Is someone using spyware to monitor how your employees are using their computers?

Spyware on a corporate system can be a risk to security and is slowing down bandwidth

Spyware on a corporate system can be a risk to security and is slowing down bandwidth

Do you know what your company's computers are doing right now? Apart from being used to run your business, what else are they up to behind your back?

Are there programs running silently in the background, monitoring employee activity and sending confidential information about your company back to other organisations? Unbelievable though it may sound, this is indeed the case.

A report by IT analyst firm the Aberdeen Group said that there are more than 7,000 "spyware" programs in existence, running on millions of corporate and personal computers.

The term spyware is given to software that is installed without the user's permission and which covertly gathers and transmits data about the usage of the machine.

No computer linked to the internet is immune. A spyware program is not technically a virus so most anti-virus scanners do not attempt to stop it. Spyware does not exploit bugs in Windows, so installing the latest Microsoft security patches will not prevent it.

Spyware gets into a PC by being bundled with legitimate products. If you download and install any of the best-known file sharing applications, for example, you have no choice but to accept the spyware that it also installs and through which the free services are often funded.

Once installed, spyware starts monitoring the way the computer is used and feeds back the information to the website operators which have often sponsored the program's distribution. The site operators want to understand precisely how a visitor travels through their site, which other sites are visited and for how long.

They also want to know which applications are installed on the user's computer, and where he or she is based. This can be gathered from the user's e-mail address or the phone number programmed into the modem.

The spyware distributors then use this information to present staff with adverts for products, based on the research. The database of usage statistics is sold to other marketing companies and spammers.

Not only is this an invasion of privacy, it can also be a security risk. Do you really want a collection of large marketing organisations to know everything your employees are using the internet for? For example, if staff are researching new products or sending e-mails to potential clients, is it acceptable for details of such activity to be disclosed to all and sundry?

Poorly written spyware programs can, and often do, cause PCs to crash and networks to slow down. Sending this data back to the database also takes time and consumes network bandwidth, thus slowing down your web surfing and e-mailing. This can cost you money if you are paying for network bandwidth according to total or peak usage.

At present, the legal situation regarding installing spyware without the computer user's permission is a grey area. There is, however, a move afoot in the US to force software authors to declare up-front if installing their program will also install spyware.

Many programs already do this, but the details are buried in the small print of a long, complicated online licence agreement that most people agree to with a single click without bothering to read.

Frank Coggrave is the UK regional director of Websense

Read more on Antivirus, firewall and IDS products