Spyware Gets Top Billing

An infection on the CEO's home system leads to a call for new preventive measures.

By Mathias Thurman

July 5, 2004 12:00 PM ET

Recommended

Computerworld - This week, I was suddenly called into my boss's office for an urgent meeting. From the look on his face, I expected to hear that we had a serious security incident under way. Instead, he asked what our department was doing about spyware.
Apparently, a spyware program had infected our CEO's home computer, so he asked the CIO if we had a plan to deal with adware and spyware. The CIO marched down to a vice president's office to ask the same question. That VP then asked a director, who asked me whether we have any infrastructure to deal with an increase in spyware activity within our company. The short answer is that we don't have any. So now the question is, Why don't we have that infrastructure in place?
It's funny how these sorts of inquiries roll downhill. At a previous job, I once had to bring in several vendors after the CEO read an article about public-key infrastructure. We explained to him that PKI was still in its infancy and would cost several million dollars to implement. The project died quickly after that.
Typically, adware is software that installs a service or program that spawns pop-ups or launches a Web browser that points to a specific Web site's marketing message . Adware also tracks an individual's surfing habits and sends that information to a third party for analysis and use in marketing campaigns. Spyware is software that monitors a user's activity without his knowledge. In addition to Web surfing, it may also monitor things such as keystrokes.
Spyware and adware are two sides of the same coin. Both enter a computer system when a user opens an attachment or clicks on a Web page that allows a program to be executed on the system without his knowledge. Both make similar modifications to a system, such as changing Windows registry settings, adding services and installing and executing applications.
When I recently experienced pop-up ads on my home system, for example, I was amazed at the number of modifications that had been made to it. I found several applications I didn't recognize in the registry key responsible for starting applications at boot time. All of them turned out to be adware. There are many freeware and commercial products I can use at home to identify and remove these applications. For example, I use Patrick Kolla's Spybot - Search & Destroy. The popular program is available for free at www.safer-networking.org and is supported by user donations. But neither this nor the

Recommend Digg Twitter ShareThis

Email Print Send Feedback Reprints

Jump to comments

Security

Additional Resources

WHITE PAPER

Do You Know the 7 Steps to Successful Data Migration?

Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.

WHITE PAPER

Total Cost of Ownership of Server Computing Vs. PCs

Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.

WHITE PAPER

IDC White Paper: Linux in a Global Recession

Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.