 |  |  |  |  |  |  |  |
Corporate PC Spyware Infections
Webroot, the makers of Spy Sweeper, are claiming that 8 out of 10 corporate PCs are infected with Spyware. Wow! That's a significant amount of computers. Looking at my personal experience troubleshooting and repairing computers, I have to agree with them.
Before we go to deeply, let's define Spyware. According to Spyware Guide, Spyware is: "Spyware covertly gathers user information and activity without the user's knowledge. Spy software can record your keystrokes as you type them, passwords, credit card numbers, sensitive information, where you surf, chat logs, and can even take random screenshots of your activity. Basically whatever you do on the computer is completely viewable by the spy. You do not have to be connected to the Internet to be spied upon."
So, spyware are little programs that run behind the scenes, and are able to record my keystrokes, or possibly take screenshots of what I am doing, and log them somewhere on the hard drive. Then, when I connect to the internet, it will quietly transmit the data to someone out there in the wild.
That bothers me.
How do people get spyware? Off of websites mainly, when they download various programs to see what they do, or perhaps a utility that has a hidden payload (often called a trojan horse). It is also possible to get Spyware from email sources, or from Instant Message clients, such as AIM or Yahoo that feature access to the file system. Little scripts that popup a window can mislead the user into confirming an installation, and whammo the code is suddenly executing. Hooks are available to Microsoft Windows to protect the newly-installed module, so that it is not easy to remove.
8 out of 10 corporate desktops have spyware on them. So what steps are companies taking to limit spyware? Not sure. But here are some tips:
* Think of spyware as a computer virus. This means scanning of machines on a regular basis, and updating the definition files. Intensify your efforts on laptop computers that connect to other networks, especially wireless events where everyone joins one big network and files zip around.
* Educate your user community about spyware. Advise them that there is no such thing as something free on the internet. Those free create-a-card sites could be sources of spyware / adware that are against the productive principles of your business.
* Keep your Windows up to date patchwise, either by using Windows Update, or ask your network administrator about installing a SUS server.
* Realize that antivirus vendors such as Norton and McAfee might not necessairly be scanning for spyware. Use the right tool for the right job!
Other OS's, such as Macintosh and Linux, do not seem to have an active Spyware community... yet. Windows based "products" will not function inside these environments, but all it would really take is some dedicated folk to re-design the program for Mac and Linux, especially if you use your root accounts as your daily presence on the machine, which is a bad idea.
Christian
Before we go to deeply, let's define Spyware. According to Spyware Guide, Spyware is: "Spyware covertly gathers user information and activity without the user's knowledge. Spy software can record your keystrokes as you type them, passwords, credit card numbers, sensitive information, where you surf, chat logs, and can even take random screenshots of your activity. Basically whatever you do on the computer is completely viewable by the spy. You do not have to be connected to the Internet to be spied upon."
So, spyware are little programs that run behind the scenes, and are able to record my keystrokes, or possibly take screenshots of what I am doing, and log them somewhere on the hard drive. Then, when I connect to the internet, it will quietly transmit the data to someone out there in the wild.
That bothers me.
How do people get spyware? Off of websites mainly, when they download various programs to see what they do, or perhaps a utility that has a hidden payload (often called a trojan horse). It is also possible to get Spyware from email sources, or from Instant Message clients, such as AIM or Yahoo that feature access to the file system. Little scripts that popup a window can mislead the user into confirming an installation, and whammo the code is suddenly executing. Hooks are available to Microsoft Windows to protect the newly-installed module, so that it is not easy to remove.
8 out of 10 corporate desktops have spyware on them. So what steps are companies taking to limit spyware? Not sure. But here are some tips:
* Think of spyware as a computer virus. This means scanning of machines on a regular basis, and updating the definition files. Intensify your efforts on laptop computers that connect to other networks, especially wireless events where everyone joins one big network and files zip around.
