Insidious and ubiquitous, spyware can threaten the security of your network. Learn more about how spyware works and how you can eliminate it from your systems.
Microsoft estimates that nearly half of all computer crashes are caused by spyware. Earlier this year, Dell estimated that 12% of its technical support phone calls involved spyware problems. Over the last three months, over 14% of Optimal's client visits included work to remove spyware.
What is Spyware?
Spyware is a confusing word that initially referred to software that reported your computing activities to others without your knowledge.
Nearly all spyware covertly gathers information through your Internet connection without your knowledge. But, over the past few years, the word "spyware" has expanded to include other, more malicious, programs that do everything from tracking your keystrokes and transmitting them to hackers, to letting hackers take control of your computer, to disabling your antivirus program.
According to Patrick Kolla (the creator of the popular free SpyBot Search & Destroy spyware removal tool), Spyware includes:
- Adware. Adware is software that shows advertisements on your computer, whether inside or outside of your browser.
- Keyloggers and Activity Trackers. These are programs that track and transmit your personal browsing habits, personal information (such as credit card information), or even exact keystrokes. These programs are often designed to collect your system passwords (to gain access to your network) and your website passwords (to gain access to your online accounts).
- Malware. Malware is software designed to harm your computer. It can do so by rendering other software useless (most notably antivirus software) or opening up multiple Internet connections that steal your Internet bandwidth.
- Trojans. Trojans are programs that install themselves into your computer without your knowledge. They often masquerade as desirable software and fool you into installing them. The name "trojan" refers only to the way these programs enter your computer. They can also be viruses, malware, or other types of spyware.
- Browser Hijackers. These programs often exploit the security holes in your web browser to install themselves, and then proceed to change your browser settings and even defy your attempts to change them back.
- Worms. Worms actively exploit your existing software to install themselves and then spread themselves to other computers.
How Spyware Infiltrates
Spyware enters your computer through several different methods. The most common include:
- Installation Bundling. A software product that you
download from the Internet may also install spyware on your system.
This may (or may not) be disclosed in the product's end user license
agreement (EULA) to which you must agree before you install the
program. The problem, of course, is that most of us do not read the
EULA before agreeing to it.
The main offenders in this method of distributing spyware include the peer-to-peer music and video sharing programs such as BearShare, Grokster, Kazaa, Morpheous, and LimeWire. In fact, Computer Associates (a computer industry leader who has recently purchased an anti-spyware company) recently decided that Kazaa was so riddled with spyware, that it classified the program itself as spyware. - Drive-by Download. These programs are automatically installed on your computer, often without your consent, when you visit a web page or click on a pop-up advertisement. Lax computer or browser security settings make this much more likely to happen.
- Misrepresentation. Some spyware fools you into installing it by lying about what it does or what it is. For example, a program advertising to remove spyware might just be spyware. Another example would be spyware displaying a web page that looks like a Microsoft product installation page to trick you into installing it.
- Silent Download. Sometimes a program already installed on your computer will download and run another program (usually spyware) without your knowledge.
Finally, there is commercial software which is, in of itself, spyware. For example, Real Player has many of the characteristics of spyware since it keeps transmitting your listening habits back to RealNetworks.
Unfortunately, if you browse the web, you probably have spyware on your computer.
What Can Spyware Do?
With tens, possibly hundreds, of thousands of different types of spyware, their abilities are quite varied. One of the most common, obvious effects of spyware is for your web browser to open up to a different home page than the one you have set. Another is that your computer suddenly runs much slower.
But the harmful effects of spyware can transcend just one computer. One of our clients, a 10-user nonprofit association, was experiencing server crashes every day. After methodically troubleshooting the server we noticed that, for some reason, the server had over 450 files open when it was running. We scanned the computers on the network for spyware and removed hundreds and hundreds of them. Although spyware was not the only issue we resolved, once removed, the server did stop crashing daily.
Many times spyware can affect you or your network system without you knowing it. For example, hackers can use spyware to steal your identity or to destroy your antivirus program so that you are vulnerable to viruses, or even to take control of your machine and access network files.
Spyware, or more precisely, malware, can turn your network into a "zombie" network by running unauthorized processes on your computers. Zombie networks are controlled by hackers for malicious purposes, such as initiating a denial-of-service attack on specific websites or sending out spam.
These are all reasons why an anti-spyware defense is critical to you and your organization.
Protecting Your Systems from Covert Operations
A good anti-spyware defense includes two main elements: elimination and prevention.
Elimination
Anti-spyware software works in a very similar fashion to anti-virus software. It downloads spyware "definitions" from the software maker's servers. Then, it compares the definitions to the software installed on your computer to identify and remove the spyware.
Some of the most popular spyware detection and removal tools include Lavasoft's Ad-Aware, Spybot Search & Destroy, and Webroot's Spy Sweeper. Of these three, only Spy Sweeper has an enterprise version that allows for centralized implementation and management of the anti-spyware program and updated spyware definition files. It has also received some excellent industry reviews. We have installed it for several of our clients and have found it to be effective in mitigating their spyware problems.
Why doesn't your anti-virus program catch spyware?
Technically, spyware is not a virus. Viruses are characterized by their ability to spread themselves into other programs and onto other computers, which spyware cannot do on its own. Regardless, the major antivirus vendors, Symantec, McAfee, and Computer Associates, are all now turning their attention towards spyware. McAfee and Computer Associates have both purchased companies that make spyware removal programs, and are now offering these programs separately from their antivirus packages.
Symantec has included spyware detection capabilities in some of its latest offerings, but has not yet announced a strategy for spyware removal. In addition, Microsoft has recently acquired Giant Company, which makes an anti-spyware tool.
Unfortunately, it will not be enough to choose only one anti-spyware program. As is also the case with anti-virus programs, each anti-spyware program seems to overlook some spyware that is readily caught by another program. Therefore, to effectively eliminate spyware, we recommend you choose two anti-spyware tools to implement on each computer on your network.
Prevention
To minimize the spyware that enters your organization's system, teach your users about the following tips (from Microsoft's website):
- Only download programs from web sites you trust.
- For any software you download, read all security warnings, license agreements, and privacy statements.
- Never click "agree" or "OK" to close a window. Instead, click the red "x" in the corner of the window.
- Be wary of popular "free" music and movie file-sharing programs, and be sure you understand all of the software packaged with those programs.
Additionally, most of the anti-spyware programs discussed above have real-time system protection to identify and block spyware threats before they install themselves into your network computers.
Finally, we recommend reviewing your computer and browser security settings with a professional to ensure that programs will not run without your knowledge and to minimize any unwanted impact from browsing web sites.
Together, these steps will help prevent spyware from entering your systems without your knowledge.
Last Word
Spyware has emerged as another potent threat to the security of our information systems. The effects of spyware range from annoying to catastrophic, and the implementation of a strong anti-spyware defense is critical to every organization. If you need assistance implementing a spyware defense for your network, please email us at This e-mail address is being protected from spambots. You need JavaScript enabled to view it .
0 Comments