Spyware

Spyware is a generic name for malicious software that can take many different forms. Spyware can deliver unrequested advertising (pop-up ads), harvest private information, and monitor user activities. It could also re-route web requests (to illegally claim commercial site referral fees) or install stealth phone dialers.

Many spywares have more than one malicious goal.

As a byproduct of the malicious changes that spyware programs make, they can drastically impair system performance and consume network resources. Spyware programs also usually incorporate design features which make them difficult to remove from a system. The cost to an organization can be high.

What Counts As Spyware?

Identifying spyware is not always easy because spyware can come bundled with legitimate programs. Data collecting programs installed with the user's knowledge do not, technically speaking, constitute spyware, provided the user fully understands what data they collect and with whom they share it. However, a growing number of legitimate software titles install secondary programs to collect data or distribute advertisement content, without properly informing the user about the real nature of those programs.

Spyware Is Not A Virus

Unlike a virus, spyware is usually installed by the end user, even though they may have no idea of the software's real effect. Spyware installation programs and license agreements may tell the user what it will do, albeit in hidden legal jargon. This is the spyware company's escape clause.

Spyware is often created by legally formed companies with their own development staff, unlike viruses which are created by individuals. Spyware companies have sometimes threatened defamation or libel action against anti-spyware groups and other companies. This makes the matter of scanning for and cleaning spyware more difficult.

Types of Spyware

A number of different types of malicious software are grouped as "spyware". These include:

How Is Spyware Installed?

Spyware programmers use a variety of tactics to get the software installed on the target computer. Among the most common methods are:

• Bundling with an apparently useful program. The makers of such packages usually make them available for download free of charge, to encourage wide uptake of the spyware component. This applies especially with file-sharing clients.

• Taking advantage of security flaws in your internet browser software.

• Downloading with or without any prompt. A drive-by download takes advantage of easy installation via ActiveX controls.

Granting permission for web-based applications to integrate into one's system can also load spyware. These Browser Helper Objects (known as Browser Hijackers) embed themselves as part of a web browser.

Spyware can also install itself on a computer via a virus or an email trojan program, but this method is less common.

Are Cookies Spyware?

HTTP "cookies" are a well-known mechanism for storing information about Internet users on their own computers. A cookie often stores an individual identification number for subsequent recognition of a website visitor. Several web technologies, such as Microsoft's Active Server Pages, use cookies simply to maintain user authentication for the duration of a single session. Cookies are also used to store user preferences such as a site "skin" or default view.

The existence of cookies is not hidden from users; they can choose to disallow access to cookie information. Nevertheless, to the extent that a website uses a cookie identifier to build a profile about the user, who does not know what information accumulates in this profile, the cookie mechanism could count as a form of spyware. For example, a search engine website could assign an individual ID code to a user the first time he or she visits. That site can then store all search terms in a database, and use the cookie ID as a key on all subsequent visits (until the expiry or deletion of the cookie). The search engine could use this data to select advertisements to display to that user, or could transmit derived information to third parties (with or without the user's permission).

What are The Risks of Spyware?

Spyware poses a number of serious risks for organizations, both at the technical level and for data privacy

• Key loggers and similar tools can consume significant resources on workstations, and on the organization's network.

• Worm variants of spyware, much like viruses, will dramatically affect network availability.

• Key loggers can deliver intellectual property to outside parties without your knowledge. Key loggers can also render a network environment unsafe for users, potentially opening a legal liability issue for the network owner.

• Key loggers can also allow hackers to gain unrestricted access to a network, with all the risks that implies.

Marshal Protection Against Spyware

Marshal solutions allow you to check for and stop spyware at the network gateway - ensuring you can secure your network against spyware intrusion, protect your users and confidential data, and comply with regulations on data privacy.

Gateway Anti-Spyware Scanning

WebMarshal offers technical and licensing integration with one of the market-leading anti-spyware scanner:CounterSpy. Marshal has worked closely with the developers of this products to deliver native, high-throughput DLL integration. You can choose to use one or both of these anti-spyware products, in addition to anti-virus scanners, to clearly classify potential threats. CounterSpy also offer automated updates to respond to evolving threats.

Because scanners are invoked within WebMarshal's flexible and convenient rule based access policies, you can choose how to deal with the reported threats: you can warn users, block pages and files, and/or classify sites. You can also make local exceptions if false positive results occur.

Marshal's Additional Layers Of Defense

Marshal's proprietary URLCensor (DNS Blacklist) and Filtering list integration (third party URL categorization) can also contribute to a full-featured defense against spyware.