Deflecting Assaults on Privacy
Source code exposed, customer records set free... Browser hijackers and spyware are responsible for these headlines and more. Discover the tools that help keep users, and the networks they reside on, from leaking confidential data.
Administrators put up all sorts of firewalls, IDSes, Anti-virus software and other security mechanisms to control how information flows in and out but these particular "annoyances" still manage to slip through. Part of this may be the attitude that they aren't really viruses or threats. However, I would disagree as it tends to ensure that information – about the user, where the user has been and the system the user is on – is getting out without proper checking.
These methods, sometimes referred to as browser hijacking, spyware, adware, etc., are all methods of gaining access into a system without the knowledge of the user (even if the EULA or AUP of that software states that they agree to it by looking at an ad) and then forwarding that info to another party. If companies allow employees access to the Web then there is a risk of spyware or other malicious code coming in.
One of the best and strongest defenses against this is user awareness and education. Nothing beats having a user who pays attention to the activities on their machine and informs administrators and technical support of any issues, even on occasion minor ones. Inform users on what spyware is, what the risks are to the company and how to recognize it. Sometimes unusual slow downs, extra unknown activity and/or sporadic computer behavior can all signal the presence of "unknown" software.
We also want to make this protection transparent to the user so a firewall add-on like WebSense is recommended. This tool works with both software and hardware firewalls. In essence, it acts as a filter for specific malicious web activities. The flexibility and scalability of the product ensures that no matter what your users do, you can protect them (and the company) from potential external attacks. Visit Websense's website for more details and comparisons with other similar products (http://www.websense.com).
Other methods of defense include limiting which Web browser is used by your users. While most desktops run Windows, it isn't necessary to run Internet Explorer. Using alternatives to IE can help mitigate some of the activities of spyware/adware/browser hijacking. This can be avoided by using browsers that have built-in pop-up control. Netscape, Mozilla and Opera all have this feature. You can also get pop-up blockers (software specifically designed for dealing with this).
Page 2: Detecting and Removing Spyware