resource center
  See your link here
|
Subscribe to Computerworld Computerworld -
Bruce Edwards began to understand that spyware was more than a consumer PC problem when his users started complaining loudly about poor performance and an increase in pop-up ads. But it wasn't until after he'd checked all of his organization's PCs that Edwards understood the full scope of the problem.
"My customer workstations were really gummed up," says Edwards, LAN administrator at the Administrative Office of the Courts in Little Rock, Ark. All 200 machines in his offices were running a wide range of spyware, and many were running multiple programs. The programs ran in the background without the users' knowledge, downloading information on Web surfing activities and uploading advertising in the background for use in pop-up ads. As the volume of these hidden programs grew, they began using up system resources and choking off network bandwidth. Annoyed with all the pop-up ads, some users downloaded free pop-up blocker programs that installed even more spyware.
Spyware programs discreetly install themselves on PCs, establish a back channel over which to download information about the user and typically upload advertisements—often over HTTP Port 80. Programs designed specifically to deliver targeted advertising are also called adware. But adware and other types of software that install without the user's explicit consent and establish background communications—including surveillance programs, key loggers, remote control tools and Trojans—are also described as spyware.
Companies have traditionally viewed spyware as a nuisance that's best handled by desktop support groups. But IT organizations are beginning to view it as a security risk as well because spyware is becoming more common and the programs are growing more sophisticated.
Image Credit: David Plunkert
Edwards used PestPatrol, a spyware scanning and removal tool, to clean up the mess. But the big issue for him isn't system performance or productivity-sapping pop-ups—it's the uneasy feeling that these programs have opened an unauthorized communication channel that could put sensitive court documents at risk. He worries that, in addition to downloading data on Web surfing activity, a spyware program may capture user log-in and password information, or that a benign adware program may provide a communications pathway that could be hijacked for uploading more malicious software.
Analysts say that while some adware programs simply monitor Web surfing activity and serve up annoying pop-up ads, others could be stealing e-mail addresses and passwords, allowing background downloads of more malicious software, or sending sensitive data to competitors. "We think the capability to do that is there," says John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc.
Getting In
Spyware applications may install themselves after a user clicks on a pop-up dialog box, opens an e-mail attachment or downloads freeware. In some cases, unpatched Windows machines may be vulnerable to "drive-by" attacks, in which malicious code embedded in a viewed Web site exploits Internet Explorer vulnerabilities and lax security settings to install itself without the user clicking on anything.
Centralized Data Backup and Your WAN
Is your organization prepared to tackle the massive challenge of protecting your data in a cost effective and timely manner? With a growing...
Why Compliance Pays
This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data...
An All-in-One Approach to Web Security
Granting web access to employees poses challenges to IT administrators and introduces unique security risks. Even as companies have perfected their security techniques...
Best Practices for Managing Business Risks from the Use of IT
(Source: Symantec) Based on exhaustive benchmarks conducted by the IT Policy Compliance, this session highlights the relationship between business risks and use of...
The Hidden Dangers of Spam
Beyond the well-understood productivity drain that spam inflicts on businesses, threats posed by illicit email circulating through a network are causing many security...
Managing And Protecting Your Ever Increasing Mobile Assets
(Source: Absolute Software) Your users are becoming more mobile each day. This is great for productivity - yet challenging for IT control. Natalie...
Open Source Security Myths Dispelled
(Source: Astaro) Open Source Software is computer software whose source code is available to the general public. This openly viewable nature...
Sun OpenSSO Enterprise Webinar
(Source: Sun) This webinar replay discusses Sun OpenSSO Enterprise innovation--the single, open-source solution that helps your business solve the challenges around internal access...
Best Practices for Backing Up VMware® with Veritas NetBackup™
VMware® is used by enterprises large and small to increase the efficiency and cost-effectiveness of their IT operations. With this in mind, Symantec...
Agile Enterprise Content Management (ECM) for Rapid ROI
(Source: IBM) Content rich business processes are a core feature of daily operations at just about any organization today. Very often these essential...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
