfail tocomplycanbesignificantlymorecostly.
Underestimation of Certain ThreatsInsomecases,SMBsmayalsobeunderestimatingtheconsequencesofcertaininfections.Forexample,85%reportedspamattacks,yetlessthanonethirdidentifiedthoseasveryorextremelyserious.Whilemostwouldagreespambyitselfismoreof anuisancethanaseriousthreat,oftenspamisacarrierformoreseriousthreats,such asspyware,virusesandworms.
0% 10% 20% 30% 40% 50% 60%
Spam
Employee Errors
Insider Sabotageor Data Theft
Hackers
Spyware
Viruses & Worms
0% 10% 20% 30% 40% 50% 60%
Spam
Employee Errors
Insider Sabotageor Data Theft
Hackers
Spyware
Viruses & Worms
Figure 2 – Source: Webroot Software, SMB Survey, 2007
5
SMB Security Guidebook
Spamischeapforcompanies.Thereisalmostzerocostassociatedwithmassjunkmailings.Thismakesitaneasyandcheapdeliverymechanismformaliciousattacks.Userswhoclickadsinspam,orevenlookataspame-mailintheirpreviewpane,maybeatriskofdownloadingspyware–commonlyreferredtoasadrive-bydownload.
Aparticularlyharmfultypeofspamisphishing.Theappearanceoftheseemails,andfakesitestheylinkto,aremadetolookidenticaltovalid,trustworthycompanies,howeverthescamthenasksforpersonalinformation,suchascreditcard,bankaccount,PIN,orSocialSecuritynumbers.
Figure 3 – A 2006 report from ScanSafe indicated that the number of new spyware threats increased by 254% last year while viruses were on the decline.
Similarly,over70%ofrespondentsreportedspywareinfectionswhilelessthanhalfconsiderspywaretobeaveryorextremelyseriousthreat.Thisisparticularlyconcerning.Spywarepurveyorsareconstantlyreleasingnewprogramsdesignedtodefydetection,resistremovalandmorphfrequently.Unlikeviruses,spywareisfinanciallymotivatedwhichprovidesincentiveandfundstodriverapidtechnologicalinnovationandbroaddistribution.
Budget and Resource ConstraintsSMBs,particularlythosewith200to5,000employees,arelargeenoughtoattractattentionasatargetforcybercriminals,yettheymaylackthesametechnicalexpertiseaboutInternetsecurityissuesthatistypicallyfoundinlargerfirms.
InMarch2007,theNationalFederationofIndependentBusinesses(NFIB)andVisa® USAannouncedtheresultsofasurveyofcompanieswithfewerthan250employeeswhichfound: • 61%haveneversoughtinformationabouthowtoproperlyhandleand storecustomerinformation • 57%didnotseesecuringcustomerdataassomethingthatrequires formalplanning • 52%keepatleastonetypeofsensitivecustomerinformation • 39%relyon“commonsense”tokeepdatasafe
SMBshavefarfewerinformationtechnology(IT)stafftosupporttheircomputerandnetworkneeds.IntheWebrootSMBSurvey,63.5%oftherespondentcompanieshavefewerthan10peopleintheirITdepartmentstostaffalltheirITneeds–desktop,softwareandserversupport–aswellastohandleInternetsecuritymatters.
6
SMB Security Guidebook
Theseorganizationsarelikelytohaveremoteofficesand/orremoteworkerswithoutanyon-siteordedicatedITsupportormanagement.EvenSMBswithlarger,mature ITorganizations,oftenlackadedicatedorcentralizedsecurityteam.
0% 5% 10% 15% 20% 25% 30%
500+
100 to 499
25 to 99
10 to 24
3 to 9
1 to 2
None/No IT Dept.
0% 5% 10% 15% 20% 25% 30%
500+
100 to 499
25 to 99
10 to 24
3 to 9
1 to 2
None/No IT Dept.
Figure 4 – Source: Webroot Software, SMB Survey, 2007
7
SMB Security Guidebook
What are the Risks?Manylargecorporationshavesignificantlystrengthenedtheirnetworksecurityinfrastructure.Likeallcriminals,spywarepurveyorswillconcentrateontheeasiestmarks,makingSMBsprimetargets.
• TherearemanymoreSMBsthanlargecompaniesintheworld. • MostallSMBsholdsensitivepersonalinformationabouttheir employeesandcustomers. • Yet,SMBsoftenlackthefinancialandhumanresourcesavailable atlargercompaniestocombatspyware.
