Desktop Anti-Spyware Doesn't Cut It, Says Survey

Security appliance maker Blue Coat polled more than 300 IT professionals whose companies are using desktop-based anti-spyware solutions from vendors such as Computer Associates, Webroot, Symantec, Lavasoft, Microsoft, and Spybot, and found that nearly three out of four reported that current programs "are ineffective in preventing spyware from infecting their networks."

The survey, which was conducted last month and included IT managers from around the world working in small-, medium-, and large-sized enterprises, also found that spyware was becoming an ever-bigger blight. Eight-four percent of those surveyed said that the spyware problem is worse, or at best the same, as it was three months ago.

Although one would expect such results from a poll done by a vendor that sells gateway, not end-point, anti-spyware products, Gartner research director Avivah Litan seconded Blue Coat's motion that today's desktop defenses are not the ultimate solution for the spyware dilemma.

"The lack of effectiveness comes from the fact that many [programs] are signature based," she said, referring to the one-one-one digital fingerprints that anti-spyware, like their anti-virus cousins, must create to detect and then delete each new instance of spyware. "There's a latency issue there, a break between when new spyware appears and a signature's created."

Instead, said Litan, the wave of the future -- spyware defense-wise -- will be behavioral-based defenses. Rather than scan each file and try to match it to an anti-spyware signature, this kind of guardian looks at the behavior of both suspect software and the PC as a whole. "Software that looks for unusual behavior, such as specific open ports or a process that's logging keystrokes or programs that are trying to hide, is much more effective than signature-based anti-spyware," she said.

WholeSecurity, added Litan, is one of the leaders in the behavior-style category, but other vendors are getting themselves in gear, too. "Others are trying to move that way as quickly as they can."

WholeSecurity last month launched a program to share information about phishing attacks -- which are increasingly using spyware to snatch identities -- with the help of such corporate titans as Microsoft, eBay, PayPal, and Visa.

Blue Coat's poll also showed that a majority of IT pros recreate systems as a way to purge spyware.

Seventy-four percent re-imaged some or all of their desktops, even though they had desktop anti-spyware software installed, as a way to completely clean infected systems. (It's common, for instance, that one desktop anti-spyware product misses some spyware that rivals catch, and vice versa, the root of the advice by many experts to use multiple anti-spyware solutions.)

In fact, about one out of every eight enterprise IT managers polled said that they re-image all their spyware-infected desktops as a matter of course.

"Most anti-spyware software is reactive," said Litan. "That doesn't mean it's totally ineffective, but [defensive] software does need to get more intelligent."