Security

3 Questions: Beware the attack of spyware

Learn what businesses should do for baseline protection against spyware.


By Carl Weinschenk

With Roger Thompson, vice president of development,Pest Patrol. As if viruses, zombies, Trojans, and other assorted malicious software weren't enough, businesses of all sizes need to worry about spyware. This is a big category, ranging from legal software aimed at tracking the sites a user visits to illegal programs that can capture passwords, screen names, and keystrokes.

This interview originally appeared in the IT Business Edge weekly report on Optimizing Infrastructure. To see a complete listing of IT Business Edge weekly reports or sign up for this free technology intelligence agent, visit www.itbusinessedge.com.

Question: You don't hear quite as much about spyware as viruses and spam. But it is a corporate problem. What do companies need to be aware of?

Thompson: They need to be aware that there is a whole class of software out there that is not overtly dangerous—in other words, not a virus and not a worm—but is basically watching what you do. Maybe you don't care or maybe you do. In the same way that spam can clog your computer and is a bloody nuisance, this stuff can clog your computer and be a nuisance. You need to be aware that unlike viruses, where one guy probably is writing it, there's a whole team of people writing this stuff. There's a reason they are doing it—they make money. Apart from the fact that it clogs your computer, which is a pretty good start, it can also be a nuisance as it serves up ads quite aggressively to you, pop-up ads, and you have to click to close on a bunch of ads before you can get to work.

Question: Aren't there two categories: legal and annoying and illegal and dangerous?

Thompson: The commercial stuff is unlikely to log your keystrokes. The whole spyware/adware thing runs the gamut from stuff that is overtly bad like key loggers…to stuff that simply tracks which Web pages you are going to. [Illegal spyware] will log your passwords, Social Security number, credit card number, and eventually send them off to the mothership, whatever the mothership is. It might be a kid in Canada; it may be the Russian mafia.

Question: What should businesses do for baseline protection?

Thompson: They have to keep it off their systems somehow. They have to keep antivirus software or software like Pest Patrol that's also up to date. There is some overlap between antivirus software and spy-control software. Everyone wants to detect the key loggers, so antivirus software will detect some and antispyware will detect some. As long as antivirus is up to date, you are probably pretty protected from key loggers, [but] the antivirus software doesn't do much with the commercial spyware.

Editor's Picks

Free Newsletters, In your Inbox