Spyware in the office

Computerworld - In a perfect world, corporate laptops and desktops would be outfitted with only authorized software that was appropriately configured, always up to date and patched, and protected by layers of security. Corporate information security policies would be painstakingly followed by professionals who never failed to employ best practices. IT audits, in turn, would be a formality -- a regular activity that simply confirmed a flawless IT environment.
What's far more likely is that corporate laptops and desktops include outdated, misconfigured and even unapproved applications. Users might download free games, utilities and media players on their corporate laptops or desktops or install peer-to-peer file-sharing programs.
In many cases, use of such utilities and programs is against corporate policy and a security risk to the organization. Why? Because many of these popular programs include spyware.
Threat or nuisance?
Spyware, sometimes called adware, snoopware or sneakware, is software that secretly gathers information about a user and relays that information to another party over the Internet. In many cases, users unknowingly install spyware when they download freeware or shareware, even though references -- often obscure -- to spyware might be included in the program's end-user agreement. In other instances, spyware programs are automatically installed when a user simply views an HTML e-mail or visits a certain Web page.
At its mildest, spyware is a simple tool used by advertisers to track users' Web-surfing preferences.
At its worst, spyware is used to monitor keystrokes, scan files, install additional spyware, reconfigure Web browsers, snoop e-mail and other applications, and more. Some of today's spyware can even capture screenshots or turn on webcams.
In a corporate environment, these capabilities pose a major threat to corporate security, especially since much of this activity goes on without anyone's knowledge.
Even in computing environments that encrypt data, spyware remains a threat to the security of corporate data because its keystroke-logging components capture input before it's encrypted.
An aid to spam
But that's not all. Spyware also leads to spam and vice versa. When spyware finds e-mail addresses, it sends them back out over the Internet to be traded, shared or sold to spammers. When unsolicited commercial e-mail finds a user who clicks to see an advertised product, spyware secretly downloads as the advertisement unfolds. This creates an administrative nightmare for corporate IT professionals, not to mention the legal implications it introduces as inappropriate content floods in-boxes.
Spyware also consumes memory and system resources. Because it constantly phones home to deliver user information and then sends back more pop-ups, banner ads