Five Advantages of Cloud-Based SIEM for Security Intelligence and Operations REGISTER >
We've all heard about spyware, but what is it exactly? Spyware defined, according to Dictionary.com, is ''any software that covertly gathers information about a user while he/she navigates the Internet and transmits the information to an individual or company that uses it for marketing or other purposes; also called ad ware''.
Many software programs today are available for free because of spyware, or advertising supported software, as it is also known. This is a way for software creators to make money from a product that they otherwise would have to sell to users outright. Now this might sound like a great idea. You might be thinking, ''I'm getting this great software and it costs me nothing!'' But the old adage holds true: If it seems too good to be true, it probably is.
Why is Spyware a problem?
The ads are then tailored for the specific user. So far so good right? Here is where the problems begin; much of this advertising software also installs some form of tracking software.
Tracking software will transmit data about the user's web surfing habits back to the software company and the only thing it requires to do this is an IP address. Most of these companies have privacy policies stating that they will not transmit ''sensitive'' or ''personal'' data back to the tracking server, but the fact remains that the PC is constantly being monitored and sending info across the network.
The amount of information sent is very small, but constant. Now one user doing this wouldn't be a problem, but in an enterprise setting with thousands of PC's all running Spyware, this can result in a significant network bandwidth usage, or better put, stolen bandwidth.
Also, Spyware is sometimes malicious in that it can ''hijack'' or ''take over'' a user's browser or reset the default homepage to another page. This type of software is usually installed without the user ever even knowing about it. Sometimes this can effectively keep the user from accessing anything except for the page the spyware software directs the browser to open. As you can see, spyware can potentially cause a significant waste of end-user time as well as inefficiency and frustration.
Of course there is the issue of information privacy, which may also be of concern to at least some of us. This is a very gray area that gets into many different legal aspects. Spyware is not illegal software, but sometimes the data that it collects can cause a security conscious user to be concerned about privacy issues and therefore they may prefer not to install the software.
This should also be a concern to any IT Security department. For as much information as spyware programs collect now, they have the capability to collect much more. The majority of spyware programs is installed as an executable program on the PC, and therefore has the ability to do anything that any normal program can do. This can include, but is not limited to, scanning files on the hard drive, reading cookies, scanning your browser history, recording keystrokes, interacting with the browser software and changing the browsers default homepage.
The information collected is then sent back to the tracking server for collection. This information is generally sold to other companies for profit or used for statistical and marketing purposes.
Spyware will also cause a drain on not only network resources, but local client system resources and IT staff resources as well. Spyware programs are usually ''memory resident'', meaning that they load into the PC's memory upon boot, and stay there using up vital RAM. They also use a tiny amount of processor time that can hamper performance. Some spyware programs can keep log files or temporary files that can get quite large in size over time. Certain spyware programs have also been known to cause problems with Internet browsers, degrade performance, and result in Windows Illegal Operation errors.
Who's paying the price?
When you add up such factors as, the strain on your network recourses, IT support staff resources, potential security risks, End-User downtime and frustration you get a better idea on how it all leads up to a real and measurable loss of productivity. These are all factors that will end up costing your business in the long run. So when it comes to spyware and adware, we all end-up paying the price.