| |
| SOLUTIONS : SOLUTION BY
TECHNOLOGY : SPYWARE PROTECTION |
|
.. |
What is a Spyware?
The term spyware refers to a broad category of malicious software
designed to intercept or take partial control of a computer's operation
without the informed consent of that machine's owner or legitimate
user. While the term taken literally suggests software that
surreptitiously monitors the user, it has come to refer more broadly to
software that subverts the computer's operation for the benefit of a
third party. In simpler terms, spyware is a type of program that
watches what users do with their computer and then sends that
information over the internet. Spyware can collect many different types
of information about a user. More benign programs can attempt to track
what types of websites a user visits and send this information to an
advertisement agency. More malicious versions can try to record what a
user types to try to intercept passwords or credit card numbers. Yet
other versions simply launch popup advertisements.
Comparison between spyware, adware, and tracking
The term adware frequently refers to any software which displays
advertisements, whether or not it does so with the user's consent.
Programs such as the Eudora mail client display advertisements as an
alternative to shareware registration fees. These classify as "adware"
in the sense of advertising-supported software, but not as spyware.
Adware in this form does not operate surreptitiously or mislead the
user, and provides the user with a specific service. Many of the
programs frequently classified as spyware function as adware in a
different sense: their chief observed behavior consists of displaying
advertising. Claria Corporation's Gator Software and Exact
Advertising's BargainBuddy provide examples of this sort of program.
Visited Web sites frequently install Gator on client machines in a
surreptitious manner, and it directs revenue to the installing site and
to Claria by displaying advertisements to the user. The user
experiences a large number of pop-up advertisements. Other spyware
behaviors, such as reporting on websites the user visits, frequently
accompany the displaying of advertisements. Monitoring web activity
aims at building up a marketing profile on users in order to sell
"targeted" advertisement impressions. The prevalence of spyware has
cast suspicion upon other programs that track Web browsing, even for
statistical or research purposes. Some observers describe the Alexa
Toolbar, an Internet Explorer plug-in published by Amazon.com, as
spyware (and some anti-spyware programs report it as such) although
many users choose to install it.
Comparison between spyware, virus and worm
Spyware differs from viruses
and worms in that it does not usually self-replicate. Like many recent
viruses, however, spyware — by design — exploits infected
computers for commercial gain. Typical tactics furthering this goal
include delivery of unsolicited pop-up advertisements; theft of
personal information (including financial information such as credit
card numbers); monitoring of Web-browsing activity for marketing
purposes; or routing of HTTP requests to advertising sites.
What is spyware guarding?
As the spyware threat has
worsened, a number of techniques have emerged to counteract it. These
include programs designed to remove or to block spyware, as well as
various user practices which reduce the chance of getting spyware on a
system. Nonetheless, spyware remains a costly problem. When a
large number of pieces of spyware have infected a Windows computer, the
only remedy may involve backing up user data, and fully reinstalling
the operating system.
Anti-spyware Programs
Many programmers and some
commercial firms have released products designed to remove or block
spyware. Major anti-virus firms have started adding anti-spyware
features to their existing anti-virus products. Early on, anti-virus
firms expressed reluctance to add anti-spyware functions, citing
lawsuits brought by spyware authors against the authors of web sites
and programs which described their products as "spyware". However,
recent versions of these major firms' home and business anti-virus
products do include anti-spyware functions, albeit treated differently
from viruses. Real-time Protection blocks spyware in the process of
installing itself. Here, Windows AntiSpyware blocks an instance of the
AlwaysUpdateNews spyware.
Anti-spyware programs can combat spyware in two
ways:
|
|
Real-time
Protection, which prevents the installation of spyware |
|
|
Detection
and removal of spyware.
|
Writers of anti-spyware programs usually find detection and removal
simpler, and many more programs have become available which do so. Such
programs inspect the contents of the Windows registry, the operating
system files, and installed programs, and remove files and entries
which match a list of known spyware components. Real-time Protection
from spyware works identically to real-time anti-virus Protection: the
software scans incoming network data and disk files at download time,
and blocks the activity of components known to represent spyware. In
some cases, it may also intercept attempts to install start-up items or
to modify browser settings.
Earlier versions of anti-spyware programs focused chiefly on detection
and removal. Javacool Software's SpywareBlaster, one of the first to
offer real-time Protection, blocked the installation of ActiveX-based
and other spyware programs. To date, other programs such as d-Aware and
Windows AntiSpyware now combine the two approaches, while
SpywareBlaster remains focused on prevention.
Like most anti-virus software, many anti-spyware/adware tools require a
frequently-updated database of threats. As new spyware programs are
released, anti-spyware developers discover and evaluate them, making
"signatures" or "definitions" which allow the software to detect and
remove the spyware. As a result, anti-spyware software is of limited
usefulness without a regular source of updates. Some vendors provide a
subscription-based update service, while others provide updates gratis.
Updates may be installed automatically on a schedule or before doing a
scan, or may be done manually. Not all programs rely on updated
definitions. Some programs rely partly or entirely on historical
observation. They watch certain onfiguration parameters (such as the
Windows registry or browser configuration) and report any change to the
user, without judgment or recommendation. Their chief advantage is that
they do not rely on updated definitions. Even with a subscription, a
"critical mass" of other users have to have, and report a problem
before the new definition is characterized and propagated. The
disadvantage is that they can offer no guidance. The user is left to
determine "what did I just do, and is this configuration change
appropriate?"
If a spyware program is not blocked and manages to get itself
installed, it may resist attempts to terminate or uninstall it. Some
programs work in pairs: when an anti-spyware scanner (or the user)
terminates one running process, the other one respawns the killed
rogram. Likewise, some spyware will detect attempts to remove registry
keys and immediately add them again. Usually, booting the infected
computer in safe mode allows an anti-spyware program a better chance of
removing persistent spyware.
Summary
Syntensia Spyware Protection is
designed to detect spyware parasites and quarantine the infected files
for immediate Protection by blocking web pages and software downloads
from web sites that contain spyware or adware. The solution not only
protects against infection of computers within the enterprise network,
but also intercepts and blocks spyware communication from already
infected computers to spyware web sites on the Internet. |
|
| |
|
|
|
|
