How To Detect And Remove Spyware Information Technology Essay

In November 1999, one of the most popular internet downloads was a piece of freeware known as Elf Bowling, a game in which Santa Claus knocked down his elves like bowling pins. When Santa rolled a less-than perfect ball, the elves heckled the jolly one with many off- color taunts. It was a quirky, charming game that in the Christmas season caught the fancy of millions. But unbeknownst to many, embedded in Elf Bowling was a secret piece of software that has come to be known as Spyware.

Spyware neither originated nor ended with Elf Bowling (in fact, there is some debate as to whether or not the game hosted spyware programming). In fact, the use of spyware seems to have taken root in the early years of peer-to-per file sharing networks. After the shut- down of Napster, the first truly effective file sharing system where millions of songs were exchanged online, nearly causing the collapse of the recording industry, users flocked to other file-sharing sites, searching for an effective replacement to Napster.

Kazaa was one of the most popular sites. But, Kazaa was accused of installing adware and spyware programs without authorization. Kazaas developer argued that the only reason they installed the adware programs was to cover their development costs and keep the software as freeware. But when later versions of Kazaa were found to contain a spyware utility which collected Web usage data without authorization, in addition to an adware program and another unauthorized program.

Though Kazaa was eventually reengineered re-released to the web, the genie was out of the bottle. There is little doubt that, ever since, the scourge of spyware has wreaked havoc across the information technology industry, as well as individual computer and internet users the world over.

Some Sobering Statistics

According to a 2007 report from McAfee/National Cyber Security Alliance (NCSA):

98% of American personal computer users believe that security is important

93% believe they have taken the appropriate steps to safeguard their system.

99% have heard of spyware

75% have heard about phishing

So it is fairly clear that the vast majority of PC users understand the threats posed in cyberspace. While such awareness is heartening, it tells only half of the story:

92% of those surveyed believed their virus protection was up-to- date.Only 51% had a current update to their software within the past week

73% believed they had a firewall installed. In reality, only 64% had it enabled

70% believed they had anti-spyware software installed. In reality, only 60% had it properly installed and configured

27% said they had anti-phishing software installed. In reality, only 12% were properly covered

24% of Americans have anti-spyware software installed, an enabled firewall, and anti-virus protection that had been updated within the past week. (This statistic is especially troubling because all three of those components must be part of any reasonably effective security system for ones PC.)

54% of Americans say they have had a virus on their computer, while, unbelievably 15% ARENT SURE!!!

44% of those surveyed reported that they believed they had spyware or adware on their home PC

74% report having received a phishing email, with 92% of them saying the email looked eerily authentic

Perhaps these statistics would be less troublesome if:

87% of Americans reported storing personal financial, health,professional, and personal information on their computer

88% go online to use their computer to bank, trade stocks,and/or review their personal medical information

This survey shows while Americans are aware of the threats in cyberspace, and many have already fallen victim to some of them. Yet,people are painfully ignorant with regard to both the protection they

have, as well as the protection they will need.

Definitions

Before continuing, it may be helpful to define some of the terminology used to describe various types of malicious programming:

Malware is a generic term referring to the entire spectrum of programming, whether malicious or merely annoying, whose sole purpose is to gain access to a computer without the owners knowledge or consent. Legitimate programming that has bugs or other problems which end up harming a computer is not considered to be malware its just poorly designed. The key to whether or not a piece of programming is malware is the intent of the programmer. Does the program have a legitimate purpose, or is there an illicit motive behind

its creation? Examples of malware include viruses, Trojan horses, rootkits, adware, crimeware, worms, and spyware.

Virus is a term that is commonly used interchangeably with malware, however, for a piece of malicious computer code to be a true virus, it must have the capability of spreading from computer to computer via

the internet (in the form of a shared downloaded program) or a removable memory device (flash drive, diskette, or CD). Before a virus can do damage to a computer, it must be unlocked, which happens

when a user clicks on an infected program. Rather than the intended program opening, the virus usually will execute first. It quickly replicates itself and moves rapidly through a computers system, just

as a natural virus will infect a host organism, propagate, and begin working against the bodys defenses. If a computer is linked to a network, like most workplace computers are, the virus can quickly spread to each computer in the network through, for example, harmless looking email attachments. If left unchecked, viruses can replicate themselves until all free space on a computers hard drive is filled. More commonly, the virus will delete or alter data stored on the hard drive, and/or permanently degrade the computers functionality.

