Find White Papers
Home About Contact Help
Free Membership Member Login
Oct 13, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

The Spyware Epidemic: Dealing with 'Legal' Malicious Code

Aladdin
By : Aladdin
INFORMATION
Published : Nov 10, 2005
Length : 21
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

Spyware has made the transition from nuisance to a serious security and productivity threat in the business environment. Learn more about spyware and adware, and how eSafe can help you stay safe from it. In this Aladdin white paper you will discover:

  • An overview of spyware
  • Well-known as well as new security threats seen with spyware
  • The technical underpinnings to spyware
  • The technology challenges inherent in trying to block spyware
  • Spyware's legal issues.
View All Items By This Company
Browse Related Categories :

Anti Spyware

,

Email Security

,

Security
 

Spyware:

Why is Spyware a threat?

Many people believe an application that presents pop-up ads from time-to-time is nothing to worry about a nuisance at best. In reality, however, spyware is much more insidious. A single spyware application may do one, many, or all of the following:

- Gather private / personal information
- Steal copyrighted or confidential information, as well as passwords, bank account details, social security numbers, personal/business correspondence, and credit card information
- Create irreparable system instability
- Damage or interfere with legitimate applications operation
- Open a backdoor on infected systems
- Allow a spyware operator to take over an infected system


Why is Information Gathering So Dangerous?

In theory, the idea of a software application serving as a central depository for personal information sounds very useful and can make an online experience more convenient. Every site is personalized, and tedious form filling is spared when accessing information, shopping or doing business. In practice, however, information gathering code is almost exclusively used to maximize profit and to focus the marketing efforts of commercial sponsors. While a few applications are useful and serve only the intended purpose, many others hide their true nature using various guises and use the personal information collected usually without the user's awareness.

Home PC users are exposed daily to the threat of spyware on many of the sites they visit. Any software installed on the system can potentially be spyware if users don't take the time to read the EULA (End User License Agreement). Unfortunately, most never read it. "Today, more malicious spyware can easily infiltrate corporate firewalls," says Brian Burke, research manager for Security Products at IDC.

In the corporate environment the spyware problem is even more critical because users compromised by spyware are processing company information. This information can be as mundane as parking arrangements but might also include sensitive business or financial documents. Classified and proprietary information is usually worth more than a company can afford to lose. In the wrong hands, this information can cause catastrophic loss to any company. As a result, any information leaks should be dealt with utmost severity. Simply put, spyware should not be allowed into such an environment. It is the responsibility of the CSO or security administrator to make sure no unauthorized information leaves the corporate network unnoticed.

At times, a user might really trust a spyware application -- that the people behind it will not misuse the information they have in their hands. Even if this trust is justified, the following should be considered: The server holding this information could be hacked; the spyware operators may decide to share their database with a third party; the spyware's company can be sold or go bankrupt, etc. Once information leaves a user's system in an uncontrolled way, there's no telling where and how that information will be used.

Adware, Spyware Solutions:

Spyware and adware are advertisement-focused applications that, much like computer viruses, install themselves on systems with little or no user interaction. While such an application may be legal, it is usually installed without the user's knowledge or informed consent. A user in an organization could download and install a useful "free" application from the Internet and in doing so, unwittingly install a spyware component. The term 'spyware' is commonly used to describe both spyware and adware applications and will be used here to that extent for convenience.

Adware is a program that employs a targeted marketing technique. It usually monitors the user's activity on the net and displays advertisements based on this information. Adware applications connect to remote servers to download new ads and check for software updates for themselves. Users' details and online behavior are not shared or transmitted to these servers. Adware is similar to spyware in many aspects but is generally considered more "ethical".

Like adware, spyware applications monitor the user's Internet activity, commonly accessed sites, surfing habits and keywords used in search engines. The main difference between the two is that spyware relays this information to an external entity. This entity will then display pop-up advertisements or redirect the user's search to display advertisements related to the search term used. Some spyware will even go as far as hijacking the infected system's default browser.

Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map