* Educate your user community about spyware. Advise them that there is no such thing as something free on the internet. Those free create-a-card sites could be sources of spyware / adware that are against the productive principles of your business.
* Keep your Windows up to date patchwise, either by using Windows Update, or ask your network administrator about installing a SUS server.
* Realize that antivirus vendors such as Norton and McAfee might not necessairly be scanning for spyware. Use the right tool for the right job!
Other OS's, such as Macintosh and Linux, do not seem to have an active Spyware community... yet. Windows based "products" will not function inside these environments, but all it would really take is some dedicated folk to re-design the program for Mac and Linux, especially if you use your root accounts as your daily presence on the machine, which is a bad idea.
Christian
0
•
•
•
•
If that's so then there's a severe problem with network security in most companies.
I'd even go as far as to say that if that number is correct then just about EVERY machine outside the financial and insurance sector (and possibly a small part of the IT sector) is infested, something I find rather hard to believe.
The main thing here is to implement a strict policy against the downloading and installation of non-approved software (and the use of non-approved files in general) on company machines.
This works well in concert with anti-piracy measures.
Rule #1: NO MP3s.
Rule #2: NO downloading and installing software on your own (I know I do it myself but I only install stuff I certify being clean, something I know how to do but the average person does not). If you want something, ask systems management who will then install it for you (or supply you with the installer) if the application if safe to use.
Rule #3: if you break rules #1 or 2, your internet access rights are revoked and your email account is blocked from receiving email from outside the LAN. First transgression, 1 week. Second, 1 month. Third, permanent.
Rule #4: these rules apply to everyone, especially management (who are often the most computer illiterate people in a company).
I'd even go as far as to say that if that number is correct then just about EVERY machine outside the financial and insurance sector (and possibly a small part of the IT sector) is infested, something I find rather hard to believe.
The main thing here is to implement a strict policy against the downloading and installation of non-approved software (and the use of non-approved files in general) on company machines.
This works well in concert with anti-piracy measures.
Rule #1: NO MP3s.
Rule #2: NO downloading and installing software on your own (I know I do it myself but I only install stuff I certify being clean, something I know how to do but the average person does not). If you want something, ask systems management who will then install it for you (or supply you with the installer) if the application if safe to use.
Rule #3: if you break rules #1 or 2, your internet access rights are revoked and your email account is blocked from receiving email from outside the LAN. First transgression, 1 week. Second, 1 month. Third, permanent.
Rule #4: these rules apply to everyone, especially management (who are often the most computer illiterate people in a company).
0
•
•
•
•
I'm not sure I can agree with that statistic. It reminds me of what John McAfee did back in the day, when the first major virus hit corporate computers; he basically wrote an article that greatly exaggerated (something like tenfold) the monetary losses to businesses, thereby creating a scare that catapulted his software into the lead among a slew of fairly equal, but mediocre, antivirus products.
I'm not saying the problem is not a real problem, but my experience doesn't bear out that statistic. Sounds like Webroot is trying to take advantage of its popularity to "scare' up some increased revenues, a tactic I find detestible!
Basically, it's really unnecessary to PAY for their product (or anyone else's for that matter) anyway; the free ones and a dose of common sense (education in some cases) would be just as effective, and preferable to paying up every, single, year. I strongly advise against paying for any functionality that can be had for free; it just doesn't make sense.
Like jwenting says, a strong (and enforced) set of policies would also be better than the false sense of security many people get lulled into just because they have some software product. I wish I had a few dollars for every time I have had to inform someone of a spyware infection who responded with something like "No! That's impossible; I have SpySweeper, so it CAN'T be spyware!"
I'm not saying the problem is not a real problem, but my experience doesn't bear out that statistic. Sounds like Webroot is trying to take advantage of its popularity to "scare' up some increased revenues, a tactic I find detestible!
Basically, it's really unnecessary to PAY for their product (or anyone else's for that matter) anyway; the free ones and a dose of common sense (education in some cases) would be just as effective, and preferable to paying up every, single, year. I strongly advise against paying for any functionality that can be had for free; it just doesn't make sense.
