Combating Spyware in the Enterprise
Combating Spyware in the Enterprise
Combating Spyware in the Enterprise is the first book published on defending enterprise networks from increasingly sophisticated and malicious spyware.
Combating Spyware in the Enterprise begins by examining the various types of insidious spyware and adware currently propagating across the internet and infiltrating enterprise networks. This section closely examines Spyware’s ongoing transformation from nuisance to malicious, sophisticated attack vector. Next, the book uncovers spyware’s intricate economy and network of malicious hackers and criminals. Forensic investigations presented in this section of the book reveal how increasingly sophisticated spyware can compromise enterprise networks via trojans, keystroke loggers, system monitoring, distributed denial of service attacks, backdoors, viruses, and worms. After close examination of these attack vectors, the book begins to detail both manual and automated techniques for scanning your network for the presence of spyware, and customizing your IDS and IPS to detect spyware. From here, the book goes on to detail how to prevent spyware from being initially installed to mitigating the damage inflicted by spyware should your network become infected. Techniques discussed in this section include slowing the exposure rate; web filtering; using FireFox, MacOSX, or Linux; patching and updating, machine restrictions, shielding, deploying anti-spyware, and re-imaging. The book concludes with an analysis of the future of spyware and what the security community must accomplish to win the ware against spyware.
* A recent survey published by Information Security Magazine stated that “combating spyare” was the #2 priority for security professionals in 2005
* Despite the high priority placed on combating spyware by security professionals, there are no other books published or announced that address this market * Author Paul Piccard is Director of Research for Webroot, which is a market leader for pure-play anti-spyware vendors
User Ratings and Reviews
3 Stars Plenty of potential, but falls short
I hoped Combating Spyware in the Enterprise (CSITE) would follow in the footsteps of recent Syngress books on related topics, like Phishing Exposed (me: 5 stars), Software Piracy Exposed (me: 4 stars), Securing IM and P2P Applications for the Enterprise (me:4 stars), Inside the Spam Cartel (me: 5 stars), and Insider Threat (4 stars). Each of those books takes a good look at a slice of the modern security landscape, some delivering outstanding material. Unfortunately, CSITE doesn’t fit in this group.
The first problem with CSITE is the mediocre integration of material from seven authors. It’s the job of the editor or lead author to reduce the internal redundancy to an absolute minimum. This goal was not achieved, especially in places like Ch 4 where one author covers material already presented by another author.
The second problem with CSITE is the inclusion of an appendix, in its entirety, from Phishing Exposed by Lance James. While I liked Phishing Exposed, I didn’t need 40 pages from his first book in CSITE. Given that CSITE’s main text ended at p 334, the duplicated text looks like padding.
The third problem with CSITE is that I don’t think it covers the subject thoroughly. If CSITE were a book on a broader topic, I might not worry so much about missing certain details. However, CSITE is supposed to be about fighting spyware in the enterprise. Yet, it completely ignores enterprise network-level techniques involving traffic inspection and interdiction. Companies spend plenty of money running products like Websense or proxy-based solutions to control inbound and outbound spyware-related traffic. CSITE ignores this and focuses on host-based ways to configure Windows, email, and Web browsers. Those are all extremely necessary, but not sufficient. Intrusion detection/prevention, extrusion detection/prevention, and smarter firewalls are all ignored too.
I wished CSITE had spent more time analyzing actual spyware. While some examples were given, nothing really definitive was shared. It would have been nice to have seen a forensic analysis of a system afflicted with various forms of x-ware, including host- and network-based evidence. Peter Szor’s older but brilliant book is much better in this respect.
As far as what CSITE does present, it appears accurate and helpful. I liked the tools overview in Ch 6 and the end user recommendations in Ch 5. The only repeated goof I found was mentioning “Evi Gadron” twice, instead of “Gadi Evron.”
If you have no other spyware reference, you will probably find CSITE helpful. Otherwise, I would wait for a second edition that addresses the concerns in this review.
Filed under: Spyware Blockers Book Reviews