Just as fast as you secure your network, either hackers or legitimate businesses will be trying to find a way to dig into your company’s data. One of the latest security threats that network administrators face comes from adware and spyware. Although spyware and adware are not supposed to be malicious, they can allow important data to escape from your network by bypassing security you’ve placed on your network firewalls. Here’s what you can do about this security breach.
What are adware and spyware?
There are so many different types of spyware and adware that it is difficult to pin down a specific definition. Generally speaking, spyware is software that’s designed to transmit information about your network to someone on the outside. Typically, spyware might transmit things like passwords, information about your operating systems, network share information, or even information about your domain structure.
Adware, on the other hand, is typically used to place ads on your computer. For example, suppose you're bombarded with pop up ads when you visit a particular Web site. If you’re visiting a well-known Web site from a legitimate company, there’s a good chance that those pop up ads might not have come from that company at all. It could be that some adware running in the background is generating the ads and displaying them as if they were a part of the company’s Web site.
Some adware programs blur the line between adware and spyware by actually collecting information on which Web sites a PC visits, then sending that information to someone who uses the information for advertising purposes.
There are several utilities you can download that will help you to detect and remove adware from your system. One of the most comprehensive adware removal programs is Lavasoft’s Ad-aware. You can download Ad-aware for free through the download section of the Lavasoft Web site.
As you can see in Figure A, Ad-aware is similar to an antivirus program, but is designed to spot adware instead of viruses. Like any good antivirus program, Ad-aware can be configured to scan Windows on boot up, and you can custom configure many of the scanning options.
As you can see in Figure B, during a week’s time, 41 adware components had found their way onto this machine. Most of these were in the form of cookies, but there were other types of adware present on the system as well. If all of this was on the system after a week of not being scanned, imagine how much adware could potentially exist on machines that have never been scanned.
There are lots of utilities that are designed to spot spyware as well as various types of malicious Trojans. One of my favorite utilities for spotting Trojans is a utility called NetBarrier 2003 from Intego.
NetBarrier 2003 is designed to act as a personal firewall. I’ll talk about the product’s firewall capabilities in a minute, but first, I want to show you NetBarrier’s built-in utility that’s designed to detect Trojans. To access this module, simply click the Firewall button, then select the Trojans tab. You’ll see a list of known Trojans along with options for enabling Trojan detection, as shown in Figure C. What I like about this particular utility is that you can update its list of Trojans.
You probably noticed in Figure C that NetBarrier 2003 has a lot of features, including various privacy and antivandal mechanisms. I’ve worked with NetBarrier 2003 extensively, and it is truly an excellent product. Even so, using NetBarrier 2003 isn’t really enough to completely safeguard your network against all Trojans.
I have NetBarrier 2003 running on all of my computers. The program is set up to detect Trojans and act as a personal firewall. Between these features and the antivandal features, it’s very difficult for a hacker or a Trojan to exploit an individual PC. However, I also rely heavily on my parameter firewall. The biggest difference between my configuration and the configuration most people use is that, rather than using my firewall as my first line of defense or my only line of defense, my parameter firewall is my last line of defense (from the standpoint of outbound traffic).
I work hard to secure each of my PCs to ensure that they don’t become vulnerable in the first place. I also use the NetBarrier firewall to control what types of packets the PCs are allowed to transmit. I then configure my parameter firewall to block outbound traffic on most TCP and UDP ports. The only ports that I’ve left open were those required for common functions, such as sending e-mail.
If you’re wondering why I even bother guarding my perimeter firewall against outbound traffic if I’ve got NetBarrier 2003 in place, it’s because it’s always possible that someone could shut down NetBarrier or that NetBarrier could malfunction. I also have devices on my network that aren’t capable of running the Windows version of NetBarrier and could potentially be exploited.
Advanced Trojan detection
If you use NetBarrier to detect spyware, use Ad-aware to detect adware, and use NetBarrier in combination with your parameter firewall, you’ll stand a very good chance of winning the war against spyware and adware. However, there is always the chance that a Trojan could exist for which NetBarrier doesn’t have a definition. This is similar to what happens when a new virus comes out. Until your antivirus software has its virus definitions updated, you’re vulnerable to the virus. Likewise, if your PC gets infected by a Trojan that NetBarrier is unaware of, you’re vulnerable until a new Trojan definition update has been received. During that time your PC could have already disclosed a lot of sensitive information.
Fortunately, NetBarrier has a feature that can help you to detect unknown Trojans. NetBarrier displays a pop-up message any time a program tries to send outbound traffic (see Figure D).
|NetBarrier alerts you to outbound traffic.|
As you can see, NetBarrier displays the file that was transmitting the data and the port that was being used. You then have the option of blocking the action. When I initially installed NetBarrier, I was flooded with these warnings. You might have noticed in the figure that you have the option of suppressing future warnings about the specific transmission. If you suppress the warning messages related to normal network activity, then you’ll only see messages related to unusual activity. This can help you to spot Trojan activity before any sensitive information can be disclosed.
Still another way that you can spot suspicious activity is by monitoring bandwidth consumption. In Figure E, you can see NetBarrier’s mechanism for monitoring bandwidth. Although the screen is configured to show Web, FTP, and Mail traffic, there are actually dozens of different predefined traffic types that you can monitor. To put it bluntly, NetBarrier 2003 makes it possible to know exactly what your PC is doing with its network connection.