Worm is a term referring to a category of malicious self-replicating programming. It differs from a virus in a few important ways. First, worms do not need to embed themselves in another program they

are stand-alone computer programs. In addition, worms generally are not designed to do damage to a computers files. Rather, they are commonly used to open a backdoor in a computer, allowing a remote

user to gain access to the system. When a computer has been hijacked, it is called a zombie, and entire networks of these compromised computers are known as botnets. Spammers often send out their illegal marketing emails using zombies, without the knowledge or consent of the owner. The security issues, for both individuals and business, are self-evident.

Trojan Horses are programs which appear to be helpful, but in fact compromise the computers security, allowing unauthorized access to the computer and network. Depending on the intent, worms and viruses may be correctly considered to be Trojan horses. Once a computer has become infected, a host of ill-intended functions can take place, including:

Deleting or altering data

Degrading programs in a deliberate attempt to reduce a computers ability to function properly

Uploading files from the computer, or downloading additional malicious software

Helping to set up botnets

Spying on browsing habits

Copying keystrokes (to steal password and user ID information)

Identity theft (stealing bank account, tax, and personal financial information)

Displaying pornographic advertisements or images.

Rootkits are programs designed to hide the fact a computers security has been compromised. They are often Trojan horses as well, tricking the user into believing it is a helpful program. Rootkits are used by

hackers to gain administrative control over computer networks. The rootkit will block parts of a network off from each other, which helps to conceal the illicit activities from the legitimate network administrators.

Crimeware is specially-designed malware that facilitates identity theft. The malware allows an identity thief access to a persons online financial accounts (bank, stock, credit cards). The thieves can clean

out the accounts and disappear into cyberspace, usually well-before the victim has any idea what is happening. Using crimeware, the identity thief can install keystroke logging software which allows

access to user IDs and passwords, as well as programming which directs the internet browser to a counterfeit site where the user ID and password are stolen.

Phishing is not a program or rogue piece of code floating through cyberspace, waiting for a unsuspecting internet user to download and install it, but it is a growing problem and anyone concerned with

privacy concerns on the internet needs to be familiar with it. Phishing is a technique hackers and identity thieves use to gain control of a persons private information. In a phishing scam, an email or instant

message will arrive from a seemingly legitimate sender, such as a bank, PayPal, eBay, online stock trading company, or a social networking site (such as Facebook or MySpace). The person receiving the email will be directed to what looks like legitimate site and asked for their personal information. Once the passwords and user IDs have been surrendered, they scammers can clean out bank and stock accounts, make fraudulent purchases with credit cards, and other financial crimes.

Adware, also known as advertising-supported software is software which displays or downloads advertising or marketing pitches to a computer. Advertisers pay programmers of freeware or shareware to place banner ads on the computers desktop while the program is running. It allows the programmers of this free software the opportunity to receive compensation for their efforts. However, adware becomes classified as malware when it secretly bundles spyware along with it.

So What is Spyware?

Spyware is a type of program that secretly uses a computers internet connection to send demographic, browsing, and other usage information to advertising or marketing firms. More broadly, spyware

can refer to any application which surreptitiously installs itself on a computer and performs any number of actions without the users knowledge. For the reasons enumerated above, spyware and adware are often spoken of in the same breath because very adware often has a hidden spyware module attached to it. Though advertisers claim that all information transmitted is anonymous, the opportunity for violations of privacy is clearly evident.

It does not require much imagination to understand why programmers willingly add adware and spyware to their creations without doing so, they would not be paid. But whats in it for the person paying the

programmers? In other words, why was spyware created in the first place? Thats an easy question to answer: money. It allows advertisers and marketing companies to monitor a users online behaviors and proclivities, and then target advertising towards that individual, either through email or pop-up advertising.

All adware is not so insidious, but the vast majority is. If the problem were simply a matter of a few pop-up ads every now and then, the issue would barely rise to the level of a nuisance. But the threat to

privacy occurs with the unauthorized flow of information from an infected computer. When push comes to shove, these marketing and advertising companies point to strict guidelines regarding the type of

information gathered, as well as the guarantee of privacy. It is fair to note that they are compelled to gather such information in secret, providing users zero say over what kinds of information flows from

their computer, both of which speak volumes about these assurances.

Like worms, spyware acts as an independent piece of executable programming. That means is it can act just as any other computer program does. Whatever a programmer wants the program to do, it can do it. Whatever information the programmer wants, he or she can have, be it keystrokes, hard drive scans, instant messaging, email communications, browser settings, cookies whatever! All of this information can be sent to an unknown third party, then possibly sold to the highest bidder. There are no restrictions on the information they can steal.Types of Spyware

In addition to adware, there are several types of spyware circulating on the internet.

Dialers are programs that infect the computers dial-up settings and make calls on the computers modem without authorization. These unauthorized calls can result in very large and unwanted telephone

bills.

Remote Administration Tools establish remote, third-party control over ones computer, and all the information and processes on that computer.