Onlinecriminalsusesophisticatedtoolstofindunprotectedandvulnerablenetworksandcomputers.Inaddition,manyoftoday’sonlinethreatsaremuchmoredifficulttodetectandremoveunlessspecializedantispywaresoftwarehasbeeninstalledandconfiguredproperly.
Incontrasttoviruses,thattypicallymaketheirpresenceknownbyspreadingacrossmanysystemssimultaneouslyandseriouslyimpactingmachinefunctionality,thesuccessofspywareprogramsdependsontheirstealthnature.Giventhesignificantfinancialincentivestostealingsensitivedataorservingnuisanceadvertising,spywareprogramwritersareadeptatcovertlyinfiltratingasystemandinstallingprograms deepwithinacomputerornetwork.
IntheWebrootsurvey,themajorityofSMBssurveyedindicatedspam,spyware,adwareand/orvirusinfectionduringthepastyear.Ofthese,spywareandviruses mostthreatentoresultinthetakingordestructionofsensitiveinformation.Theseinfectionscanhavenumerousnegativebusinesseffectsincluding:
• Lossofsensitiveinformation • Slowedsystemperformance • Employeedowntime • Costlycomputerrepairs • Legalfeesifthereisadatabreachlawsuit • Brand/reputationdamage • Companyclosure
• replicates by attaching to files• spreads quickly• visible damage• inconvenient
• monitors/controls/records keystrokes• steals passwords and personal data• hidden damage• financially motivated
8
SMB Security Guidebook
SMBsthathaveexperiencedinfectionsoverthepastyear,sharedinformationabouttheimpactsofthoseinfectionsontheirbusiness.
Impact of Infections in the Past Year (n=625)
Type of IssueA lot / A great deal Some / A Little Not at all / Don’t Know
Spyware Viruses Spyware Viruses Spyware Viruses
Slowed System Performance 36.6% 27.6% 48.1% 47.2% 15.4% 25.3%
Drained IT resources orincreased help desk time to repair spyware damage
24.9% 21.5% 52.4% 49.1% 22.7% 29.5%
Reduced employee productivity 24.6% 19.9% 55.3% 50.7% 20.0% 29.4%
Disrupted business activities 23.4% 18.6% 49.7% 48.4% 26.8% 33.2%
Threatened sensitive online transactions 14.5% 13.8% 36.1% 32.6% 49.3% 53.6%
Compromised confidential information 12.9% 14.2% 37.2% 32.0% 49.8% 53.7%
Caused loss of sales 9.8% 10.7% 30.1% 29.3% 60.2% 60.0%
0% 20% 40% 60% 80% 100%
Virus
Adware
Spyware
Spam
0% 20% 40% 60% 80% 100%
Virus
Adware
Spyware
Spam
Figure 5 – Source: Webroot Software, SMB Survey, 2007
Figure 6 – Source: Webroot Software, SMB Survey, 2007
9
SMB Security Guidebook
How to Protect Your CompanyForthemanySMBsthatacceptcreditcardpayments,thereisstrongguidanceaboutbestpracticesprovidedbythePaymentCardIndustry(PCI)DataSecurityStandard.ThesesameguidelinesareequallyimportantforallSMBs,eventhosethatdonotprocesscreditcardpayments.
ThePCIstandardstatesthatcompaniesshould:
• Buildandmaintainasecurenetwork • Protectcardholderdata • Maintainavulnerabilitymanagementprogram • Implementstrongaccesscontrolmeasures • Regularlymonitorandtestnetworks • Maintainaninformationsecuritypolicy
ThePCIstandardprovidesdetailsabouthowtobestfulfilleachoftheseobjectives.Specificelementsofthestandard,suchasensuringthatantivirusprogramscanprotectagainstotherformsofmaliciouscodesuchasspywareandadware,areimportantguidanceforallcompanies,eventhosethatdonotacceptcreditcardsasaform ofpayment.
