SOLUTIONS : SOLUTION BY TECHNOLOGY : SPYWARE PROTECTION
..
What is a Spyware?

The term spyware refers to a broad category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user. While the term taken literally suggests software that surreptitiously monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party. In simpler terms, spyware is a type of program that watches what users do with their computer and then sends that information over the internet. Spyware can collect many different types of information about a user. More benign programs can attempt to track what types of websites a user visits and send this information to an advertisement agency. More malicious versions can try to record what a user types to try to intercept passwords or credit card numbers. Yet other versions simply launch popup advertisements.

Comparison between spyware, adware, and tracking


The term adware frequently refers to any software which displays advertisements, whether or not it does so with the user's consent. Programs such as the Eudora mail client display advertisements as an alternative to shareware registration fees. These classify as "adware" in the sense of advertising-supported software, but not as spyware. Adware in this form does not operate surreptitiously or mislead the user, and provides the user with a specific service. Many of the programs frequently classified as spyware function as adware in a different sense: their chief observed behavior consists of displaying advertising. Claria Corporation's Gator Software and Exact Advertising's BargainBuddy provide examples of this sort of program. Visited Web sites frequently install Gator on client machines in a surreptitious manner, and it directs revenue to the installing site and to Claria by displaying advertisements to the user. The user experiences a large number of pop-up advertisements. Other spyware behaviors, such as reporting on websites the user visits, frequently accompany the displaying of advertisements. Monitoring web activity aims at building up a marketing profile on users in order to sell "targeted" advertisement impressions. The prevalence of spyware has cast suspicion upon other programs that track Web browsing, even for statistical or research purposes. Some observers describe the Alexa Toolbar, an Internet Explorer plug-in published by Amazon.com, as spyware (and some anti-spyware programs report it as such) although many users choose to install it.

Comparison between spyware, virus and worm


Spyware differs from viruses and worms in that it does not usually self-replicate. Like many recent viruses, however, spyware — by design — exploits infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites.

What is spyware guarding?


As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of getting spyware on a system. Nonetheless, spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system.

Anti-spyware Programs


Many programmers and some commercial firms have released products designed to remove or block spyware. Major anti-virus firms have started adding anti-spyware features to their existing anti-virus products. Early on, anti-virus firms expressed reluctance to add anti-spyware functions, citing lawsuits brought by spyware authors against the authors of web sites and programs which described their products as "spyware". However, recent versions of these major firms' home and business anti-virus products do include anti-spyware functions, albeit treated differently from viruses. Real-time Protection blocks spyware in the process of installing itself. Here, Windows AntiSpyware blocks an instance of the AlwaysUpdateNews spyware.

Anti-spyware programs can combat spyware in two ways:

Real-time Protection, which prevents the installation of spyware
Detection and removal of spyware.


Writers of anti-spyware programs usually find detection and removal simpler, and many more programs have become available which do so. Such programs inspect the contents of the Windows registry, the operating system files, and installed programs, and remove files and entries which match a list of known spyware components. Real-time Protection from spyware works identically to real-time anti-virus Protection: the software scans incoming network data and disk files at download time, and blocks the activity of components known to represent spyware. In some cases, it may also intercept attempts to install start-up items or to modify browser settings.

Earlier versions of anti-spyware programs focused chiefly on detection and removal. Javacool Software's SpywareBlaster, one of the first to offer real-time Protection, blocked the installation of ActiveX-based and other spyware programs. To date, other programs such as d-Aware and Windows AntiSpyware now combine the two approaches, while SpywareBlaster remains focused on prevention.

Like most anti-virus software, many anti-spyware/adware tools require a frequently-updated database of threats. As new spyware programs are released, anti-spyware developers discover and evaluate them, making "signatures" or "definitions" which allow the software to detect and remove the spyware. As a result, anti-spyware software is of limited usefulness without a regular source of updates. Some vendors provide a subscription-based update service, while others provide updates gratis. Updates may be installed automatically on a schedule or before doing a scan, or may be done manually. Not all programs rely on updated definitions. Some programs rely partly or entirely on historical observation. They watch certain onfiguration parameters (such as the Windows registry or browser configuration) and report any change to the user, without judgment or recommendation. Their chief advantage is that they do not rely on updated definitions. Even with a subscription, a "critical mass" of other users have to have, and report a problem before the new definition is characterized and propagated. The disadvantage is that they can offer no guidance. The user is left to determine "what did I just do, and is this configuration change appropriate?"

If a spyware program is not blocked and manages to get itself installed, it may resist attempts to terminate or uninstall it. Some programs work in pairs: when an anti-spyware scanner (or the user) terminates one running process, the other one respawns the killed rogram. Likewise, some spyware will detect attempts to remove registry keys and immediately add them again. Usually, booting the infected computer in safe mode allows an anti-spyware program a better chance of removing persistent spyware.

Summary


Syntensia Spyware Protection is designed to detect spyware parasites and quarantine the infected files for immediate Protection by blocking web pages and software downloads from web sites that contain spyware or adware. The solution not only protects against infection of computers within the enterprise network, but also intercepts and blocks spyware communication from already infected computers to spyware web sites on the Internet.
 
 



download