Password Crackers were originally designed to allow the owner of the computer to access passwords which had become either lost or forgotten. However, in the hands of a hacker, it provides the opportunity to gain access to confidential passwords, leaving all manner of private data at risk.

Key Loggers are software that records keystrokes entered on the computer for the purpose of stealing information, such as user IDs and passwords. Many times, the records are maintained in a secret file on

the computers hard drive, to be accessed at a later date by a hacker.

Jokes are not malicious in nature; rather, they are merely a nuisance and designed to elicit either irritation or alarm in the user.

Is Spyware Legal?

Putting aside the ethical and moral dimensions, the question of legality is a natural one. After all, spyware robs computer users of more than their privacy. Spyware uses internet bandwidth without permission,

takes up space on the computers hard drive, uses memory and other system resources, which can throw the systems operational stability into question.

So how can spyware be legal?

It is legal because when a user clicks on I agree with the Terms of Agreement, they are almost always unaware that they just consented to install spyware on their hard drive. Buried in paragraph after

paragraph of legalese and doublespeak, is a clouded, obfuscating statement which informs the user of that spyware will be installed.

Is All Spyware Harmful?

The answer depends upon the how zealously one wants their privacy protected. All spyware programs invade the privacy of the user, so if one seeks total and complete privacy, then the answer is, yes. But a

more nuanced answer is that it depends upon the nature of the spyware and the intent of the person(s) responsible for its creation.

Simply recording ones online habits and using it to target that individual with advertisements for specific products and services is not malicious and, except for the lowered operational performance of the

infected computer, relatively harmless. If private information, such as passwords and user IDs are being monitored and captured, there is little question that spyware program is truly malware intended to harm

the computer user.

What is More Dangerous: Spyware or Viruses?

Though viruses get the lions share of attention, thanks in large part to the destructive nature of the threat, a strong case can be made for spywares ascendency as Public Enemy #1 among internet users.

Viruses are malicious, data-deleting smart bombs, rogue programs which seek and destroy, either out of some twisted understanding of fun, or as part of a larger campaign of information warfare between rival hackers, corporations, even nations. They can wipe out ones hard drive in minutes, erasing years of accumulated data in one fell swoop.

The effect is similar to that of a carpet-bombing campaign....shock and awe. But, at the end of the day, all thats really been lost is data, which can be reworked, found again, or otherwise replaced.

Spyware, on the other hand, is the more insidious problem. It does not destroy information it steals it. And that which is stolen always poses a bigger threat than that which has been destroyed. Identity theft, the theft of corporate secrets, and other invasions of privacy can have devastating long-term consequences, especially as the use of the internet and related applications grows in ubiquity.

How Can I Tell If My Computer Has Been Infected?

Symptoms of spyware infection:

Pop-up advertisements.

Spyware programs will often inundate the user with a deluge of advertisements, many times unrelated to the particular website that is being visited. If pop-up ads appear when a computers just been restarted, or occurs while the user has a closed browser, it is a pretty good bet that the computers been infected.

Default settings are changed.

Spyware sometimes will change the default homepage a browser connects to when a new internet session is begun, or will not connect to the chosen search engine when prompted to do so. New shortcuts may appear on the computers desktop, as well. If a user resets the defaults or reboots the system, but they revert

back to the unwanted settings, spyware is likely responsible.

Toolbars magically appear atop the browser.

If a user did not intentionally download a toolbar, but one suddenly appears and cannot be removed, spyware is likely the culprit.

Poor operational performance.

Unlike legitimate software which is specifically designed to run harmoniously with operating systems, such as Windows XP or Vista, spyware programmers are unconcerned with such niceties. The programmers are only concerned with accessing and transmitting information. If it reduces efficiency or crashes the system, so be it. Another symptom is if the same program keeps crashing, or if the computer takes a long time to perform routine tasks, like opening a file folder or executing a normal piece of software.

Irregular email actions.

If a user finds routine emails being returned, or vast amounts of email sent from their account, it is probable that the system has been compromised.

So if your computer suddenly begins acting strangely, it may be time to have your computer checked out.

I Think My Computer Has Been Infected. Now What?

If you suspect your system has been infected, waste no time in taking the necessary steps to protect yourself.

There are dozens of free scanning tools available on the internet. We recommend Adaware.

If the scans reveal an infestation, the next step is to remove the spyware and whatever malware is present as quickly as possible.

Sumply follow the instructions given by the Adaware software after the scan.

How Does Antivirus Scanning Software Work?

There are two methods antivirus use to find infections: it compares files on a computer against a dictionary of known threats and looks for programs acting suspiciously.