CentraltoeffectivelyprotectingSMBsarethetechnologicaltoolstodefendagainstmalwareandhackers.SMBsneedtechnicaltoolsthatprovide:
• Seamless,scalabledeployments • Centralized,customizableusermanagement,includingcoveragefor laptopsandremoteemployees • Assureaccuratethreatdetectionthatminimizesfalsepositives • Deliverscomprehensiveremovalinreal-time • Advancesintechnologytoprovideproactivedefenses
10
SMB Security Guidebook
Tips for ProtectionWebrootisafoundingmemberoftheAnti-SpywareCoalitionwhichassembledthesetipsforprotectingnetworksandmitigatingspywareinorganizations.AdditionalinformationabouttheAnti-SpywareCoalitioncanbefoundat www.antispywarecoalition.org
Protect Company PCs from Spyware • Maintainup-to-datedetectionpatternsandsoftwareupdates. • Selectdesktopsecuritysoftwarethatcanbecentrallydeployedandmanaged. • Maintaincurrentoperatingsystemandbrowserpatchestominimize vulnerabilitytosecurityexploits. • Ensurewebbrowsersaresettoatleast“medium”inthesecurityand privacysettings. • DonotallowuserstosurftheInternetwhileloggedonwith“administrator” privilegestothenetwork. • Maintainalistofallowablesoftwareand/orexecutablefilesandrunaweekly scheduledcheckagainstPCsinthenetwork.Checkresultsfornon-standard entriesandtakeappropriateactionstoremoveunapprovedprograms. • Considerre-imagingchronicallyspyware-infectedPCs.
Block Spyware at the Gateway • Configuregatewayproxiesandfirewallstoprevent: o “driveby”downloads(non-approvedCABandOCXfiles). o executabledownloadsfromknownspywaresites(identifiedbycontent filteringlists). o executabledownloadsfromsuspected/high-risksites(sitesincategories withhighincidentsofspyware) o PCcommunicationtoknownspyware“phonehome”sitesandreport whichPCsarelikelyinfectedwithspyware. • Scanfilesatthegatewayforknownspywarecode. • Maintainstronganti-spamprotection.
Educate Employees and Other Network Users • RequirenetworkuserstoagreetoanAcceptableUsePolicyindicating unauthorizedprogramscanbeblocked. • Teachemployeesandothercomputeruserstounderstandthatmany“free” programsandservicesontheInternetinstallspywarethatdrasticallyslows PCs,installsannoyingpopups,andstealsprivateandcorporateinformation. • EnsureITsupportstaffistrainedtorecognizethelessovertspywaresymptoms, includingverylongbootup,slowanderraticapplicationperformanceand frequentcomputercrashessothatproperremediationcanbetaken.
11
SMB Security Guidebook
Finding the Best SolutionFreeware is Not Really FreeFreewareisasoftwareprogramthatcanbedownloadedfreeofcharge.WhilethisapproachmaybetemptingtoSMBswithtightbudgets,theadage,“yougetwhatyoupayfor”comestomind.Typicallyorganizationsofferingfreewarerelyonvoluntarycontributionstocreateandupdatetheirsoftware.Theseprogramslackrobustfunctionality,centralizedmanagementcapabilitiesanddailyupdates–allcriticaltoensuringaneffectivelevelofprotection.
Theremayalsobelegalimplicationsforcompaniesrelyingonfreeware.Manyofthesesolutionsareintendedforindividualconsumerdesktops,andarenotintendedfordeploymentonmultiplecompanycomputers.Oftentheuseragreementsrevealthatusingthesoftwareinacorporateenvironmentdoesrequirealicensingfee.
Firewalls are Only Part of the SolutionWhilegatewayprotectionintheformoffirewallscanhelptoblockcertainkindsofmaliciouscode,theyleaveaverysignificantvulnerability.Spywareistypicallyembeddedinlegitimatetraffic,suchasemailoronwebsiteswithothervalidpurposes.Further,onceinstalledonasystemmostspywareprogramsdisguisethemselvesastrustedprograms,allowingthemtocommunicatefreelywiththeInternetoverportsthatareoftenleftunprotectedbyfirewalls.
SpywareandothermaliciousprogramscaninfectacomputerfromarangeofentrypointsincludingInternet-basedapplications,peer-to-peersharingchannelsandremovablemedia.Regardlessofhowitarrives,spywaremustexecuteonthedesktop orlaptoptoinfectthecomputer.Thus,todetect,blockandremovespywareand preventdamagetothenetworkandothercomputersinthecompany,thereshould beantispywaresoftwareoneverydesktopthatispartofanoverall,centrally- managedsolution.
