Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Fri, Dec 24, 2004 (Vol. 9, #49 - Issue #505)
The Big Antispyware Announcement!
This issue of W2Knews contains:
- EDITORS CORNER
- The Big Antispyware Announcement!
- ADMIN TOOLBOX
- Admin Tools We Think You Shouldn't Be Without
- TECH BRIEFING
- Executive Summary: Spyware Worse Threat Than Viruses
- NT/2000 RELATED NEWS
- Detecting And Removing Spyware
- NT/2000 THIRD PARTY NEWS
- How Come Microsoft Updates Sunbelt With Spyware Definitions?
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Sunbelt Remote Admin: SuperFast Remote Control
SPONSOR: First in True Enterprise-Ready Anti-Spyware
Spyware is the new Number one IT headache. For the enterprise,
retooled consumer anti-spyware products won't cut it. Meet
CounterSpy Enterprise. CounterSpy is a policy-based anti-spyware
tool built from the ground up for enterprise deployment and easy
centralized management. It supports AD and has a strong Admin
Console with four different ways to deploy agents. Catch a sneak
peek here and check out the recorded webcast. Then ask for a
Visit First in True Enterprise-Ready Anti-Spyware for more information.
The Big Antispyware Announcement!
Here's the latest hot news from Sunbelt Software. And as this is the last issue of 2004, have a great New Year's everyone.
I haven't been excited like this for a while! I have something very
cool to announce today: a true second-generation enterprise-ready
antispyware product. During the last 6 months many of you told us
that spyware had become your #1 headache: worse than viruses. But you
also told us that the first-generation tools out there were so-so
at best. A recent SunPoll showed that almost 40% of you were holding
out for a real enterprise solution. It was clear that the existing
"enterprise" products were retooled from consumer code and did not
support things like Active Directory. In other words, not "built for
the enterprise", but you bought them because there was nothing else
on the market and you needed a solution "N O W".
No more! I'm proud to present the long and hard work of the Sunbelt
Development and QA-team: CounterSpy Enterprise. This product was built
'by admins for admins' from the ground up for enterprise deployment.
It is second-generation for two main reasons. First, it was built as
a policy-based solution from the get go. And, it interfaces
with AD, has many ways you can deploy agents to your workstations,
and is admin-friendly. Second is that it uses three strategies to
update the spyware definition database: Sunbelt's own dedicated team
of spyware researchers, a unique network called the
"Spyware Fighters Network" (SFN), and Microsoft is going to send
us spyware definition updates! (see article below). These combined
will make sure that the threat database is both extensive and up
to date, and better than any other product out there, bar none.
The SFN functions as an early warning system (neighborhood watch)
and spots outbreaks of new spyware which get sent to our Research
Team which will validate them and quickly update your CounterSpy
We're beyond excited about this development, as you can understand.
CounterSpy Enterprise is going to be the best out there. If you have
budget to spend before the end of the year, I could not suggest
more strongly that you buy CounterSpy Enterprise (CSE) right away.
It is a Version 1.0 and you'll be able to tell us what direction
you want it developed in. Have a look at it, and tell us what you'd
like to see in future versions. This is a great way to fight spyware
If your 2004 budgets are tapped out, or if you are doing a big
migration and have no time over the holidays, schedule an eval of
CSE in early January and ask for Q1 budget, as this is the first
true enterprise-ready antispyware solution that you can get your
hands on n-o-w! For the specs of CounterSpy Enterprise, check out
the Product Spotlight section.
Quotes of the day:
- "I do not fear computers. I fear lack of them." --Isaac Asimov
- "Things turn out best for the people who make the best of the
way things turn out". -- John Wooden
- "Democracy is two wolves and a lamb voting on what to have for
dinner. Liberty is a well-armed lamb contesting the vote."
(email me with feedback: [email protected])
Admin Tools We Think You Shouldn't Be Without
Executive Summary: Spyware Worse Threat Than Viruses
Need Ammo to get budget for antispyware? Use these results of a recent
Sunbelt Software survey. Spyware/Adware is pretty ugly, and getting
W2Knews asked its readers to participate in a new survey to gauge the
impact spyware has in 2004 compared to 2003. A total of 1156 self-selected
responses came in, amounting to 2% of the open rate of that specific
W2Knews issue. The results are nothing but revealing.
Stu Sjouwerman, Editor in Chief of W2Knews stated: "Spyware has
exploded in 2004. Of the respondents, 58% said it has increased
more than 100%, 23% said it increased 50% over 2003 and 13.4% stated
it increased somewhat over last year. System Administrators told
us it has become a worse problem than viruses."
