Spyware Gets Top Billing

Computerworld - This week, I was suddenly called into my boss's office for an urgent meeting. From the look on his face, I expected to hear that we had a serious security incident under way. Instead, he asked what our department was doing about spyware.
Apparently, a spyware program had infected our CEO's home computer, so he asked the CIO if we had a plan to deal with adware and spyware. The CIO marched down to a vice president's office to ask the same question. That VP then asked a director, who asked me whether we have any infrastructure to deal with an increase in spyware activity within our company. The short answer is that we don't have any. So now the question is, Why don't we have that infrastructure in place?
It's funny how these sorts of inquiries roll downhill. At a previous job, I once had to bring in several vendors after the CEO read an article about public-key infrastructure. We explained to him that PKI was still in its infancy and would cost several million dollars to implement. The project died quickly after that.
Typically, adware is software that installs a service or program that spawns pop-ups or launches a Web browser that points to a specific Web site's marketing message . Adware also tracks an individual's surfing habits and sends that information to a third party for analysis and use in marketing campaigns. Spyware is software that monitors a user's activity without his knowledge. In addition to Web surfing, it may also monitor things such as keystrokes.
Spyware and adware are two sides of the same coin. Both enter a computer system when a user opens an attachment or clicks on a Web page that allows a program to be executed on the system without his knowledge. Both make similar modifications to a system, such as changing Windows registry settings, adding services and installing and executing applications.
When I recently experienced pop-up ads on my home system, for example, I was amazed at the number of modifications that had been made to it. I found several applications I didn't recognize in the registry key responsible for starting applications at boot time. All of them turned out to be adware. There are many freeware and commercial products I can use at home to identify and remove these applications. For example, I use Patrick Kolla's Spybot - Search & Destroy. The popular program is available for free at www.safer-networking.org and is supported by user donations. But neither this nor the