December 02, 2004 - 12:00
London, UK – GFI’s downloads content checking product, GFI DownloadSecurity for ISA Server, helps administrators in the battle against spyware by allowing them to review downloads and exercise control over what downloads enter their network. Spyware is software which is installed on computers without their owners’ knowledge, often with the intent of spying on the user to gain statistical information. A newly released GFI DownloadSecurity update now provides customers who use the Kaspersky antivirus module with added protection against downloads containing spyware, adware, pornware and related malicious software.
The increasing problem of spyware
Spyware is on the rise: Silicon.com reported 83.4 million instances of spyware in the first 9 months of this year, namely some 26 per machine. Spyware can cause computer slowdowns and crashes, drop Internet connections, add sexually explicit icons and images to the user’s machine (pornware), and generate unwanted pop-ups and toolbars (adware), resulting in user frustration as well as increased calls to help desks. Of even greater concern is the fact that spyware can also pose a risk to sensitive corporate data, by tracking site visits or hijacking home pages as a means to steal passwords, email and other records.
Surefire protection against downloaded spyware: Controlling what files enter the network
Spyware and adware are usually contracted by users inadvertently downloading malicious files. The only solution to combat this is for companies to control and analyse what files are being downloaded by users, and to block/control ActiveX controls and Java applets at firewall level. GFI DownloadSecurity for ISA Server facilitates this essential security practice by enabling administrators to define which file types should be quarantined for approval per user. Additionally, GFI DownloadSecurity allows administrators to specify the sites from which ActiveX controls or Java applets are trusted, and it blocks all Java applets and ActiveX controls from mistrusted/unknown sites. This way, unnecessary bandwidth-hogging downloads can be eliminated and more importantly, dangerous ones can be deleted before they can enter the network and cause any harm. More product information and a trial version can be found at http://www.gfi.com/dsec/.
“Just as companies had to install comprehensive mail security products to prevent infection via email viruses, organizations now have to install download security products to avoid contracting spyware and other malware via downloads. This is the major way through which spyware and malware are distributed, and the only real solution is to control and review all user downloads,” said Nick Galea, GFI CEO.
Checks downloads for known spyware
The Kaspersky antivirus engine now checks downloads for known spyware through its ‘SuperSecure’ database of spyware signatures. It detects malware that initiates remote observation and control over the victim PC such as programs for remote administration, keyboard espionage, password detection and automatic dial-up to paid sites. It also identifies several types of adware programs. Furthermore, the SuperSecure database detects key generators and credit card number generators; software cracks; Java classes; Internet utilities (such as scanners); programs causing system problems or generating unexpected video/audio effects; virus simulators; security data collectors; and any suspicious programs that are unusual in form and content.
Current GFI DownloadSecurity customers who use the optional Kaspersky engine with the product are automatically eligible for this new feature. This tool is also included with all new purchases of the engine. To obtain this feature and for more information, users must visit http://kbase.gfi.com/showarticle.asp?id=KBID002239.
Protection against unknown espionage tools
GFI DownloadSecurity users are also protected against downloads containing unknown Trojans and espionage tools through one of the product’s key features, its Trojan & Executable Scanner. The scanner detects unknown malicious executables in downloads by analyzing what an executable does and using built-in intelligence to rate its risk level. It does this by disassembling the executable, detecting in real time what it might do, and comparing its actions to a database of malicious actions. The scanner then quarantines any executables that perform suspicious activities, such as accessing a modem, making network connections or accessing the address book. Further information about the corporate threat posed by Trojans is available at http://www.gfi.com/whitepapers/network-protection-against-trojans.pdf.
Protecting against spyware without securing downloads
Companies who do not wish to secure downloads should, at the very least, install Service Pack 2 for Windows XP (which provides much better protection against spyware because of its security enhancements) and, non Windows XP or 2003 users (i.e., Windows 2000 and Windows 9X) should swap Internet Explorer for Mozilla Firefox as their Internet browser. In addition, administrators can manage the downloading of ActiveX controls through a group policy in Active Directory. “Customers should also insist that their desktop antivirus vendor provides protection against spyware too, since the two are related,” Mr. Galea said.
GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. With award-winning technology, an aggressive pricing strategy and a strong focus on small-to-medium sized businesses, GFI is able to satisfy the need for business continuity and productivity encountered by organizations on a global scale. GFI has offices in the US, Malta, UK, Hong Kong and Australia which support more than 200,000 installations worldwide. GFI is a channel-focused company with over 10,000 partners worldwide. GFI is a Microsoft Gold Certified Partner. More information about GFI can be found at http://www.gfi.com.