Dictionary Method:

The dictionary method of antivirus/malware protection relies almost entirely on the quality of the reference dictionary. Between 500 and 1,000 new threats emerge each day from the wild, which means the

company whose software is purchased must have the resources to stay on top of the emerging threats 24-hours a day. Many antivirus software makers rely on reports from users across the internet to stay abreast of emerging threats.

Absent a powerful piece of antivirus software and conscientious company backing it up, the dictionary method can be fairly ineffective against certain viruses and spyware, mainly because of the exponential rate at which threats are multiplying. For example, there are ways of encrypting and embedding malware which will render the infection virtually invisible to all but the most powerful antivirus software.

It is a cat-and-mouse game with no end in sight.

Suspicious Programs:

The programs acting suspiciously methodology approaches the task by monitoring the behavior of all programs. For example, if one program begins to write data to another executable file, the software

will flag the action as suspicious, alerting the user, and requesting directions for further action. The suspicious behaviors methodology is helpful in identifying and neutralizing rapidly emerging threats

before the antivirus definitions can be updated.

On the other hand, if the program is too sensitive to the ongoing operations going on inside the PC, it can sound alarms more often than is needed, with the result being a boy-who-cried-wolf desensitivity

by the user (this was one of the big complaints against Microsoft Vista in its initial launch). If the user begins to distrust the software and ignores the warnings, it renders the program worthless. For this

reason, the suspicious behavior method is relied on less often these days.

What Does Antivirus Software Actually Do?

When antivirus software is launched, it typically does three tasks:

Periodically scans the hard drive for existing viruses and malware,

It analyzes programs as they are opened, closed, or sent via email, and

Protects the computer from incoming threats.

Scanning for Existing Threats

If the antivirus program scans a hard drive and discovers a match with its virus dictionary, it will either delete the file, removing it and all of its components from the computers hard drive, or the program will

quarantine the piece of code. The quarantine action falls short of fully removing the threat, but it isolates it from the rest of the system, rendering it harmless. The computers owner will usually be given the option to keep the malware of virus in quarantine, or purge it from the system outright. Some programs will remove the harmful code from whatever file it is attached to, then attempt to repair the file if it has been damaged by the malware or virus in some way.

Program Analysis

The software compares its dictionary definitions against files as they are opened, closed, and emailed to outside users. This provides the user with the security of knowing that if, somehow, a virus or piece of

malware somehow sneaked onto the computers hard drive, it will not be given the opportunity to execute and cause any damage to the computer user. The software can also be programmed to scan the hard drive at regular intervals.

Protects from Incoming Threats

The software analyzes all email, downloads, uploads, and other activity where the computer communicates via the internet. The program erects a barrier through which these communications must pass, known as a firewall. Firewalls are groups of protective systems designed to prevent unauthorized access to a private system or network. Firewalls can protect either hardware or software, or both.

They monitor all communications between the private network and the wild, and will block any communication or transfer of information that does not meet the established criteria for security. Firewalls provide the first layer of defense against viruses and malware, such as spyware.

Spyware Protection for MacIntosh Users

Spyware designed for Windows is ineffective against the Mac. Hackers have begun working different angles to ensnare Mac users, whose confidence in the Mac OS may have lulled them into a false sense of security. For a long time, Mac users were insulated from attacks. The reasons for this were two fold:

The Mac operating system was designed to be much more secure than the traditional Windows system. This combined with the fact that

the number of Mac users relative to PC users was incredibly small.

There was little incentive for hackers to spend the time and effort to build malware that could breach the Macs security. There is also the little issue of corporate reputation. Apple has long been considered the

scrappy underdog to Microsofts industry dominance. Hackers have long taken great pleasure at pounding holes in Windows, Internet Explorer, and the Office Suite of products.

But as Macs have become more widespread, and Apples reputation as an innovator and leading-edge design company, many of the barriers keeping hackers at bay have weakened. Hackers now employ two effective strategies to spy on Mac users.

As noted earlier, phishing is an incredibly effective tool hackers and identity thieves use to steal personal information, and it takes little effort to install spyware on a Mac if the user offers up their information willingly.

The second strategy hackers employ is through unknown downloads.With the plethora of mac applications being created, there is little doubt that the unscrupulous have been busily creating apps which could compromise a Macs security. For example, spyware could be part of a song download or as a browser plug-in. As soon as the user enters the password (Macs require a password before any new software installation), attacks could begin.

As with PC spyware programs, the key to the ones designed for Macs is research and more research. Prevention, detection and removal are the most important features users should be looking for. But the best

defense remains vigilance. Users need to exercise caution when logging onto unfamiliar sites and ownloading content that a cautious person would deem questionable.

