Unauthorized Software Active on 37% of Corporate PCs

Security firm Bit9, on April 8, 2009, released the outcomes of a poll it conducted over 250 IT managers, highlighting that while 77% of those surveyed have software usage policies in place, a frighteningly 37% have discovered malicious or unauthorized software on their PCs.

The survey also highlights that unauthorized software is often malicious software, which escapes detection by current defenses. Therefore, malicious software that has eluded responsive security creates a dominant problem for business organizations as well as indicates to the failures of conventional, responsive security systems like signature-based Anti-Viruses. These anti-viruses safeguard computers only from known malicious programs, leaving organizations exposed to unfamiliar, zero-day or targeted attacks.

Besides, the survey points out that although most of the organizations and companies have policies that ban unauthorized software, many do not implement the same. With policies for software usage so often abandoned, it is hardly astonishing that only 34% of survey participants believe that their businesses would remain protected against malicious/unauthorized software in 2009.

Furthermore, 29% of participants reported that their organization had not implemented a software usage policy that would forbid employees from taking down software indiscriminately especially given that modern environment was riddled with security threats.

Thus, the security specialists state that the survey outcomes emphasize that organizations need to adopt proactive security approaches like Application Whitelisting (AW) to stop any form of download and execution of malicious software on their computers.

AW, according to the specialists, refers to a proactive method of safeguarding endpoints like PCs, servers, laptops, kiosks etc. from risks of unauthorized software. Instead of striving to tackle new malicious software, IT personnel employing AW can make sure that only those software are allowed for execution that are on the list of authorized software of the corporation.

Commenting on the point, Tom Murphy, Chief Strategist at Bit9, said that policies for software usage are frequently regarded as guidelines instead of strict regulations. Absence of these could create opportunities for crime-ware, targeted attacks, licensing abuse and failed audits, as reported by DarkReading on April 8, 2009.

Related article: Unauthorized Patch by Researcher Posts Threat for Microsoft

» SPAMfighter News - 4/13/2009