Preventing spyware in your business

Tips & Hints

31 March 2005

Spyware is the biggest problem currently facing Windows computer users. Some experts estimate 80% of PCs have some sort of infection. This problem is serious for all users, but for businesses the risks are greater, as the offensive nature of many popups and messages can create staff and legal problems.

What is spyware?

Spyware is the generic term the industry uses for software that installs without the users knowledge or consent. Usually this software is designed to monitor usage, hence the spyware term. The usage details are often used to feed advertising to the system.

While privacy is a concern with these programs, the main problem is how they interfere with the operation of a computer. Often a computer grinds to a halt under the weight of these programs. Another serious issue is the often offensive advertising that appears on the computer.

How does it get onto systems?

Visiting websites with spyware embedded is the most common way of being infected, pornographic sites are a common culprit, but games, music and entertainment sites are also often infected. Spyware also finds its way onto a system through free programs required to play games or view images. Some legitimate programs have spyware included as part of the package.

Many of these programs ask permission before installing. Often, the user is not aware that by clicking yes, spyware will be installed. It’s important that users check before agreeing to install any software on their systems.

Different systems

All systems have the potential to be infected by these programs. However Windows users using Internet Explorer are by far the most vulnerable to spyware. Windows users should use an alternative browser, such as Firefox or Opera, however they still need to take care in their surfing habits.

Corporate issues

For businesses, there is more at stake than the home user. For what is an irritant on a home PC, can involve loss of income or personnel issues on a business system. It’s therefore important that business do all they can to reduce the risk of infection.
  1. Usage policies
    Management should institute policies that make it clear surfing to non-work related websites is unacceptable. An acceptable usage policy should be signed by all computer users. This is an aspect outside the scope of IT administrators and should be implemented by HR.
  2. Server security
    The integrity of a server is paramount. Users should have permissions only to execute, not modify programs on the server. Data files should be scanned for viruses and spyware every day.
  3. Filtering
    A firewall is important to network security. While a firewall will not stop spyware getting onto computers, it can be used to block non work related sites being accessed. A firewall should be chosen that has the facility to update lists of inappropriate sites.
  4. Network spyware blocker
    Because a firewall cannot filter spyware, it’s important to have software based spyware protection. Having centrally managed and updated spyware protection reduces the risk of unprotected systems causing problems on the network. These programs are different to anti virus programs but do work in a similar manner.
  5. Desktop spyware blocker.
    The desktop computer is where spyware will be first encountered. Given the bulk of spyware relies on security flaws in Windows, it’s important to have desktop protection. We recommend the Microsoft AntiSpyware tool is installed on all Windows 2000 and XP systems.

  6. Minimise Internet Explorer usage
    While no browser is immune from spyware, Internet Explorer is by far the most vulnerable. We recommend using Firefox or Opera for day-to-day web browsing. Some legitimate sites only work on Internet Explorer, so it can’t be completely abandoned.

Spyware is a major problem for all computer users. For businesses the risks are much greater. While we cannot ensure all machines are immune from infection, it is possible to reduce the danger of infection.
PC Rescue Pty Ltd, Suite 236, 4 Young Street Neutral Bay NSW 2089
ABN 36 082 635 765
ęPC Rescue Pty Ltd, 2008