Simply relying on Macs well-earned reputation for security is no longer enough.

My Computer is Now Clean and I Have Antivirus Protection in Place. What Now?

Usually, all it takes is one bad experience with spyware and other internet threats for a user to learn their lesson. But as has been noted earlier, theres no such thing as perfect protection. The nature,

strategy, and techniques employed by hackers and identity thieves are constantly evolving. In many ways, the protection industry is always running one step behind the bad guys, otherwise known as the Black

Hats. Luckily, there are steps internet users can take that significantly reduce the number of opportunities the scammers have to get a hold of the private information of internet users.

The antivirus software firm, McAfee offers thirteen steps internet users can take to protect their computer system1:

Do not open e-mail attachments from an unknown, suspicious, or untrustworthy source. If you're not familiar with the sender, do not open, download, or execute any files or e-mail attachments.

http://www.mcafee.com/us/threat_center/tips.html?cid=36136

Do not open an e-mail attachment unless you know what it is, even if it appears to come from a friend or someone you know. Some viruses replicate themselves and spread via e-mail. Stay on the safe side and confirm that the attachment was sent from a trusted source before you open it.

Do not open any e-mail attachments if the subject line is questionable. If you feel that the attachment may be important to you, always save the file to your hard drive before you open it.

Delete chain e-mails and other spam from your inbox. It's best not to forward or reply to messages like these. Unsolicited, intrusive mail clogs up networks, may contain annoying or offensive content, and may result in security and privacy risks.

Exercise caution when downloading files from the Internet. Make sure that the Web site is legitimate and reputable. Verify that an anti-virus program has checked the files on the download site. If you have any doubts, don't download the file at all. If you download software from the Internet, be especially vigilant of free software, which often carries adware or other potentially unwanted content along with it.

Always read the privacy policies and end-user license agreements (EULAs) for software you install, regardless of the source. Be especially wary of screensavers, games, browser add-ons, peer-to-peer (P2P)

clients, and any downloads claiming to be cracked or free versions of expensive applications, such as Adobe PhotoShop or Microsoft Office. If it sounds too good to be true, it probably is.

Avoid downloads from non-Web sources altogether. The chances of downloading infected software from Usenet groups, IRC channels, instant messaging clients, or P2P is very high. Links to Web sites seen in IRC and instant messaging also frequently point to infected downloads. Avoid obtaining your software from these sources.

Update your anti-virus software often. Threats are on the increase, and they are constantly evolving. Hundreds of viruses are discovered each month. To make sure that you are protected against the newest breed of threats, update your anti-virus software frequently. That means downloading the latest virus signature files and the most current version of the scanning engine.

Back up your files frequently. If a virus infects your files, at least you can replace them with your back-up copy. It's a good idea to store your backup files (on CDs or flash drives) in another secure physical location away from your computer.

Update your operating system, Web browser, and e-mail program on a regular basis. For example, you can get Microsoft security updates for Microsoft Windows and Microsoft Explorer at http://www.microsoft.com/security.

Vigilance is the best defense against phishing scams If you happen to receive an e-mail message announcing that your account will be closed, that you need to confirm an order, or that you need to verify your billing information, do not reply to the e-mail or click on any links. If you want to find out whether the e-mail is legitimate, you can contact the company or individual directly by calling or writing to them.

Do not open messages or click on links from unknown users in your instant messaging program. Instant messaging can be a vehicle for transmitting viruses and other malicious code, and its

Use a personal firewall. A hardware firewall that sits between your DSL router or cable modem will protect you from inbound attacks. Its a must for broadband connections. A software firewall runs on your PC and can protect you from both inbound and outbound attacks.

Check your accounts and credit reports regularly. Identity thieves can begin using your personal information to open accounts, purchase goods, and make your life miserable within minutes of

obtaining that data. Check your bank account and credit card statements frequently. That way, if you discover that your personal information has been compromised, you can alert credit companies and banks immediately, so they can close your accounts

What Steps are Being Taken to Combat Spyware?

There have been periodic attempts to enshrine anti-spyware laws in the Federal Register, the most recent being the Internet Spyware Prevention Act of 2007, which was introduced and passed the House of

Representatives, but was never called to the floor of the Senate for a vote.

In recent years, some states have filed lawsuits against firms suspected of creating and disseminating spyware. For example, in 2005, former New York State Attorney General Spitzer filed suit against a company called Intermix Media, despite the fact that no specific anti-spyware legislation is on the books. New York accused Intermix of violating the states laws against deceptive acts and practices, as well as false advertising. When users downloaded and installed screen savers from Intermix's web sites, an adware program

called KeenValue was surreptitiously installed at the same time. The firm neglected to include any sort of uninstall program and wrote the code to ensure the program reinstalled itself if it was ever deleted.

