Webroot, the makers of Spy Sweeper, are claiming that 8 out of 10 corporate PCs are infected with Spyware. Wow! That's a significant amount of computers. Looking at my personal experience troubleshooting and repairing computers, I have to agree with them.
Before we go to deeply, let's define Spyware. According to Spyware Guide, Spyware is: "Spyware covertly gathers user information and activity without the user's knowledge. Spy software can record your keystrokes as you type them, passwords, credit card numbers, sensitive information, where you surf, chat logs, and can even take random screenshots of your activity. Basically whatever you do on the computer is completely viewable by the spy. You do not have to be connected to the Internet to be spied upon."
So, spyware are little programs that run behind the scenes, and are able to record my keystrokes, or possibly take screenshots of what I am doing, and log them somewhere on the hard drive. Then, when I connect to the internet, it will quietly transmit the data to someone out there in the wild.
That bothers me.
How do people get spyware? Off of websites mainly, when they download various programs to see what they do, or perhaps a utility that has a hidden payload (often called a trojan horse). It is also possible to get Spyware from email sources, or from Instant Message clients, such as AIM or Yahoo that feature access to the file system. Little scripts that popup a window can mislead the user into confirming an installation, and whammo the code is suddenly executing. Hooks are available to Microsoft Windows to protect the newly-installed module, so that it is not easy to remove.
8 out of 10 corporate desktops have spyware on them. So what steps are companies taking to limit spyware? Not sure. But here are some tips:
* Think of spyware as a computer virus. This means scanning of machines on a regular basis, and updating the definition files. Intensify your efforts on laptop computers that connect to other networks, especially wireless events where everyone joins one big network and files zip around.
* Educate your user community about spyware. Advise them that there is no such thing as something free on the internet. Those free create-a-card sites could be sources of spyware / adware that are against the productive principles of your business.
* Keep your Windows up to date patchwise, either by using Windows Update, or ask your network administrator about installing a SUS server.
* Realize that antivirus vendors such as Norton and McAfee might not necessairly be scanning for spyware. Use the right tool for the right job!
Other OS's, such as Macintosh and Linux, do not seem to have an active Spyware community... yet. Windows based "products" will not function inside these environments, but all it would really take is some dedicated folk to re-design the program for Mac and Linux, especially if you use your root accounts as your daily presence on the machine, which is a bad idea.
Christian