Like jwenting says, a strong (and enforced) set of policies would also be better than the false sense of security many people get lulled into just because they have some software product. I wish I had a few dollars for every time I have had to inform someone of a spyware infection who responded with something like "No! That's impossible; I have SpySweeper, so it CAN'T be spyware!"
0
•
•
•
•
err... uummm......
People, how could you NOT agree with the statistic. Basically, every system which uses Internet Explorer for web browsing has spyware on it, no matter how stringent the security protection has been. Almost every system which uses Internet Explorer for web browsing does not also have adequate spyware detection, removal, and real-time protection installed and operating.
Since about 80% of desktop systems use Internet Explorer for web browsing, the figure is a natural one to expect.
Another little 'fact and figure' bit of info to consider:
I regularly access numerous technical websites during the course of my work as an IT journalist. On most websites where ordinary PC users who are knowledgeable enough to seek assistance with correcting their own PC-related problems visit, you find poll results consistently demonstrate a better than 50% Firefox usage. On the more 'professional' help sites, where Corporate users and people from 'professions' seeks assistance, you consistently find that the level of Internet Explorer usage is higher. I'm sorry, I haven't got any 'facts and figures' published studies to back up that claim - it's been derived from my observations over time.
But Internet Explorer = Inevitable spyware infestaion.
In my opinion, Christian neglected to include the most important tip of all:
* If the PC is to be used for web browsing, install a suitable alternative web browser and set it as default. Insist on its usage for all website access other than that which SPECIFICALLY requires the use of Internet Explorer!
People, how could you NOT agree with the statistic. Basically, every system which uses Internet Explorer for web browsing has spyware on it, no matter how stringent the security protection has been. Almost every system which uses Internet Explorer for web browsing does not also have adequate spyware detection, removal, and real-time protection installed and operating.
Since about 80% of desktop systems use Internet Explorer for web browsing, the figure is a natural one to expect.
Another little 'fact and figure' bit of info to consider:
I regularly access numerous technical websites during the course of my work as an IT journalist. On most websites where ordinary PC users who are knowledgeable enough to seek assistance with correcting their own PC-related problems visit, you find poll results consistently demonstrate a better than 50% Firefox usage. On the more 'professional' help sites, where Corporate users and people from 'professions' seeks assistance, you consistently find that the level of Internet Explorer usage is higher. I'm sorry, I haven't got any 'facts and figures' published studies to back up that claim - it's been derived from my observations over time.
But Internet Explorer = Inevitable spyware infestaion.
In my opinion, Christian neglected to include the most important tip of all:
* If the PC is to be used for web browsing, install a suitable alternative web browser and set it as default. Insist on its usage for all website access other than that which SPECIFICALLY requires the use of Internet Explorer!
0
•
•
•
•
Certainly not true Cat, can't you post one thing without your Microsoft hatred showing through?
If people don't use P2P software to download pirated music, movies, and software, and don't go around to hacker sites and such, they're unlikely to ever get spyware if they're also careful to not install every piece of crap they get sent over email or download somewhere (which a strict policy and education would help ensure).
Your assumption that "every machine using IE is infested with spyware" would only hold ground if every website in existence tried to install spyware on your machine, something that's blatantly false.
Your assumption that "smart" people mostly use Firefox is also completely unfounded. The figure can be easily reached by very carefully selecting the target audience of your polls and massaging the results.
So your basic assumption that "Microsoft is evil" has nothing to do with the subject under discussion, so leave it at home (or rather burry it as it's getting very old indeed) and don't make yourself look like an idiot slashdotkiddo.
I know you're smarter than that.
If people don't use P2P software to download pirated music, movies, and software, and don't go around to hacker sites and such, they're unlikely to ever get spyware if they're also careful to not install every piece of crap they get sent over email or download somewhere (which a strict policy and education would help ensure).