Asked about the level of severity of spyware infections, 1.5% said
it was no problem at all, 7.5% said it was a minor problem, 41.3%
stated that it was happening more and more, 33% complained it had
become a major problem and 16.7% said they were very concerned
about this and needed solutions right away.
Those are the results of the latest independent W2Knews poll of 1156
system and security administrators. A large majority of 45% said they
were actively looking for -scalable- antispyware solutions for their
organization, and another 31% plan to implement antispyware in the
near future. Over 50% are looking to purchase antispyware solutions
within a 9-month timeframe.
The responses show that on average 48% of system administrators
spend more than 20 minutes per system removing unwanted spyware,
18% say it takes 15-20 minutes per system, and 16.2% of system
admin say it takes 10-15 minutes. Over three quarters of admins
reported that up to 20% of the machines that are infected need
a total rebuild to get rid of persistent malware.
Regarding existing policies in their organization that forbid
downloads and installation of unapproved software, 72% indicates
that these do indeed exist, but only 21% has the tools to enforce
these policies. All others say that they either have no, or at best
insufficent means to enforce download policies.
Other survey highlights:
Well, we are happy to present CounterSpy Enterprise to solve this
ugly issue. Check out the specs here:
- Many system admins use free tools to disinfect systems, but none
of these catch all the spyware, the vast majority uses two or even
three products in their efforts to clean systems.
- Attempts are made to educate end-users but re-infections of
affected systems occurs in the timeframe of a few weeks to a month.
- Spyware in the HIPAA regulated industries has become a major
- The problem with free solutions is no central management or central
updates of threat definition databases, no reporting, and no real-time
- End users tend to shut off antispyware tools on their system
because they think that these tools cause their PC to slow down.
- Existing anti-virus tools make an attempt to focus on spyware
but do not do an acceptable job in removing it.
- System administrators complain that spyware has become very
time consuming and that especially personal computers used by
telecommuters, and laptop devices used by traveling employees
get infected and re-infected with a very high frequency. The most
recurring terms used to describe spyware are: "insidious", "worse
than viruses", "hate it", "very irritated" and "nightmare".
NT/2000 RELATED NEWS
Detecting And Removing Spyware
Spyware has quickly become a nightmare for both consumers and
the enterprise. Legislation was put on the fast track and
signed into law in a matter of months. But just like CAN-SPAM,
legislation alone is not going to solve this problem. Spyware
is a threat with many sharp edges and attacks from many angles.
In a Feb. 23, 2004 press release, U.S. Senator Conrad Burns (R-Mont)
stated, "Computer users should have the same amount of privacy
online as they do when they close the blinds in the windows of
their house. But this is not the case, as computers across the
country are being hijacked every day as users unknowingly download
unwanted and deceitful programs that spy into their online world.
Computer users must have some sort of defense against these sneaky
programs hiding in the shadows of their machines."
To be a bit more specific, spyware really is a generic term. There
is a whole "tree" of at least 36 different categories of spyware,
starting with relatively harmless tracking cookies to extremely
dangerous backdoors that hackers can use to get "root" access
and compromise your whole network. The ways an and-user's machine
can get infected are various. Some of the spyware gets "piggy-backed" with peer-to-peer file sharing products. There may be
corporate policy against that, but you'd be surprised with what
end-users think they can get away with. More common in our
environment are the infiltrations via a method known as
"drive-by-downloads" which could be just a tracking cookie but
when your user clicks on anything at all, malware gets copied
to their hard disk and here's where a lot of trouble starts.
Spyware is often not detected by anti-virus software and no
wonder. AV software wasn't developed for that purpose. And
unfortunately, uninstalling the host software that carried
the parasite into your end-user's machine does not get rid
of the spyware itself. Some of them are very resistant to
uninstalling. Practically all of the new Spyware releases have
"reinstallers" built-in that get it activated again even if
the end-user deletes the spyware. It is only just now getting
the same visibility and attention that anti-virus software has
had for years. Both consumers and organizations need to take
active steps to protect against this new internet plague. We all
thought that spam was a major problem, but it is a mild cold
compared to spyware which is spreading like a new strain of
One of the reasons for this is that spammers over the last few
years have found that they get filtered out more and more and
have become more resourceful in trying to get around this.
Combine that with the fact that several mafias have moved
into organized cybercrime (identity theft is a lot less risky
and can be more rewarding than selling drugs) and you have
an interesting cocktail of malicious code and intentions.
