Blue Coat: Make spyware unprofitable

A senior executive from the security vendor believes legislation won't curb the spyware problem; says that the only way is to ensure it is no longer profitable.

SINGAPORE--The surefire way to eradicate spyware is to take away its profit motive, according to a top official from security vendor Blue Coat.

Speaking on the sidelines of the Asian Internet Security Summit last week, Nigel Hawthorn, Blue Coat's vice president for international channels and marketing, noted that until the day spyware becomes unprofitable, crime syndicates will continue to propagate spyware.

Spyware is typically propagated through dubious Internet ads and downloadable programs that unsuspecting Internet users click on, or download.

When a program, for example an Internet speed booster, is downloaded, spyware could get loaded into the user's PC. Spyware programs can be configured to feed information back to a perpetrator, revealing details about surfing habits, or even open doors for criminals to access confidential data on a corporate PC.

Hawthorn said: "If you see a pop-up ad that does not come from the Web site you're visiting, don't click on it. Don't spend money with them so they won't have any more money to write anymore spyware."

But he qualified that this does not spell the end of Internet advertising. "Online advertising on the sites that you trust is absolutely fine. But if a window pops up with an ad that comes from somewhere else, then let’s not trust that."

While some online media companies have urged advertisers to stop serving ads plagued with spyware, he noted that this might be tough to do because advertisers are often unaware their advertising agents are using spyware to deliver online ads.

To ensure online users get the information they need from legitimate Web sites--minus the spyware--Hawthorn suggested using a proxy gateway to filter out potential malicious programs.

He said: "(Online) advertisements are not going to go away because Web sites need to make money. But the rest of the content is benign. We can give users the text and pictures, but not the executable files that they're about to download unknowingly."

In a large organization, he said, it is much easier to implement a few gateways than to install antispyware software on thousands of employee desktops. IT administrators must also ensure the programs are updated, and not "turned off" by employees, he added.

The nonchalant attitude of employees toward spyware is cause for concern, cautioned Anthony Lim, chairman of the security chapter under the Singapore Infocomm Technology Federation, who was speaking at the conference.

Because employees do not personally own their office PCs, and spyware is pretty much invisible to them, they often do not care about the ramifications, he said.

Make antispyware illegal?
According to Lim, several countries such as Singapore, Australia, Malaysia and the Philippines, are considering antispyware laws since Internet threats today are closely linked to crime syndicates.

Because governments are not IT managers, they do not care if users get infected with spyware or viruses, he said. But if such threats start to affect business productivity, which is happening now, governments will step in to address the problem--just as how some of them have done with spam, Lim noted.

However, Anthony Ung, business development manager at Computer Associates Singapore, said while legislation against spyware could achieve some success, it is up to individual businesses to take a proactive role in combating this problem.

He highlighted that while the United States has antispam laws, this move has not significantly reduced the country's spam problem because spam originates mostly from places where there is little, or no legislation.

C R Visveswaran, associate vice president and principal architect from Infosys, said the Internet may have broken national boundaries but physical borders still exist. "For any law to be effective, all the countries of the world must come together, otherwise it will be difficult (to stop spyware)," he said.

But Hawthorn noted that calling for nations to band together and introduce common antispyware laws will be a gargantuan task.

"I don't have a lot of faith in politicians," he said. "They spend their lives trying to make sure they have more power than other politicians. There'll always be a reason for them to make sure their laws are different from other countries."

Implementing a common legal framework might work, but the countries that need to be in agreement are typically those that are least likely to cooperate with other nations, he added.