Intermix also advertised its product as being free from spyware.

The big problem with prosecuting the purveyors of spyware is that the legal definition of what constitutes spyware are incredibly hazy. That, and as noted earlier, many users agree to allow the spyware to be

installed on their computer when they click on the I agree button, acknowledging that they read and understood the terms of agreement.The best hope of consumers is for legislation to be enacted which

limits what concessions software sellers can demand from users in their purposely obtuse and unintelligible end-user agreements. But the internet respects no national borders, and developing international

laws governing such practices could prove quite elusive.

Businesses and Spyware

Once upon a time, IT managers and other technology professionals believed that their firewalls and other formidable security measures would protect them from the scourge of spyware. But nothing could protect those systems when employees downloaded infected programs and installed them on their workstations. (For this reason, many businesses now strictly curtail such downloading activity by employees).Beginning around 2005, they began noticing a marked increase in calls to IT help desks, complaints ranging from the dreaded

pop-up ads to slow PC performance. Spyware can cost businesses as much as $350 per PC to fix, when all costs are factored in.2

But business may be partly to blame for these woes. As noted in Newsweek, corporate advertising spending trickles down from the big firms to smaller marketing companies who are paid by the click on banner ads and the like on websites.

But these are merely a nuisance when the true potential of spywares destructiveness has yet to be realized. Theft of passwords and user IDs open the door for corporate espionage and other forms of

corporate crime, one where trade secrets and other valuable intellectual property are at risk of theft. It is little wonder that businesses see spyware os one of the top five threats to their security, and why anti-spyware software spending has become a multi-billion dollar business. In fact, internet security provider FaceTime Communications, surveyed more than 1,000 IT managers and end users, finding that spyware and other unsanctioned downloads result in average monthly costs of $130,000.3 The survey also found that

spyware incursions appear to be growing at a rate twice that of computer virus incidents

Increasingly, enterprise applications are being downloaded, which means the browser has become one of the most important conduits through which critical business supplies are transmitted. When the browser is infected, the results are often disastrous.

In 2006, more than 1,300 people in Oregon were exposed to identity theft when an employee of the states department of revenue downloaded Spyware. He was using his office PC to surf porn sites, and downloaded a Trojan virus. For four months, names, addresses, and Social Security numbers were recorded and transmitted to the Trojans architect.

The Oregon Department of Revenue has banned employees from accessing Web sites for personal use, but such stringent regulations are impractical for most businesses. Many jobs require unfettered access to the internet, and spyware and viruses can be accidently downloaded from even legitimate-looking sites. Hackers can establish

http://www.newsweek.com/id/56465

http://www.bankinfosecurity.com/html/bankinfosec_article16.html

a blog on a legitimate host site and post Trojans or keylogging

software to the page.

Spyware not only steals data, but also internet bandwidth, stopping the normal flow of traffic through the network. As noted earlier, spyware greatly compromises a computers processing speed, bringing the system to a crawl. It can also cause major system instability, leading to more frequent crashes. Caring for corrupted PCs can account for almost 20% or more of a companys IT Help Desk

resources.4

Purveyors of Spyware

Spywareguide (http://www.spywareguide.com) is a valuable resource for keeping tabs on which firms are peddling spyware, adware, and other forms of malware that most internet users would prefer to keep

off their hard drives. The database is continually updated as new spyware pushers are revealed. Check with this database before downloading software from any questionable sources.

One final word on purveyors avoid pornography sites. This recommendation is made with an eye towards issues of personal privacy, not morality. Porn sites are among the most notorious spyware distributors. Like their main product, there is nothing subtle about their adware and spyware. As pop-up ads cascade across the desktop, you will know immediately youve been infected. Download NOTHING from a porn site. Ever.

http://www.stopzilla.com/learning/CostOfSpywareToYourBusiness.do

APPENDIX I

Antivirus Protection Software

There are numerous antivirus products available for purchase and download. Some are free of charge while others charge a fairly hefty fee upfront, and a similarly hefty annual fee to maintain up-to-date

virus definitions and hard drive scanning. Keep in mind this is merely sampling of some of the best-selling products for the PC market.

Free System Scanning and Removal Tools:

The free scanning tools available on the internet all have their limitations because well, theyre free. However, absent any prior scanning or meaningful system protection, the decent ones, such as Microsoft Defender (which is one of the few spyware-only products), should be able to find the major bugs in any system. If a user has financial limitations which prevent them from paying for antivirus and spyware protection, it is still possible to stay protected. Most of the big antivirus companies offer free tools. They do not offer any of the bells and whistles of their sales products, obviously. But if a user is broke,

yet serious about protecting their system:

Conduct free scans of their system at least once a week

Use the free removal tools at their disposal

Refrain from visiting any sites whose integrity is even remotely

questionable.