Up to now, removal has not been very structured. Several freeware
products like spybot and ad-aware are being used by system admins
to get rid of affected machines. Consumer products like PestPatrol
have been retooled for the enterprise but without sufficient
analysis what the system admin really needs. Only just now some
"enterprise tools" are coming on the market. But they have a long
way to go. CounterSpy enterprise was built from the ground up
as an enterprise tool, 'for admins by admins' and includes a
unique way to fight spyware.
Spyware is BIG business. We are talking many hundreds of millions
of dollars. And that is the legit side only. There is as much or
more money to be made on the criminal side. No one product (and
no single company) can fight this on their own. System admins
already know this and use two or three antispyware tools to
try to clean systems. CounterSpy Enterprise has a threat database
that is one of the best in the industry, but its strongest feature
is the Spyware Fighters Network (SFN) that allows all admins to
band together and fight spyware as a team! The SFN allows faster
fixes to be coded and downloaded to CounterSpy Enterprise users.
You can check the Preview Edition here:
THIRD PARTY NEWS
How Come Microsoft Updates Sunbelt With Spyware Definitions?
For most of you the CounterSpy Enterprise announcement was expected,
but the story got a really nice twist at the end last week. You may
have seen the recent press on Microsoft acquiring the antispyware
company Giant. Let's clarify some things for you admins that have
been in the trenches these last weeks.
First, Sunbelt is a Gold Certified Microsoft partner and the two
companies have had a strong and friendly partnership for a number
of years. Sunbelt is not going to be bought by Microsoft. We have
a well known 20-year reputation for never letting our customers
down. Example: Everyone that bought PestPatrol Corporate from
Sunbelt gets a free upgrade to CounterSpy Enterprise.
So, what happened last week? Microsoft bought Giant. Now what?
Microsoft fully owns its anti-spyware product that it acquired
from Giant Company. (Giant had previously granted co-ownership
rights to Sunbelt for a previous version of Giant's antispyware
product. As part of that contract, Sunbelt has the exclusive right
to innovate its own product. Similarly, Microsoft has exclusive
rights to the Microsoft technology.) In turn, Sunbelt fully owns
its own anti-spyware technology. CounterSpy for consumers is a
reworked derivative of the Giant code. CounterSpy Enterprise was
built from the ground up as a robust, second-generation tool and
only uses some of the (now heavily modified) Giant code in the
CounterSpy Enterprise workstation agent.
Now, the above is pretty common and nothing really out of the
ordinary. But listen to this: "Microsoft will be providing
definition file updates to Sunbelt to its spyware database until
July 2007. During this time, Sunbelt and Microsoft share in the
ownership of these definition files." Awesome news. As you know,
the threat database is a crucial part of the quality of any anti-
spyware product. Now NO OTHER corporate antispyware product can
even get c-l-o-s-e to CounterSpy Enterprise !
We are actively developing new versions of both the consumer and
enterprise versions of CounterSpy, and on top of the Microsoft
antispyware updates, we will add our own threat database updates
to the products. We have our own in-house team of developers, as
well as a team of researchers hunting for new spyware, and the
rapidly expanding Sunbelt Spyware Fighters Network is contributing
too. You should ask for a quote to start with, and you'll be
pleasantly surprised with the competitive price. Keep two things
in mind though:
This is the form to get a price quote:
- Make sure to mention the amount of workstations you want
- It's the holiday season so it may take a few days to get a quote back to you!
And here is the official Microsoft statement to clarify some things
that were said in the press which were misinterpreted, I'm quoting
the section where they confirm that Sunbelt will get the threat
"Anti-spyware solutions require definition updates-signatures of
known spyware and other unwanted software-that are necessary to
keep the solutions up-to-date. Because of a legal agreement between
Sunbelt Software Distribution and Giant that preceded the Microsoft
acquisition, Microsoft will provide spyware signature updates to
Sunbelt through July 2007." Link to the MS website:
This Week's Links We Like. Tips, Hints And Fun Stuff
PRODUCT OF THE WEEK
Sunbelt Remote Admin: SuperFast Remote Control
Sunbelt Radmin is a superfast, award winning remote control program.
You can take over one or more remote systems, and even daisy chain
them! The truly crucial features are all there: superfast remote
control, file transfer, NT security, telnet and multi-language
support. The price is ridiculously low. It has everything you need,
and nothing you don't. A user called it a "pcAnywhere killer"!
Just the kind of neat tool to use some of that year-end budget.
Check it out here: