Date: January 31, 2005
Subject: Spyware, even more of a threat

On service calls over the past year we have become increasingly concerned that many of the computers we support have been infected by spyware. We are concerned for a number of reasons, the foremost of which are listed below:

1 - Spyware is a security threat. Although there are may different types of spyware in existence their common objective is to bypass the security of your computer to the advantage of the spyware's creator. Some spyware will record your keystrokes as you use your computer to log into your network or bank account and forward your login or financial information to its creator. Other spyware will restrict your internet browser to a single website or domain and others will continually display advertising material on your monitor. In all of these cases spyware infiltrates the security settings of your system, making your computer available for unauthorized use by the spyware's creator.

2 - Spyware reduces productivity - Not only does spyware negate the security of your system but it will also cause your system to become unstable. The typical system that we encounter has been infected by well over 150 different spyware programs (some systems have had as many as 400 spyware programs installed). This number of illegitimate programs can greatly reduce system performance or cause repeated system restarts and can require several hours to remove them completely. In some cases computers have become essentially unusable with just a few dozen spyware programs installed.

3 - Spyware reduces network performance - Because spyware is almost always monitoring your activity, as well as sending and receiving data to and from its creators, it can waste a significant amount of your network bandwidth (the amount of data that the network is able to carry). This would generally be noticed as generally slower file access, printing or the inability to log onto the network. Since most networks now extend themselves onto the internet this use of network bandwidth would also be noticed as slower internet access and email retrieval. Bandwidth usage can be so great that internet traffic in general would be affected and possibly even come to a halt, as occurred with several virus attacks not too long ago that so overloaded the servers of major internet providers that they were forced to shut down, keeping millions of subscribers offline.

4 - Spyware is everywhere - Many types of spyware are presented as helpful utilities or internet browser enhancements. Popular file sharing programs (such as Kazaa) frequently contain spyware in their installation packages. Spyware is also given away over websites through offers for free service, software or media files.

Spyware may be prevented - The single most effective spyware prevention method is to establish a "proper use" policy for all computers and computer users with internet access. This policy should establish clear guidelines for the use of the internet and the resources that it makes available and should discourage the downloading of software. We would go so far as to suggest that all software downloads and installations be performed by a chosen individual from your staff who is tasked with keeping current on the inherent risks of using free software and who is able to deny the download if no clear benefit for the download can be determined.

For a number of clients we have installed and run a variety of analysis tools which in many cases have completely eliminated spyware from the affected computers. Two of our preferred tools are "SpyBot Search and Destroy" and "AdAware". Both of these products are freely available but LavaSoft's "AdAware Professional" is highly recommended as it features many real time blocking and analysis tools as well as automatic updates. A full spyware scan will usually take about twenty minutes and can be performed regularly with minimal disruption. We recommend that you perform a scan for spyware once a month at the very least. Performing a regular system scan is beneficial in two ways: First: A regular scan will help keep your computer system in peak operating condition by removing spyware and returning the resources they use back to legitimate programs. Second: Productivity is less likely to be affected as you can scan for spyware while the computer is not in use rather than discovering spyware as it slows down or restarts your computer when you are trying to work.