Unlike viruses, spyware is not usually self-replicating, but it is extremely contagious: a 2004 survey of global computer users by the National Cyber-Security Alliance suggested that more than 80 per cent of PCs are infected, and 89 per cent of those are unaware of the fact.

Spyware uses a number of methods to achieve its goals. The most worrying is the theft of personal information, including bank details and credit card numbers. The application records these and sends them over the internet to a collating site which can then cause serious financial damage.

Another application for spyware is the unauthorised and covert monitoring of visited web sites. Dubious operators, such as pornographers and spammers, will pay for user profiles that indicate patterns of behaviour, and spyware can access this information for free.

It can also coerce your PC into visiting sites or seeing advertisements, either by overriding URLs, or by allowing pop-ups to be delivered to your desktop. If the function of the malware is primarily advertising, it is usually called adware, although the premise is the same: an unsolicited application using your PC for non-approved purposes. The survey indicated an average of 93 spyware components per PC – a serious impact to performance.

Spyware can also have more malicious consequences. Often it will exploit vulnerabilities in Windows to achieve its goals, and open up your network to further attack. One type of spyware, which has recently been in the news, changes a PC’s dial-up preferences and can force a modem-equipped PC to phone a premium rate number – something often only noticed when the phone bill arrives.

Spyware does not use the standard route of infection used by viruses. Indeed, in the majority of cases, users actually install it themselves. Spyware often relies on the greed or the naivety of users for propagation – by pretending to be an application that offers specific benefits to the user, such as extended browsing facilities or PC optimisation, it almost begs the user to install it.

Another method is to guide the user into doing something on a web site or in a previously installed application which then downloads and installs the spyware. It can even be bundled with legitimate and solicited software, installing itself at the same time.

To make matters worse, a common practice of spyware is to actually modify system files so that it is almost impossible to remove the application without a dedicated anti-spyware program.

Although spyware may appear to be illegal, in most cases it does not break the law. This has led to a growth in spyware vendors, but there has been an equivalent growth in anti-spyware products in response, with applications such as LavaSoft’s AdAware.

As well as dedicated products, most firewall and anti-virus vendors have recognised the benefits of unified threat management, and have included spyware scanning software as part of their application suites. Vendors such as PrevX and Zone Labs can provide regularly updated applications that can proactively prevent spyware from running.

One problem with software that scans for known threats is that the list of known malware must be kept up to date on an almost daily basis. It is also possible to scan for suspicious behaviour in the same way as heuristic, or predictive, anti-virus software. However, there is a fine line – or no line at all – between acceptable behaviour and that of malware.

An alternative method of prevention is to have an application that enforces a white list – a list of applications that are safe to install – of permissible applications for each machine, which is the approach taken by SecureWave’s Sanctuary Application Control. This will not only stop spyware from installing or running, but will also prevent users from installing or downloading non business-related applications.

Spyware is a threat that is only just beginning to receive the attention it requires. To counteract the threat, network administrators should ensure that spyware detection software is installed and that scans are run on a regular basis.

But the simplest and most important method of defence is to think twice before pointing and clicking – you never know what might be lying in wait.

Analystview…

SPYWARE is pushing for top spot as the largest threat to business continuity and is one of the biggest dangers to business integrity and security protection.

Until recently, most anti-spyware solutions have been aimed at the consumer market, and many enterprise helpdesks do not have much of a clue when asked to deal with the problem.

Enterprise systems users are just as vulnerable as ordinary consumers, and we are now starting to see security vendors taking the spyware opportunity at corporate level more seriously.

Andrew Kellett, senior research analyst, Butler Group

We estimate that 20 to 40 per cent of helpdesk calls are related to unwanted adware and spyware programs and, until recently, security managers have had to make do with consumer tools.

Anti-virus vendors are taking more responsibility for these unwanted programs and the entry of anti-virus products into this market signals the beginning of the end for emerging independent

anti-spyware vendors.

But enterprises are reluctant to add to increasingly complex PC builds. Managing additional agents is difficult and – as anti-spyware and anti-virus agents have near identical functions – having two scan engines invites resource conflicts and performance problems.

Peter Firstbrook, research director, Gartner

Casestudies

Skipton Building Society

Skipton Building Society is the UK’s seventh largest building society.

When it decided to upgrade its IT infrastructure from a mainframe/dumb terminal environment to fully networked desktop PCs, security was paramount, especially given the sensitive nature of the data and the heavy penalties for misuse.

By implementing Reflex Magnetics’ Disknet Pro, Skipton was able to guard against all internal and external threats without compromising performance or adding overheads.

l www.computing.co.uk/2141065

Everton Football Club

Premiership club Everton FC has an annual turnover of nearly £50m and employs 280 permanent staff.

However, as a high-profile club, Everton faces a challenge in protecting its IT network from hackers and viruses. This is especially true of its Extra Time study centre, where care must be taken to make sure that schoolchildren using the facility are not exposed.

By implementing Websense Enterprise 5.5, the club has protected its entire network from attack.

l www.computing.co.uk/2141066

www.antispywarecoalition.org

The Anti-Spyware Coalition (ASC) is a group dedicated to building a consensus on definitions and best practices in the debate about spyware and other potentially unwanted technologies.

www.spywareonline.org

Spyware Online offers free advice and information about spyware and adware, as well as reviews of anti-spyware and anti-adware applications.