24-hour, 365 day protection wont be possible, but taking such steps is

much, much better than nothing.

Products:

Some of these companies, such as Symantec/Norton and McAfee have dozens of different products. Again, do the research, making sure to cross-check the reviews against each other that should provide a good sense of whether or not a product is a good one. Below are a thumbnail list of several of the most popular antivirus/malware products. Not included are internet protection suites, which combine several different strategies to provide a comprehensive security apparatus.

VIPRE Antivirus + Antispyware

BitDefender Antivirus 2009

Kaspersky Anti-Virus 2009

Panda Antivirus Pro 2009

Norton AntiVirus 2009

McAfee VirusScan Plus 2009

Trend Micro AntiVirus plus AntiSpyware 2008

CA Anti-Virus 2009

Reviews for each of these programs can be found across the internet. However, many of the sites offering reviews come across as something closer to sales pitches. Thus, it is important to read with a critical eye. Valuable resources for independent software reviews can be found at:

Cnet (http://reviews.cnet.com) is a website owned by CBS. It provides advice and reviews of the entire spectrum of technology products.

PC Magazine (http://www.pcmag.com). Click on Reviews, then Software, then Security. Users can then browse by any number of criteria, including by company, price, type of protection, etc.

Pcantivirusreviews.com (http://Pcantivirusreviews.com) The name says it all.

Top Ten Reviews (http://anti-virus-software- review.toptenreviews.com). Click on Software, then choose the type of internet security program to review.

Consumer Search (http://www.consumersearch.com/antivirus- software) provides reviews and helpful advice on what to look for in internet security software.

Appendix II

Resources5

There are a number of resources available to internet users, from advocacy organizations to the software developers themselves.

Hoaxes and Chain Letters

Virtually every internet user has received them: an email thats been forwarded a dozen times, warning about the latest and greatest internet threat, be it a worm, virus, or spyware. While it is important for users of the internet to know about the newest threats, many times these breathless warnings arent much more than a lot of hot air.

The following sources receive these warnings as well, and work to determine the threat they pose.

F-Secure - Hoax warnings http://www.f-secure.com/virus-info/hoax/

McAfee - Virus Information Library - Virus Hoaxes http://vil.mcafee.com/hoax.asp

Panda Software - Virus Encyclopedia - Hoaxes and Jokes http://www.pandasoftware.com/virus%5Finfo/hoaxes

Sophos Virus info - hoaxes and scares http://www.sophos.com/virusinfo/scares/

Symantec AntiVirus Research Center (SARC) - Virus Hoaxes http://www.symantec.com/avcenter/hoax.html

Virus Databases

Below are a list of resources to which internet users can refer if they are interested in If ones curiosity about viruses and malware The following databases can be useful if you are looking for specific information about a particular virus. Some of the databases are larger than others and some may have more detailed information than others do.

http://www.cert.org/other_sources/viruses.html#II

Proland - Virus Encyclopedia http://www.pspl.com/virus_info/

Norman - Virus Encyclopedia o http://www.norman.com/Virus/en-us

AVG - Virus Encyclopedia o http://www.grisoft.com/doc/Virus+Encyclopaedia/lng/us/tpl/tpl01

Virus Bulletin - Virus Encyclopedia o https://www.virusbtn.com/login

F-Secure Virus Info Center o http://www.f-secure.com/vir-info/

McAfee - Virus Information Library http://vil.mcafee.com/

Panda Software - Virus Encyclopedia o http://www.pandasoftware.com/library/

Sophos Virus Information http://www.sophos.com/virusinfo/

Symantec AntiVirus Research Center http://www.symantec.com/avcenter/index.html

Trend Micro - Virus Encyclopedia o http://www.antivirus.com/vinfo/virusencyclo/default.asp

Virus Organizations and Publications

Each organization or publication which follows describes itself:

AVAR (Association of Anti Virus Asia Researchers - http://www.aavar.org)

The mission of the AVAR is to prevent the spread and damage caused by malicious software, and to develop cooperative relationship among anti malicious software

experts in Asia. We are independent and not-for-profit organization which is oriented in Asia Pacific region. AVAR consists of prominent experts on computer virus from

various areas such as Australia, China, Hong Kong, India, Japan, Korea, Philippines, Singapore, Taiwan, UK, and U.S.A. Our independence helps us to play an important

role to fight against computer virus globally and to raise users' awareness on computer security issues.