One Size Does Not Fit AllSecuritysoftwareprogramsthatclaimtodoitallforallkindsofcompaniescannotdeliverthespecializedexpertiseneededtoaddressthemostseriousthreats.Spywareinparticularisuniquelydevelopedtoburyitselfinacomputerfilestructure,makingitbothhardtodetectandevenhardertoremovewithoutcausingotherdamagetothecomputer.Extensiveexperienceanddedicatedresearchteamsarecriticaltothedevelopmentofthemosteffectivesolution.
12
SMB Security Guidebook
Select a Specially Designed Product to Address the ProblemToensurethatSMBsarefullyprotected,theirInternetsecuritysolutionshouldincludeanantispywareprogramthatprovides:
Regulardefinitionupdates–Manyfreeantispywaresoftwaredownloadsdonotprovideadequateprotectionagainstspywareprogramsbecausetheyarenotsupportedbyongoingthreatupdates.ThisleavesPCsopentoattackfromnewlyevolvedorintroducedmaliciousspywareprograms.Regularupdatestoyourthreatdatabaseprotectsyoufromnewlyintroducedorchangedapplications,aswellasthelatest wormsanditsfamilyofvariants.
Refinedspywaredetection–Someantispywaresoftwarescansyieldfalsepositivesgivingtheappearancethattheyaredetectingmoretracesofspywarethantheytrulyare.Trulyusefulandbeneficialantispywaresoftwareonlyfindsandremoves truespyware.
Proactiveprotection–Detectionandremovalofspywareprogramsisonlyhalfoftheantispywaresoftwaresolution.It’sequallyimportanttostopspywareprogramsbeforetheyreachyourcomputer.Proactiveprotectionpreventsspiesfrominstallinganddefendssystemandbrowserelementswhilesimultaneouslyguardingyour informationandprivacy.
Designatedthreatresearchteam–Often,it’snotfinanciallypossibleforcompaniesthatofferfreeantispywaresoftwaretohouseateamofdedicatedthreatresearchers.Updatesmaybeerratic,poorlyprogrammedornon-existent.Athreatresearchteamknowswhattolookfor,andhowtomosteffectivelyfindandremovespywarefrom auser’sPC.
Customerservice–Mostfreeantispywaresoftwareisnotbackedbyexpertcustomersupport,e-mailsupportoronlinehelpsections.Dependablecompaniesnotonlyprovidesoftwarethatremovesspyware,theyalsooffercustomersupportresources tohelpuserswithanyspyware-relatedissuestheyencounter.
Easy-to-useinterface–Ittakesseveralversionstodeterminethebestandmostuser-friendlyinterface.Likeresearchteams,interfaceimprovementisnotalwaysanarea offocusforprovidersoffreeantispywaresoftware.
Stablecompanytobackupthesoftware–It’simportanttoidentifycredibleanti-spywaresoftwarethatisbackedbyanestablishedcompanysoyouhaverecourse ifyouencounteraproblemwithyourpurchaseorsoftwarefunctionality.
13
SMB Security Guidebook
GlossaryAdwareAdwareisadvertising-supportedsoftwarethatdisplayspop-upadvertisements.AdwareisusuallyavailableviafreedownloadsfromtheInternet.Adwareisoftenbundledwithorembeddedwithinfreeware,utilitarianprogramslikefilesharingapplications,searchutilities,information-providingprograms(suchasclocks,messengers,alerts,weather,andsoon),andsoftwaresuchasscreensavers,cartooncursors,backgrounds,sounds,etc.Althoughseeminglyharmless,someadwareprogramsmaytrackyourWebsurfinghabits.Deletingadwaremayresultinthedeletionofthebundledfreewareapplication.
Antispyware softwareAntispywaresoftwareprotectsaPCfromspywareinfection.Spywareprotectionsoftwarewillfindandremovespywarewithoutsysteminterruption.
BotnetAbotnetisacollectionofcomputersrunningremotecontrolsoftwareprogramsandunderacommoncommandandcontrolinfrastructureviaapublicorprivatenetwork.Botnetscanbeusedforsendingspamremotely,installingmorespywarewithoutconsent,andotherillicitpurposes.
Browser HijackersSometimescalledHomePageHijackers,browserhijackershavetheabilitytochangeyourdefaulthomepageaswellasotherWebbrowsersettings.Commonbehavioralsoincludesaddingadvertising,pornographic,orotherunwantedbookmarks,creatingpop-upadvertisements,andredirectingmistypedorincompleteURLs.Additionally,browserhijackersmayredirectyoursearchesto“pay-per-search”Websites.
