IT administrators at group-travel company Groople Inc., like their counterparts at many other companies, are dealing with a growing problem of spyware and other malicious software on company PCs. In an E-mail interview, InformationWeek senior editor at large John Foley asked Groople IS manager Scott Larsen how the company is fairing.
InformationWeek: What has been your experience with spyware?
Larsen: We have to deal with spyware/adware on a weekly basis. Fortunately, we have tools in place, through Microsoft, Trend Micro, and other vendors to handle the outbreaks. Usually we can limit the impact with the tools we have deployed to one or two users.
InformationWeek: Can you quantify the costs to your company related to spyware?
Larsen: Most adware/spyware tools aren't enterprise-ready yet, and the primary software vendors are just now integrating this functionality. Antivirus software is the tool of choice in dealing with spyware. This is a cost enterprise environments have become accustomed to, so using it to combat spyware doesn't necessarily add costs for the organization.
From a staffing perspective, the cleanup of spyware or adware usually exceeds the time it takes to handle an antivirus infection. Most spyware/adware has "hooks" in it to reinstall it even if it's detected through conventional means. Sometimes it will take a technician several hours of research and testing different tools and procedures to get a successful removal.
InformationWeek: How did spyware get onto your company PCs?
Larsen: Unauthorized software installation, mostly. Most small to midsize organizations don't have the strict controls in place that many large enterprises have. Users have more freedom to install and "personalize" their computers. This leads users to the free screensaver sites, and the downloadable "smiley" sites, which almost always contain some form of adware, and quite often spyware.
Spyware/adware is a user-education issue for the most part; users need to understand the old adage "there is no such thing as a free lunch." The IT department doesn't like to hunt users down and yell at them for the screensaver they installed on their computer. The IT department wants the user's computer to work for them, all the time. Users need to help in this respect and understand their responsibility in keeping their systems running. With the evolution of spyware, and as restrictions on companies grow to protect corporate data, it's going to require IT departments to become more stringent in enforcing software restrictions throughout the enterprise.
InformationWeek: What tools do you use to clean up spyware?
Larsen: It's piecemeal. We're using several different tools, including Microsoft's Spyware tool, Ad-Aware, Trend Micro's OfficeScan, and manual removal methods.
InformationWeek: Do you distinguish between spyware and adware? Would you ban spyware, but allow adware?
Larsen: Different nuisances, same result. As an organization we don't really distinguish between them because they require the same response from IT. From a user perspective, they just know that something on their computer is wrong -- excessive pop-ups, system slowness, etc. And regardless of whether it's spyware, installed by accident with unauthorized software or via virus; or if it's adware, installed stealthily with the users "consent" (they thought it was just a screensaver), it creates a help-desk ticket and [uses] IT time and resources.