By Mike Mullins
Spyware (a.k.a., adware) is typically bundled with shareware and includes a mechanism for tracking your online behavior and reporting it to a centralized server. The centralized server builds a profile of your browsing characteristics and serves advertising and pop-ups that suit your online habits.
It isn't a bad concept: Instead of bombarding you with random advertisements, someone somewhere decided to let you develop your own advertising profile and then feed you ads that are targeted to your online behavior. However, bad idea or good, spyware has no place on the company's LAN.
The best way to remove spyware is to not allow it in the first place. Don't load shareware or freeware on production machines. Also, instruct your users to avoid Web advertisements. Some spyware can be loaded simply by clicking on a Web advertisement in a browser. Since your company's LAN is for company business, block known advertisement sites. Blocking these sites has the added benefit of increasing available bandwidth to the Internet for your users.
The best way to block ad sites is to send the ad request from your Web browser to the host machine's loop-back address. To do this, add a 127.0.0.1 bad_ad_site.com entry in the host file of every machine on your network. Then, when a Web page contains a reference to an ad located on the bad_ad_site.com server, your browser will first consult the hosts file to locate the IP address before sending a DNS request for the ad site content. The request for content will appear blank in the browser, so no cookies or spyware will be loaded or accessed.
Rather than spending months developing your own list of ad servers to enter into your hosts file, you can use Gorilla Design Studio's list, which contains over 17,000 entries.
What do you do if your machines are already infected with spyware? Check your clients and servers regularly for spyware entries, and regain control over network security by deleting all traces of the rogue programs.
You'll need a tool to remove the programs, cookies, and harmful registry entries on spyware-infected machines. I prefer Ad-aware Professional from LavaSoft. This tool removes spyware and provides real-time protection from an impressive list of spyware programs.
Removing spyware programs is essential to regaining control over your network security.
Spyware and adware-blocking programs have really matured. Take advantage of them for removing spyware and adware. However, if you find either spyware or adware on your company network, you have a much larger problem. Users should not be able to download and install programs containing these in the first place.
Before purchasing software to stop or block spyware or adware, take a look at the policy that allowed it to land on your machines. Software add-ons aren't a cure for poor or lax security. Improve security by crafting a comprehensive group policy on software installation and Internet Explorer policy settings.
Stop providing valuable information about your LAN and your users, and regain control of your network. Block all advertisements and don't dilute the administrative right to install programs. Users aren't responsible for network security; we are.
Mike Mullins has served as a database administrator and assistant network administrator for the U.S. Secret Service. He is a Network Security Administrator for the Defense Information Systems Agency.