Cookie (or Adware Cookie)CookiesarepiecesofinformationthataregeneratedbyaWebserverandstoredonyourcomputerforfutureaccess.CookieswereoriginallyimplementedtoallowyoutocustomizeyourWebexperience.However,someWebsitesnowissueadwarecookies,whichallowmultipleWebsitestostoreandaccesscookiesthatmaycontainpersonalinformation(surfinghabits,usernamesandpasswords,areasofinterest,etc.),andthensimultaneouslysharetheinformationwithotherWebsites.Adwarecookiesareinstalledandaccessedwithoutyourknowledgeorconsent,andinsomecasesthissharingofinformationallowsmarketingfirmstocreateauserprofilebasedonyourpersonalinformationandsellittootherfirms.
DialerDialershavetheabilitytodisconnectyourcomputerfromyourlocalInternetproviderandreconnectyoutotheInternetusinganexpensivepornographic,toll,orinternationalphonenumber.Theydonotspyonyou,buttheyhavetheabilitytoruninthebackground,hidingtheirpresence.Dialersmayrackupsignificantlongdistancephonecharges.
14
SMB Security Guidebook
Distributed Denial-of-Service (DDoS) AttackAmeansofburdeningoreffectivelyshuttingdownasystembybombardingitwithanoverwhelmingamountoftraffic.DDoSattacksareoftenlaunchedusingbotnets.AvulnerabilityinonecomputersystemcanbeexploitedtomakeittheDDoSmaster.
Drive-by downloadWhenprogramsaredownloadedwithouttheuser’sknowledgeorconsent.Mostoftenaccomplishedwhentheuserclickstocloseoreliminatearandomadvertisementorotherdialoguebox.
EncryptionEncryptionisthescramblingofdatasoitbecomesdifficulttounscramble andinterpret.
Exploit/Security ExploitApieceofsoftwarethattakesadvantageofaholeorvulnerabilityinauser’ssystemtogainunauthorizedaccesstothesystem.
FirewallAfirewallpreventscomputersonanetworkfromcommunicatingdirectlywithexternalcomputersystems.Afirewalltypicallyconsistsofacomputerthatactsasabarrierthroughwhichallinformationpassingbetweenthenetworksandtheexternalsystemsmusttravel.Thefirewallsoftwareanalyzesinformationpassingbetweenthetwoandrejectsitifitdoesnotconformtopre-configuredrules.Firewallsprovideeffectiveprotectionagainstworminfection,butnotagainstspywarelikeTrojans,whichhideinlegitimateapplications,theninstallsecretlyonauser’sPCwhentheapplicationislaunched.
Hijackers (Home Page Hijacker or Browser Hijacker) HijackershavetheabilitytochangeyourdefaulthomepageaswellasotherWebbrowsersettings.Commonbehavioralsoincludesaddingadvertising,pornographic,orotherunwantedbookmarks,creatingpop-upadvertisements,andredirectingmistypedorincompleteURLs.Additionally,homepagehijackersmayredirectyoursearchesto“pay-per-search”Websites.
Information PrivacyTheinterestanindividualhasincontrolling,oratleastsignificantlyinfluencing,thehandlingofdataaboutthemselves.
Host FileThehostfilestorestheInternetProtocoladdressofadeviceconnectedtoacomputernetwork.Somespywarecanchangeahostfileinordertoredirectusersfromasitethattheywanttovisittositesthatthespywarecompanywantsthemtovisit.
15
SMB Security Guidebook
KeyloggerAkeyloggerisatypeofsystemmonitorthathastheabilitytorecordallkeystrokesonyourcomputer.Therefore,akeyloggercanrecordandlogyoure-mailconversations,chatroomconversations,instantmessages,andanyothertypedmaterial.Theyhavetheabilitytoruninthebackground,hidingtheirpresence.Insomecases,athirdpartymaybeabletoobtainprivateinformationsuchasusernames,passwords,creditcardnumbersorSocialSecuritynumbers.
Operating SystemTheoperatingsystemisusuallytheunderlyingsoftwarethatenablesyoutointeractwiththecomputer.Theoperatingsystemcontrolsthecomputerstorage,communicationsandtaskmanagementfunctions.Examplesofcommonoperatingstemsinclude:MS-DOS,Macintosh,Linux,Windows.Also:OS,DOS.
Personally Identifiable Information (PII)Informationsuchasname,address,phonenumber,creditcardinformation,bankaccountinformation,orsocialsecuritynumber.
