Spyware and data protection

By | February 20, 2006

Most countries now have laws which govern IT use for processing personal data. These laws establish how databases containing personal data should be managed and clearly specify what types of behavior are punishable.

Some countries not only punish the traffic or inappropriate use of such data, but also stipulate that data owners must use suitable systems to prevent this data being accessed by unauthorized persons.

Although this is the theory, many companies have begun managing their databases in a different way, establishing encryption systems, access controls, back-up copies etc. This is essentially what the law requires from them. However, there is perhaps a flaw which systems administrators have overlooked.

Protections required by the law are not enforced and possible fines not imposed if the system fails, i.e. there is erroneous data use. Merely failing to have suitable protection even if personal data was not the target of the attack (yet) is, however, punishable in many countries. This means poor IT management not only affects the company´s working, but may also have legal consequences.

An IT system that stores personal data may be perfectly shielded against unwanted access attempts, but there is also an important security hole. If the user that accesses data legally does so with malicious code in the system, such as a bot, the data may be spied on, stolen and even sold to third parties. And without the network administrator realizing this is happening!

The law, in such a company, has been properly respected… or almost. A proliferation of codes for spying on the activities of infected users has been noticed recently. Although these codes were limited at first to monitoring websites visited by users in order to send advertising mailings, they are now specializing in personal data theft, such as corporate server passwords.

Many of these codes are not only designed to steal passwords, but also act as a bridge, so that a malicious user can leisurely check data stored in corporate servers.

Spyware, so often considered a secondary threat, should be taken just as seriously as a network worm. Rather than leaving protection against these types of codes to a supposedly specialist tool, it should be entrusted to companies with proven technologies for dealing with malicious codes.

Specific anti-spyware tools fail to cover many current Internet threats, while an integrated solution is going to offer a far more secure global protection.

Consequently, systems must be protected against:

“Classic” threats, such as viruses, Trojans, worms etc. This point is covered by classic anti-virus protections, so long as they are of the required quality and have the updates necessary.

Other Internet threats such as spyware, bots, phishing etc. These codes need detection systems integrated with classic protections, not with separate solutions that might clash with antivirus. Although the market is flooded with free solutions, they are not updated quickly enough, since there is no commitment between the developer and the user, apart from goodwill.

External attacks by hackers. Although firewall solutions have proven effective, another level is required in workstations. Apart from the need for personal firewall distribution and its centralized management, deep packet inspection in open ports avoids infections during entry of necessary data, such as the well-known port 80. An attack which is propagated within a local network may be successful if there are no firewall protections in each PC.

Data theft, either through malicious codes or direct intrusions, which is the basic objective of malicious codes in recent times. This may range from apparently insubstantial data such as e-mail addresses for sending spam to passwords and bank account numbers, as mentioned earlier.

Only a protection which covers all of the above points will make it possible for users and network administrators to work securely. They will also have the security that the law on IT data protection will not be brought to bear on them as a result of poor freeware protection against spyware.

Leave a Reply