Your assumption that "every machine using IE is infested with spyware" would only hold ground if every website in existence tried to install spyware on your machine, something that's blatantly false.
Your assumption that "smart" people mostly use Firefox is also completely unfounded. The figure can be easily reached by very carefully selecting the target audience of your polls and massaging the results.
So your basic assumption that "Microsoft is evil" has nothing to do with the subject under discussion, so leave it at home (or rather burry it as it's getting very old indeed) and don't make yourself look like an idiot slashdotkiddo.
I know you're smarter than that.
0
•
•
•
•
Oh goodness. There are some incorrect assumptions in that effort!
I'm a Windows user, I write about Windows systems for a living, I use mostly Microsoft products, I adviocate the use of built-in features such as the 'Camera and Scanner Wizard' and the 'CD burning Wizard' for preference over commercial software in most instances. There's no 'Microsoft hatred' involved in acknowledging that one particular piece of the software bundled is somewhat flawed.
the nastier and more extreme intruders are usually acquired in that fashion, but the vast majority of unwanted intruders are simple bandwidth leeching annoyances which get installed simply by viewing websites with systems which are not adequately secured. And the majority of systems sitting on Corporate desktops are just that - default installs, basically!
Bung a default install of XP Pro on a system. Install all the 'security' updates. Then browse the web for a week, avoiding porn sites, warez sites and all the 'nasty' corners of the internet, doing such everyday stuff as reading news, checking eBay auctions, doing a bit of online shopping, reading Advertising supported websites etc. etc. All in Internet Explorer of course. you know the activity I mean - the sort of thing that just about every coerporate worker does in the boss's time!
Then run AdAware, Spybot, and Microsoft Anti Spyware Beta over the system and see what you find. Hundreds if not thousands of little leeching intruders, and more than likely the odd 'nastier' one in amongst them. All from simple browsing! Do the same in Firefox and the results will be quite different! It's simple observation, not product prejudice.
No result massaging necessary. Compare the results of viewer/reader contributions to sites such as this one to the results of similar website contributions by viewers/readers elsewhere. The assumption that aent' was being made is your own interpretation. The comment simply compared people from differing fields of activity.
I'd not like to see News article discussion descend into argument here. Considering that the comments I made constitute 'Microsoft hatred' is completely unwarranted.
•
•
•
•
can't you post one thing without your Microsoft hatred showing through?
•
•
•
•
If people don't use P2P software to download pirated music, movies, and software, and don't go around to hacker sites and such, they're unlikely to ever get spyware if they're also careful to not install every piece of crap they get sent over email or download somewhere (which a strict policy and education would help ensure).
•
•
•
•
Your assumption that "every machine using IE is infested with spyware" would only hold ground if every website in existence tried to install spyware on your machine, something that's blatantly false.
Then run AdAware, Spybot, and Microsoft Anti Spyware Beta over the system and see what you find. Hundreds if not thousands of little leeching intruders, and more than likely the odd 'nastier' one in amongst them. All from simple browsing! Do the same in Firefox and the results will be quite different! It's simple observation, not product prejudice.
•
•
•
•
Your assumption that "smart" people mostly use Firefox is also completely unfounded. The figure can be easily reached by very carefully selecting the target audience of your polls and massaging the results.
I'd not like to see News article discussion descend into argument here. Considering that the comments I made constitute 'Microsoft hatred' is completely unwarranted.
0
•
•
•
•
oops! Apologies for the typos in that. Unfortunately there's no 'Edit' button for added comments 
0
•
•
•
•
I was simply mirroring the point of view of the original poster, who indicated that his experience seemed to bear out the statistic. Mine does not.
It really comes down to whether or not you BELIEVE the statistic, and I don't. The reason I don't is because I deal with perhaps 40 different computers on a daily basis, and I just don't see that number of them with spyware.