PrivacyAprivacypolicyoutlinestheresponsibilitiesoftheorganizationthatiscollectingpersonalinformationandtherightsoftheindividualwhoprovidedthepersonalinformation.Typically,thismeansthatanorganizationwillexplainwhyinformationisbeingcollected,howitwillbeused,andwhatstepswillbetakentolimitimproperdisclosure.Italsomeansthatindividualswillbeabletoobtaintheirowndataandmakecorrectionsifnecessary.
Privacy PolicyAfirewallpreventscomputersonanetworkfromcommunicatingdirectlywithexternalcomputersystems.Afirewalltypicallyconsistsofacomputerthatactsasabarrierthroughwhichallinformationpassingbetweenthenetworksandtheexternalsystemsmusttravel.Thefirewallsoftwareanalyzesinformationpassingbetweenthetwoandrejectsitifitdoesnotconformtopre-configuredrules.Firewallsprovideeffectiveprotectionagainstworminfection,butnotagainstspywarelikeTrojans,whichhideinlegitimateapplications,theninstallsecretlyonauser’sPCwhentheapplicationislaunched.
Registry Acomputerregistryisadatabaseintegratedintocertainoperatingsystemswhichstoresinformation,includinguserpreferences,settingsandlicenseinformation,abouthardwareandsoftwareinstalledonauser’scomputer.Spywareoftenchangesregistryvaluesinordertotakecontrolofpartsofthesystem.Thesechangescanimpairtheregularfunctionofthecomputer.
16
SMB Security Guidebook
“Remove Me”Removemeisanoptionoftenincludedinspamwhichisfake.Thatis,ifyourespondtorequestremoval,youverywellmaybesubjectingyourselftomorespam,becausebyresponding,thesenderknowsthatyouremailaccountisactive.A2002studyperformedbytheFTCdemonstratedthatin63%ofthecaseswhereaspamoffereda“removeme”option,respondingeitherdidnothingorresultedinmoreemail.
RootkitArootkitisaprogramthatfraudulentlygainsormaintainsadministratorlevelaccessthatmayalsoexecuteinamannerthatpreventsdetection.Onceaprogramhasgainedaccess,itcanbeusedtomonitortrafficandkeystrokes;createabackdoorintothesystemforthehacker’suse;alterlogfiles;attackothermachinesonthenetwork;andalterexistingsystemtoolstocircumventdetection.RootkitcommandsreplaceoriginalsystemcommandtorunmaliciouscommandschosenbytheattackerandtohidethepresenceoftheRootkitonthesystembymodifyingtheresultsreturnedbysuppressingallevidenceofthepresenceoftheRootkit.
SharewareSoftwaredistributedforevaluationwithoutcost,butthatrequirespaymenttotheauthorforfullrightsiscommonlycalledshareware.If,aftertryingthesoftware,youdonotintendtouseit,yousimplydeleteit.Usingunregisteredsharewarebeyondtheevaluationperiodispirating.
SpamSpamisthecommonnameforunsolicitedcommercialemail.Itissent,usuallyinbulk,through“open-relays”tomillionsofpersons.Spamiscost-shiftedadvertising.IttakesatollonInternetusers’time,theirresources,andtheresourcesofInternetServiceProviders(ISP).Mostrecently,spammershavebeguntosendadvertisementsviatextmessagetocellphones.
SpywareSpywareisanyapplicationthatmakespotentiallyunwantedchangestoyourcomputerwhilecollectinginformationaboutyourcomputeractivities.Thisinformationmaythenbesenttoathirdpartyformaliciouspurposes,withoutyourknowledgeorconsent.Spywarecanbedistributedbybundlingwithfreewareorshareware,throughe-mailorinstantmessenger,asanActiveX®installation,orbysomeonewithaccesstoyourcomputer.Unliketraditionalpersonalizationorsessioncookies,spywareisdifficulttodetect,anddifficult(ifnotimpossible)fortheaverageusertoremovewithouttheuseofaneffectiveanti-spywareprogram.
17
SMB Security Guidebook
System MonitorSystemmonitorshavetheabilitytomonitorallcomputeractivity.Theyrangeincapabilitiesandmayrecordsomeorallofthefollowing:keystrokes,e-mails,chatroomconversations,instantmessages,Websitesvisited,programsrun,timespent,andevenusernamesandpasswords.Theinformationisgatheredviaremoteaccessorsentbye-mail,andmaythenbestoredforlaterretrieval.Insomecases,athirdpartymaybeabletogainaccesstoprivateinformationsuchasusernames,passwords,creditcardnumbersorSocialSecuritynumbers.
