Protecting information is often one of the most challenging and important tasks for administrators today. As I write this, Microsoft is dealing with a new risk with the release of parts of the NT and Windows 2000 source code. If Valve's situation is any indication, it might have been due to a hijacker type program.

Administrators put up all sorts of firewalls, IDSes, Anti-virus software and other security mechanisms to control how information flows in and out but these particular "annoyances" still manage to slip through. Part of this may be the attitude that they aren't really viruses or threats. However, I would disagree as it tends to ensure that information – about the user, where the user has been and the system the user is on – is getting out without proper checking.

These methods, sometimes referred to as browser hijacking, spyware, adware, etc., are all methods of gaining access into a system without the knowledge of the user (even if the EULA or AUP of that software states that they agree to it by looking at an ad) and then forwarding that info to another party. If companies allow employees access to the Web then there is a risk of spyware or other malicious code coming in.

One of the best and strongest defenses against this is user awareness and education. Nothing beats having a user who pays attention to the activities on their machine and informs administrators and technical support of any issues, even on occasion minor ones. Inform users on what spyware is, what the risks are to the company and how to recognize it. Sometimes unusual slow downs, extra unknown activity and/or sporadic computer behavior can all signal the presence of "unknown" software.

Other preventative measures might include the limiting the reception of HTML-based emails. Outlook 2003 and up have options available to disables HTML in such emails. The problem is that many companies still use Outlook Express and earlier versions of Outlook. A nifty little (and somewhat cheap) solution is called NoHtml. This can be added to the base employee image and turned on by default. This eliminates the possibility of "phishing" techniques being used to gather information from the company. Visit http://www.baxbex.com/nohtml.html for a free trial.

We also want to make this protection transparent to the user so a firewall add-on like WebSense is recommended. This tool works with both software and hardware firewalls. In essence, it acts as a filter for specific malicious web activities. The flexibility and scalability of the product ensures that no matter what your users do, you can protect them (and the company) from potential external attacks. Visit Websense's website for more details and comparisons with other similar products (http://www.websense.com).

Other methods of defense include limiting which Web browser is used by your users. While most desktops run Windows, it isn't necessary to run Internet Explorer. Using alternatives to IE can help mitigate some of the activities of spyware/adware/browser hijacking. This can be avoided by using browsers that have built-in pop-up control. Netscape, Mozilla and Opera all have this feature. You can also get pop-up blockers (software specifically designed for dealing with this).

Page 2: Detecting and Removing Spyware