Remember a few months ago that Symantec warned up to prepare for the impending barrage of attacks directly against Firefox? Where are they? It is, more than anything, just corporate jangling trying to overblow the threat (which itself IS real) in order to increase their profits.
Profiteering off of lies creates filthy lucre, which is sickening, and for me, results in immediate and permanent boycotting and advising against anyone doing business with such companies.
It really comes down to whether or not you BELIEVE the statistic, and I don't. The reason I don't is because I deal with perhaps 40 different computers on a daily basis, and I just don't see that number of them with spyware.
Remember a few months ago that Symantec warned up to prepare for the impending barrage of attacks directly against Firefox? Where are they? It is, more than anything, just corporate jangling trying to overblow the threat (which itself IS real) in order to increase their profits.
Profiteering off of lies creates filthy lucre, which is sickening, and for me, results in immediate and permanent boycotting and advising against anyone doing business with such companies.
0
•
•
•
•
results are massively inaccurate 
1) polls asking which browser is in use are usually responded to only by people using alternate browsers, at least those will respond in far higher numbers.
2) polls asking whether people had trouble are usually only responded to by people who indeed had trouble (or are even distributed only among people already reporting problems).
We've done a customer satisfaction survey a while ago ourselves. We sent a questionaire (made by a professional company, not ourselves, quite in contrast to most questionaires) to all our customers.
We got responses from maybe half of them, the other half mostly sent a thank you note to the effect that there was no reason for the survey. Of the respondents about half had had complaints of some sort over the last year, the other half had mainly suggestions for improvement of service.
The final outcome as presented to us stated bluntly that less than half our customers are happy with our products and services.
No massaging needed, they just forgot about the 50% who didn't feel the need to respond because they were happy with the current situation...
These reports are no different.
1) polls asking which browser is in use are usually responded to only by people using alternate browsers, at least those will respond in far higher numbers.
2) polls asking whether people had trouble are usually only responded to by people who indeed had trouble (or are even distributed only among people already reporting problems).
We've done a customer satisfaction survey a while ago ourselves. We sent a questionaire (made by a professional company, not ourselves, quite in contrast to most questionaires) to all our customers.
We got responses from maybe half of them, the other half mostly sent a thank you note to the effect that there was no reason for the survey. Of the respondents about half had had complaints of some sort over the last year, the other half had mainly suggestions for improvement of service.
The final outcome as presented to us stated bluntly that less than half our customers are happy with our products and services.
No massaging needed, they just forgot about the 50% who didn't feel the need to respond because they were happy with the current situation...
These reports are no different.
0
•
•
•
•
Glad to hear that you're skeptical of 'survey' results. As a person trained in the creation, application and analysis of survey research I'm all to well aware that you should be. But the contention that "polls asking which browser is in use are usually responded to only by people using alternate browsers, at least those will respond in far higher numbers." is a difficult one to support. People click on those little polls simply because they are people who click on little polls.
Similar Threads
- 28 infections (Viruses, Spyware and other Nasties)
- multiple infections, please help... (Viruses, Spyware and other Nasties)
- infections (Viruses, Spyware and other Nasties)
- Three infections (Viruses, Spyware and other Nasties)
- What I can do with those infections? (Viruses, Spyware and other Nasties)
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Upcoming News Stories Posts
- Today's Posts
- Unanswered Threads
age amd analytics api apple avatar blog blogging bluegene bluray broadband browser business cellphones chips command computers console copyright database dell developer development dos economy email encryption energy enterprise facebook firefox games gaming google government gta hardware ibm ibm.news intel intelibm internet iphone ipod legal leopard linux mac malware medicine memory microsoft mobile news nintendo obama office openoffice opensource os pc politics prompt ps3 recession redhat registry root russia search security semiconductors software sony statistics stockmarket stocks sun supercomputer supercomputing technology technologystocks tiger trends tweaks twitter ubuntu unix verizon virus vista web webmail wii windows wireless working x86 xbox yahoo
