Most Web activity monitoring programs do not collect data about individual users or insinuate themselves onto end-user systems. They are usually installed on servers and keep track of incoming activity from that vantage point instead. For example, WebTrends software tracks visitors, IP addresses, geographical locations, duration of visit, pages visited and more on Web sites. Spyware generally seeks to install itself on client systems, usually without informing users or asking their permission to do so. It seeks to gather more personal or sensitive information about users (account names, passwords, credit card numbers and logins). In most cases, you'll notice new items of software showing up as defaults in your Web browser, discover new toolbars, or you may even notice new processes mysteriously joining the startup group. In all these cases, if you Google on the name of the items involved, you can determine quickly and easily if it's benign or malign. How do you know if your employees are blocking spyware or adware correctly?
The only way to be sure is to scan machines to see what can be found. Numerous Web-X or Active-X-based scanners are available to perform check-ups, in addition to end-user packages that may or may not be installed on such machines. Make sure that any and all anti-spyware software installed on a machine is current and that real time monitoring and blocking is enabled. Run scans run regularly as well. Use a different package to run a backup scan on each machine at least once a week. Useful Web-based scans include www.spyaudit.com; www.pestscan.com; and www.xblock.com//download-freeware.php. What kinds of policies do companies make for spyware and adware?
These are generally the same as those for viruses and other more familiar types of malware: 100% pest-free computers, best achieved by installing and using two or more anti-spyware packages on all desktop and server machines: one to provide real-time detection and blocking, along with regular (daily scans), another to provide regular clean-ups (once a week) to catch items the first package may have missed. What's the difference between spyware and adware?
Both types of software install themselves without asking permission -- and often without informing users that they're being installed. Adware typically tries to take over what shows up in banners on regular Web pages and may also lead to a few or an inundation of advertisements in separate pop-up or pop-under windows. Spyware typically tries to monitor and harvest activity and sensitive personal data about the users on the machines on which it runs. It often tries to package up and send that data to malicious third parties as well. Are different spyware and adware precautions required for wireless networks or PCs?
Not really, except that wireless networks and PCs generally require stronger security measures to operate because of the broadcast nature of wireless networking and related opportunities for uninvited outsiders to eavesdrop on wireless network communications. Most experts recommend that all wireless computers use encrypted virtual private network connections to access networks and servers. Our budgets are limited. What are the must-haves for spyware if I can't spend a lot?
For new desktops running Windows XP SP2, a combination of the Microsoft Antispyware package (currently available as a free beta) along with some other good free antispyware (such as LavaSoft Ad-Aware SE or Spybot-Search & Destroy) should be sufficient, as long as administrators are also willing to tweak or establish group policy controls to lock down Internet Explorer a bit from its defaults. The built-in IE security components do at least an adequate job, if not better. For older desktops running Windows, the same anti-spyware combination will also work, but admins will want to add a pop-up blocker (both Google and Yahoo offer good free toolbars that include this functionality) and a BHO (browser Helper Object) handler (BHO Demon, www.definitivesolutions.com is shareware that does an excellent job at providing this kind of protection) to match the same kind of coverage that's built into Windows XP SP2. Is it necessary for me to find the root of the spyware problem? Once fixed, could it happen again the same way?
Provided that the source of infection can be identified and clean-up is successful, it's not necessary to get to the root of a spyware problem. But unless some kind of anti-spyware software is installed, or users never return to the Web sites from whence such infestations originate, it is possible that spyware could reinfect an unprotected system. Some experts say it's a matter of when, not if, systems will be reinfected. You should install at least one antispyware package on every machine that accesses the Internet, with real-time blocking turned on and regular scans from another package. What's the first thing we should do when we know someone has been affected by spyware?
The first thing is isolate the computer from the Internet to prevent any harvested information from being communicated to an unwanted or uninvited third party. Next, a thorough scan should be performed to identify all forms of spyware present. Then clean up any spyware on a computer (most of the time anti-spyware packages will do the cleanup automatically, but manual cleanup is sometimes necessary.) Only when the machine gets a clean bill of health and appears to be behaving normally and correctly should Internet access be restored. Is spyware completely preventable?
No it's not. By taking proper precautions, 99.9% of spyware will be foiled. But because new spyware is created all the time, new sources of infestation are always possible, and some will fall prey to them before effective countermeasures are developed. That said, best anti-spyware practices and teaching users basic rules of safe computing should help most organizations avoid most spyware, and deal quickly with what small percentage manages to get through their various levels of protection. Why can't anti-spyware programs handle 100% of possible threats?
See my column, Spyware vs. viruses: Two different fights. Viruses tend to come in neat little packages, either as items disguised within other files or as attachments to messages of some kind or another. Spyware is both more complex and diffuse. It tends to arrive through a temporary piece of software that gains permission to run on a user's machine from a Web site. It is a lot harder to recognize all the ways spyware can seek to take up residence on a computer, because it involves numerous scripting languages, active Web content of all kinds and any code that a Web page seeks to run whenever users download its contents. Spyware also has a larger frequency of incidence (or discovery of new spyware items, or variants of known items) and a much greater mutation rate than viruses appear to enjoy.