Multi-vendor effort seeks easier way of eradicating rogue programs

Spyware infestations are a headache for enterprises, and while few expect the problem to disappear, a new multi-vendor effort should help by bringing greater consistency to the testing and evaluation of anti-spyware software.

Announced in late January, the effort is backed by security software vendors Symantec, McAfee, and Trend Micro. The vendors, together with ICSA Labs and Thompson Cyber Security Labs—two organizations involved in testing and certification—will collaborate to create standard evaluation criteria for reviewers and certifiers in testing environments.

According to David Cole, director of product management, Symantec Security Response, the effort will cover two main areas. First, the participants will share spyware samples to ensure that threats are commonly known. Second, they will devise common third-party testing methods.

"We've had these sorts of standards in the antivirus space for a long time," says Cole. "We hope to do the same in the anti-spyware space. Users will be able to look at a review based on the testing methods, and say, 'Yes, this is solid and well founded.' "

There is no official deadline for developing the standard criteria, but the sharing of sample threats should begin fairly soon, says Cole. (More information on the group's efforts can be found at www.spywaretesting.org)Larry Bridwell, content security programs manager for ICSA Labs, says the group had its first meeting in early February, with representatives from nearly 20 vendors present. Bridwell estimates it could take six months to come up with a first draft on testing methods.

The spyware problem is large, occupying close to 20 percent of all IT help desk calls by some estimates.

While common test criteria should help IT managers assess solutions, both Cole and Bridwell agree that the best defense is a layered approach that combines tools such as intrusion prevention at the network level, content-filtering gateways, as well as antivirus software for the computer desktop.

"A layered approach, along with sound policies and procedures, is always the best way to go," says Bridwell. "Then if one exploit gets past a layer, the other layers can still protect."