Spyware

01/01/2012

 

Information Security and Compliance

 

In a new weekly series for Cambridge Network members, IT governance expert Alan Calder explains the ABCs of information security and compliance. This week he looks at Spyware.



The Threat


One of the big, global IT threats for 2005 is spyware. Anti-virus packages and firewalls do not really tackle spyware, which means that most stand-alone computers and many networks are not only exposed to this potent internet threat, but may already be infected.



How does it work?


Spyware is any software that, without your explicit consent, shares information about you with a third party on the Internet. Spyware has to be downloaded onto a computer; it won’t always wait for your consent. ‘Spyware’ is used also used as a generic term to cover everything from relatively harmless cookies (small data files by a Web site stores on a surfer’s computer and which contains information such as user preferences) through to stuff that deserves to be called ‘Scumware’: basic spyware, browser hijackers, Trojans, Trojan down-loaders and auto-dialers. It is usually hidden inside an adware bundle that is willingly downloaded alongside freeware, shareware or by mistake. It can also take advantage of software flaws to auto-install when surfing an infected Web site.



What effects does it have?



The effects of spyware include spam, uncontrollable pop-ups, more scum down-loads, unexpectedly high telephone bills, slow-running machines, frustration, reduced productivity and – for organizations – possible breaches of the data protection, human rights and privacy legislation.



What do we do about it?



Install and run anti-spyware software. If you’re a Microsoft user, there are a number of packages available. The simplest option right now (for Microsoft 2000 and up) is their new product, AntiSpyware. It’s still a beta version, but it’s available, free, from the Microsoft download site. It works. Download it, install it on all your computers and configure it in line with its recommended settings. Then run a scan and delete all the spyware it finds.

Its auto-protect, auto-scan and auto-update features should keep you safe going forward.



What else?


You’ll need a policy to deal with web downloads. It should be part of your user access agreement. Patches, anti-virus software and firewalls all need to be up-to-date. User training and awareness is essential.

Next week: Instant Messaging



Alan Calder’s company provides businesses with consultancy support and advice on governance and information security. Visit www.itgovernance.co.uk, e-mail alan@itgovernance.co.uk or telephone + 44 845 070 1750

PROTECT YOUR
BUSINESS
THIS WINTER