Trojan Horse (also known as Trojan or Backdoor Trojan)ATrojanhorseisaprogramthatallowsahackertomakechangestoacomputerwithouttheuser’sknowledge.Unlikeavirus,aTrojandoesnotreplicateitself.Itisgenerallydisguisedasaharmlesssoftwareprogramanddistributedasane-mailattachment.Onceyouopentheattachment,theTrojanmayinstallitselfonyourcomputerwithoutyourknowledgeorconsent.Ithastheabilitytomanagecomputerfiles,includingcreating,deleting,renaming,viewing,ortransferringfilestoorfromthecomputer.Itmayutilizeaprogrammanagerthatallowsahackertoinstall,execute,open,orclosesoftwareprograms.ThehackermayhavetheabilitytoopenandcloseyourCD-ROMdrive,gaincontrolofyourcursorandkeyboard,andmayevensendspambysendingmasse-mailsfromyourinfectedcomputer.Trojanshavetheabilitytoruninthebackground,hidingtheirpresence.
VirusAprogramorcodethatreplicates,thatisinfectsanotherprogram,bootsector,partitionsectorordocumentthatsupportsmacrosbyinsertingitselforattachingitselftothatmedium.Mostvirusesjustreplicate,manyalsododamage.
WormAprogramthatreplicatesitselfoveracomputernetworkandusuallyperformsmaliciousactions,suchasusingupthecomputer’sresourcesandpossiblyshuttingthesystemdown.Thenameisanacronymfor“writeonce,readmany.”
ZombieAzombiemachineisonethathasbeentakenoverusingremotecontrolsoftware.Zombiesareoftenusedtosendspamortoattackremoteserverswithanoverwhelmingamountoftraffic(aDistributedDenialofServiceAttack).Acollectionofmanyzombiescompriseabotnet.
18
SMB Security Guidebook
Appendix: Symptoms of a Spyware InfectionSomecommonvisiblesymptomsofaspywareinfectioninclude:
• Abarrageofunsolicitedpop-upads • Browserhijackingsothatthewebsitethatappearsisnottheonetypesin theaddressbar • Suddenorrepeatedchangestothecomputer’sInternethomepagenotmade bytheuser • New,unexpectedorunrequestedtoolbars • New,unexpectedorunknowniconsappearingonthedesktoporinthetray atthebottomofthescreen • Problemswithkeysmalfunctioningornotworkingatall • Randomerrormessages • Performancedegradationwithlongdelaysinopeningprogramsorsavingfiles • Anti-spywareoranti-virussoftwareisturnedoff,ormalfunctioning • Unidentifiedtollchargesonyourphonebill
Itisimportanttonotethatoftenthemostdangerousformsofspywarewillnotdisplayanyvisiblesigns,astheyaredesignedtobestealthandremainonthecomputerunnoticedbytheuser.
19
SMB Security Guidebook
About Webroot SoftwareWebrootSoftware,Inc.providesindustryleadingsecuritysoftwareforconsumers,enterprisesandsmallandmedium-sizedbusinessesworldwide.Webrootsecuritysoftwareconsistentlyreceivestopratingsbyrespectedthird–partymediaandhas beenadoptedbymillionsglobally.
WebrootAntispywareCorporateEdition(formerlySpySweeper®Enterprise)isacomprehensive,centrallymanagedenterprisesolutionthataggressivelyblocks,detectsanderadicatesspywareondesktopsacrossthenetwork.WebrootAntispywareCorporateEditionwithAntivirusofferscombinedprotectionforspywareandviruses.Webrootproductscanbefoundatwww.webroot.comandontheshelvesofleadingretailersworldwide.
Tofindoutmorevisitwww.webroot.comorcall800.870.8102.
© 2007 All rights reserved. Webroot Software, Inc. Webroot, Spy Sweeper and the Webroot icon are registered trademarks
of Webroot Software, Inc. in the United States and other countries. All other trademarks are properties of their
respective owners.
NO WARRANTY. Information based on research conducted by Webroot Software, Inc. The information is provided AS-IS
and Webroot makes no warranty as to its accuracy or use. Any use of the technical documentation or the information
contained herein is at your own risk. Documentation may include technical or other inaccuracies or typographical errors.
Webroot reserves the right to make changes without prior notice.