How to tackle the spyware threat

Advice on stopping snooping software compromising corporate systems

Advice on stopping snooping software compromising corporate systems

Spyware is software that is installed without the user's permission and which covertly gathers and transmits data about how a computer is being used. On a corporate system, it can be a security risk and slowdown the network - and no computer connected to the internet is immune.

The following are recommendations on how IT managers should deal with the growing problem of spyware.

The first step is to carry out a health check on your systems to find out how big the problem is in your organisation. Specialist software packages can assess how much data is transmitted via spyware and which users are infected.

However, software writers often go to considerable lengths to hide the fact that their products include spyware, so it may not be immediately obvious whether there is any on a PC. Check the small print of the licence agreement before installing any freeware or shareware.

Organisations should also get into the habit of uninstalling any software that is not regularly used. Some of the most common spyware applications include Gator (also known as Gain), Bonzibuddy and Comet Cursor, each of which is included with many freeware and shareware products. If these products are mentioned in any of the programs you use, your computer is probably infected with at least one spyware tool.

Spyware programs are not viruses, so installing anti-virus software does not fully protect you from spyware. Check out the privacy policy on the websites of the software you use to find out what they use the collected information for.

Many spyware programs communicate through the same internet port as general web traffic, thus making it very difficult to block data transmission using a firewall. By using internet filtering software that includes a sophisticated spyware filter, you can stop programs from sending data back to their host servers.

It is also worth considering using software that automatically prevents users from downloading and running programs that contain spyware. It will also ensure that any spyware application already installed on the user's PC is unable to run, and thus stops it from transmitting confidential information.

IT managers should raise awareness about spyware across the business and help educate end-users about the risks it poses. This education should spread from the board down to the lowest tier of the organisation, as anyone who has access to computer equipment can be inadvertently putting the company at risk.

IT managers should also ensure that provisions for spyware are included in the company internet use policy. Spyware presents such a high risk to confidentiality and intellectual property that these responsibilities should not be delegated, and should be grasped before damage occurs.

Checking for spyware is in itself a challenging task. Some software will check and remove spyware from individual systems, but these often require manual effort. Spyware developers are always looking to circumvent spyware-checking programs so the IT department is always playing catch up. As with all security threats, a layered approach is recommended.

Frank Coggrave is UK regional director at Websense

Read more on IT risk management