|
Spyware is but the latest in a long list of Internet threats facing individuals and organizations alike. While it may sound relatively innocuous, spyware is the culmination of years of hacking development by cyber criminals. Spyware does more than just spy; it records and reports back specific information about the computer it infects. Under the right circumstances, and lacking adequate security precautions, spyware can infect a corporate host system as easily as a PC in a private home.
Spyware is any software application that, without the user's knowledge, collects information about the system it resides on and reports that information back to a third party. Estimates concerning the percentage of computers infected with spyware ranges from a relatively low 20 percent according to PC Pitstop, to a high of 80 percent in a 2004 study by AOL and the National Cyber Security Alliance.
Spyware is a modern version of organized crime in the 1920s, and one of the latest attempts by those working outside ethical, if not legal boundaries, to take advantage of Internet users. By hook or by crook, spyware purveyors have carved a niche for themselves that has yet to be seriously challenged on the legislative front.
Why is Spyware a Hot Security Issue?
Spyware is at best a nuisance and at worst, a serious security threat that puts every piece of information an organization maintains at risk. In a matter of minutes, a single spyware application can perform a number of damaging actions, including:
- Install a back-door into a computer system for hacker access.
- Search for and steal bank account information, tax records, social security numbers, credit card information, corporate financial records, confidential and proprietary business records, etc.
- Open an organization up to lawsuits and government scrutiny over privacy violations.
- Delete or modify registry settings on a host computer, either disabling the setting, or interfering with certain functions within the registry.
- Turn off security software (or any software), or prevent applications from updating themselves to fix critical security holes.
- Take over external hardware, including Web cams.
Spyware Delivery Methods
Spyware comes in many forms and varies in intention from simple tracking to outright theft. If gauged on a scale ranging from ethical to unethical, the different shades of spyware would show up along all points on the scale.
Personalization Cookies
Not all software that collects and relays information back to a third-party is spyware in the traditional sense of the word. Also, not every piece of information identified as spyware by various anti-spyware software, is present against the user's wishes. Good examples of this are personalization cookies.
Personalization cookies are identification markers placed on a user's computer when the user visits a Web site. They are generally identified as spyware by anti-spyware software, but they are an industry-accepted method for visitor tracking. Personalization cookies enable Web sites to automatically populate forms with user information and help e-commerce sites track shopping habits.
Many people consider personalization cookies a time-saving device and don't consider them a violation of privacy or a breach of ethics.
Tracking Cookies
Tracking cookies are deposited in the same manner as personalization cookies, but they actually track, monitor and report on the user's Internet usage habits.
To Accept or Not?
Most Web browsers allow the user to regulate how their browser accepts cookies. There are typically different levels of cookie blocking and acceptance, ranging from accepting all cookies at the lowest setting, to blocking all cookies at the highest setting.
For the toughest security in dealing with cookies, users should maintain a high security setting whenever possible. This works well for general browsing, but most e-commerce Web sites require lower security settings if the user wants to make a purchase or submit any type of information. Currently, browsers cannot differentiate between personalization and tracking cookies.
Trojans
Trojans are applications that access a user's system without the user's knowledge, and with the intent to cause damage. E-mail is most often the delivery and installation method for Trojans. In addition to changing or deleting registry settings and other critical system files, Trojans can shut down installed security software, opening the door for more attacks.
|