EICAR (European Institute for Computer Anti-Virus Research - http://www.eicar.com)

EICAR combines universities, industry and media plus technical, security and legal experts from civil and military government and law enforcement as well as privacy

protection organizations whose objectives are to unite non-commercial efforts against writing and proliferation of malicious code like computer viruses or Trojan Horses, and, against computer crime, fraud and the misuse of computers or networks, inclusive malicious exploitation of personnel data, based on a code of conduct.

Virus Bulletin - http://www.virusbtn.com/

o The international publication on computer virus prevention, recognition and removal. Virus Bulletin is the technical journal on developments in the field of computer viruses and anti-virus products

The WildList Organization International - http://www.wildlist.org/

The mission of the Wildlist Organization is to provide accurate, timely and comprehensive information about "In the Wild" computer viruses to both users and product

developers. The WildList, a list of computer viruses found in the wild and reported by a diverse group of over 40 qualified volunteers, is made available free of charge by the organization.

Anti-Spyware/Adware Vendors

The following is a list of vendors whose products are specifically engineered to take on the spyware/adware threat.

Adaware - http://www.lavasoft.com

Updates - http://www.lavasoftusa.com/

Aluria - http://www.aluriasoftware.com

Updates - http://www.aluriasoftware.com/index.php?menu=support&link=home

Microsoft Anti-Spyware -

http://www.microsoft.com/athome/security/protect/windowsxp/antispy.mspx

Updates - http://www.microsoft.com/downloads/details.aspx?FamilyId=321CD7A2-6A57-4C57-A8BD-DBF62EDA9671&displaylang=en

Spy Sweeper - http://www.webroot.com

Updates - http://support.webroot.com/ics/support/default.asp?deptID=776

Spyware Detector - http://www.spywaredetector.us

Updates - http://www.spywaredetector.us

XoftSpy scan - http://www.xoftspy.net/xoftspy/lp/17/

Updates - http://www.xoftspy.net/xoftspy/lp/17/

Anti-Virus Vendors

This list of antivirus vendors is for informational purposes only, and there is no implied endorsement of any of these firms.

Aladdin Knowledge Systems - http://www.esafe.com/

Product patches - http://www.esafe.com/update.html

Support - http://www.esafe.com/support.html

AVG - http://www.grisoft.com/

Updates - http://www.grisoft.com/doc/72/lng/us/tpl/tpl01

Support - http://http://www.grisoft.com/doc/8/lng/us/tpl/tpl01

Central Command, Inc. - http://www.centralcommand.com/

Updates - http://upd.vexira.com/pub/vexira/vdb.8/history.txt

Support -http://support.vexira.com/? Computer Associates International, Inc. - http://www.cai.com

Updates - http://www3.ca.com/support/vicdownload/

Support - http://www3.ca.com/support

Mailing Lists - http://supportconnectw.ca.com/enews.asp

Frisk Software International - http://www.f-prot.com/

Updates - http://www.f-prot.com/support/unix/updating.html

Support - http://www.f-prot.com/f-prot/support

F-Secure Corporation - http://www.f-secure.com or http://www.europe.f-secure.com

Updates - http://www.f-secure.com/download-purchase/updates.shtml

Support - http://www.f-secure.com/support/

McAfee (a Network Associates company) - http://www.mcafee.com

Updates - http://download.mcafee.com/updates/updates.asp

Product upgrades - http://download.mcafee.com/upgrades/upgrades.asp

Support - http://mcafeesecurity.com/us/support/

Network Associates, Inc. - http://www.nai.com

Updates - https://secure.nai.com/us/forms/downloads/upgrades/login.asp

Support - http://www.nai.com/us/support/

Norman Data Defense Systems - http://www.norman.com

Updates - http://www.norman.com/Download/en/

Support - http://www.norman.com/Support/en/

Panda Software - http://www.pandasoftware.com/

Updates - http://www.pandasoftware.com/download/updates/

Support - http://www.pandasoftware.com/support/

Proland Software - http://www.pspl.com

Updates - http://www.pspl.com/download/download.htm

Product patches:

http://www.pspl.com/download/download.htm

Support - http://www.pspl.com/support/support.htm

Sophos - http://www.sophos.com

Updates - http://www.sophos.com/downloads/ide/

Product patches - http://www.sophos.com/downloads/full/

Support - http://www.sophos.com/support/

Symantec Corporation - http://www.symantec.com

Updates - http://www.sarc.com/avcenter/download.html

Product patches -

http://www.symantec.com/nav/index_updates.html

Support - http://www.symantec.com/techsupp

Trend Micro, Inc. - http://www.trendmicro.com

Updates - http://www.antivirus.com/download/pattern.htm

Product update - http://www.antivirus.com/download/engines/default.asp

Support - http://www.antivirus.com/support/index.htm