 |
Spyware...The Hidden Menace by Tom Allen
Imagine a salesman came into your business and kept your employees from doing their job, every time you throw him out he finds a way back into further distract people from their work. Meanwhile in between sales pitches they were recording your company’s confidential data and selling it to other advertisers, or worse.
You obviously wouldn’t stand for this and would find some way to prevent it. Wouldn’t you?
Some companies deal with this on a daily basis in the form of the insidious intruder known as Spyware.
What is Spyware?
Spyware comes in many forms; the actual term spyware refers to software that “spies” on your computer. Spyware can capture information like web browsing habits, e-mail messages, usernames, passwords and credit card information. If left unchecked, the software can transmit this data to another person’s computer over the Internet.
There is also Adware this is free software that is supported by advertisements. Common adware programs are toolbars that sit on your desktop or work in conjunction with your web browser. They include features like advanced searching of the web or your hard drive and better organization of your bookmarks and shortcuts. Adware can also be more advanced programs such as games or utilities. They are free to use, but require you to watch advertisements as long as the programs are open.
Trojan horses are software programs that masquerade as regular programs, such as games, disk utilities, and even antivirus programs. But if they are run, these programs can do malicious things to your computer.
Then there are viruses. These are small programs or scripts that can create and/or delete files, reproduce themselves, or even email themselves to others in your address book.
All of the above as well as others not mentioned can fall under the phrase of “Malware”. This is malicious code that either occupies resources or in some way harms your computer.
Benign or Malicious
While all of these types of Malware are unwanted there are two categories, benign or malicious. Benign Malware doesn't do specific damage to your PC buy may direct information about you to a third party so they can feed you specific Ads, you may not even know these are there unless you run an Anti-Spyware application. Malicious Spyware can shut down your entire computer; it can hold your browser hostage and direct you to sites it desires. It is also very difficult to remove so once it’s there you may be forced to format your drive. There are no hard and fast rules as to what defines benign and malicious Spyware, but that is immaterial, you don’t want any of it and should you get it, it should all be removed.
Symptoms of Spyware
How do you know if you have a malware infection? There are some indications. First if you notice that your computer has slowed down; perhaps some application that used to open quickly now takes a few seconds. Second, if you notice new favorites under the favorites tab of your browser. A third indication would be numerous pop up ads, sometimes they can occur even when you’re not on the Internet at all. Also any change to your default home page would be an indication of a malware infection.
How to Prevent It
The Business Software Alliance states that education is the key component in fighting spyware. So the question arises if you are a network administrator, “how do I educate my users?” One of the best ways to instruct users is to teach them how spyware gets on a computer. Here is an example; a user sees a pop up ad asking if they want to download a program, they click no but the program is already downloading behind the scenes, or the user clicks no and another pop up window appears this happens until the user gets frustrated and clicks yes to make the pop up go away. In either case the user could have prevented the download by using the task manager, stopping the application, or by merely quitting immediately. If they don’t know that though, they won’t do that. Teach your users to be suspicious of any free software, be certain they know exactly what is being downloaded. They can find this out by reading the security warning or the end user license agreement. If the software has neither of these you probably don’t want it.
Protect Your Network
While educating the end users is the key it is important for those with the responsibility to attempt to prevent the spyware from ever reaching the end user. There are a number of methods. First you should ensure that a legal and binding Internet Acceptable Use Policy is signed by each user. Since much of the spyware is acquired during non-work related browsing this is crucial. Also you should always be sure that basic security practices are followed these include, a quality anti-virus program that is updated daily, a well configured firewall (preferably with content filtering), and all Windows security patches are applied for both the operating system and Microsoft Office Suite (if applicable). In addition to these steps there are some good content filtering devices and programs available, as well as enterprise anti-spyware programs. Microsoft themselves have offered a free anti-spyware application that can be downloaded directly from http://www.microsoft.com/athome/security/spyware/default.mspx.
It’s also important to note that even though you may have an anti-virus program this does not mean that you’re protected from every type of malware. Also note that you shouldn’t run a memory resident ant-spyware program on a terminal or Citrix server.
Removal
Should your computer become infected with spyware removal can be a daunting task. While there are many removal programs you need to be careful as spyware often masquerades as a removal program. If you’re uncertain about a spyware removal program simply Google it and you will get a bevy of information that will let you know if it is valid or a hoax. Some Malware requires a specific removal process, the best example of this is a malware known as cool web search, this malware and many of it’s variants requires a shareware called cwshredder to remove it. Sometimes it is better, as a time saver to do a parallel install or wipe the entire drive. This is especially so since there is no way to be 100% sure you removed it entirely. It is important to note that many times Malware is a process running in the background and therefore the process must be stopped for removal to take place. The best method for this is to boot the computer to safe mode.
Spyware and The Law
Following are three major federal bills; you can find updated information at http://thomas.loc.gov.
SPY BLOCK Act S.687: This act makes it illegal to load a program onto a PC without the user’s knowledge and consent, and requires software vendors to clearly explain, prior to installation, what the program does and what type of information it collects. The bill also requires a clear uninstall procedure and sets out penalties for violators. The Federal Trade Commission would handle enforcement and administration.
SPY ACT H.R. 29: This bills prohibits transmission of spyware to a computer without clear authorization by the user/owner. Among other things, it also outlaws taking over a PC for the purpose of sending unsolicited information to others; changing a browser’s home page or otherwise loading pages other than those the user intended to request; and distributing Adware that won’t stop serving ads and creating new pop-ups unless the user shuts down the browser or the PC.
Internet Spyware (I-SPY) Prevention Act of 2005 H.R. 744: This bill introduces new penalties ranging from fines to jail time for parties who cause spyware to be downloaded or copied onto a computer without authorization, either to compromise the computer’s security or to use the information gained to defraud or injure a person.
What Can You Do
The FTC works for the consumer to prevent fraudulent, deceptive and unfair business practices in the marketplace and to provide information to help consumers spot, stop and avoid them. For more information or to file a complaint visit www.ftc.gov.
Keep Up The Fight
Malware is an insidious enemy; every time we find ways to fight it there are individuals who come up with ways to beat the prevention methods. There is no doubt that this will continue therefore it is important for us all, network administrators and basic computer users to keep our guard up and stayed informed.
|
|
