Spyware blijft zich ontwikkelen. Het gebruik van rootkittechnologie, VoIP en RSS om gebruikers te infecteren is dichterbij dan ooit. Kan alleen de technologie ons redden of is er ook een rol weggelegd voor wetgeving en het onderwijzen van gebruikers? En is spyware niet gewoon "malware" en dus een taak voor anti-virusbestrijders om op te lossen? Wij vroegen het Dan Hubbard, directeur security- en technologieonderzoek bij Websense.

Q. What kind of new spyware developments are happening right now and what can we expect in the future?

Crimeware, including spyware, is constantly evolving and finding ways to circumvent traditional security solutions. Here are some areas we anticipate changes to occur in the spyware threat landscape:

- We anticipate increased use of Really Simple Syndication (RSS) to circumvent frequent updates and patches. As more technologies- like browsers, and potentially, email clients - embed RSS, the tendency of users to leave it unattended, and the fact that RSS clients are generally configured to self-update every 10 or 15 minutes, indicate that RSS will be seized upon as an effective method of infection.

- As monetisation of cyber crime increases, we expect to see a continued rise in thefts of other types of data. As personal identification and other information used for identity theft become more difficult to steal, we anticipate increased interest in cyber theft of corporate roadmaps, plans, engineering schematics, diagrams, etc.

- Web-borne worms and blogs will continue to be avenues for exploitation and infection

Q. A lot of spyware is installed through Internet Explorer (exploits). Could you say spyware is an IE problem only?

Actually, while many spyware installations occur as a result of access through IE, there are a myriad of other infection vectors, such as peer to peer file sharing, instant messaging, and other communications tools are also being used as attack vectors. Additionally, even exploits that use web content as an infection point may be taking advantage of an operating system vulnerability, not necessarily an IE specific vulnerability, such as the WMF vulnerability announced at the end of 2005. Spyware is definitely not an IE only problem.

Q. Do you think user education works in preventing spyware infections?

Prevention of spyware and other malicious software requires a comprehensive approach to the problem, including security policies and processes, security solutions such as Websense Web Security Suite, which provide multiple layers of defense against such threats, as well as user education.

Q. Shouldn't spyware be taken care of by anti-virus suppliers? In the end it's all "malware".

Spyware is a very broad term, and uses very broad methods, a variety of technologies, and even social engineering to compromise information. Suggesting that antivirus vendors are the silver bullet to the spyware problem is not practical. A defense in depth, multilayered strategy against spyware is the most effective approach. While this includes using software from antivirus vendors, additional layers of prevention that complement AV can have a huge impact.

Q. Do you think legislation helps in the battle against spyware?

Legislation and law enforcement are another important ingredient in combating the spyware problem. There will always be limited law enforcement resources, and legislation lags technology. Appropriate legislation and effective law enforcement can serve as a strong deterrent. However, proactive prevention of previously unseen security risks using dynamic security solutions which can quickly react to new threats are also an esstential piece of the puzzle.

Most of the malware is written by or produced for organised crime gangs. Will the same happen to spyware or is this already the case?

While it is difficult to state with absolute certainty the origin of some pieces of code, spyware is definitely being both produced by and for use by organised criminal groups. It would be understating the problem to say that only organised crime groups are producing and using spyware.

Q. What is the first step in preventing spyware?

The first step in preventing spyware is understanding that there is not just one simple step to take. A comprehensive and proactive strategy including people, technology and processes is required to reduce an organisation's risk.

Q. Could you say that a dedicated anti-spyware supplier is better suited to fight spyware than a general security supplier who also happens to do anti-spyware?

There are both good and bad niche providers of all types of software, and the same applies to large providers. Corporate selection of any type of security software solution(s) should be based on a risk analysis and matching corporate risk and needs to the value provided by vendor solutions. When it comes to security solutions, multiple layers of defense and multiple vendor solutions can significantly reduce risk.