| |
| SOLUTIONS : SOLUTION BY TECHNOLOGY
: SPYWARE PROTECTION |
.. |
What is a Spyware?
The term spyware refers to a broad category of malicious software
designed to intercept or take partial control of a computer's
operation without the informed consent of that machine's owner
or legitimate user. While the term taken literally suggests
software that surreptitiously monitors the user, it has come
to refer more broadly to software that subverts the computer's
operation for the benefit of a third party. In simpler terms,
spyware is a type of program that watches what users do with
their computer and then sends that information over the internet.
Spyware can collect many different types of information about
a user. More benign programs can attempt to track what types
of websites a user visits and send this information to an
advertisement agency. More malicious versions can try to record
what a user types to try to intercept passwords or credit
card numbers. Yet other versions simply launch popup advertisements.
Comparison between spyware, adware, and tracking
The term adware frequently refers to any software which displays
advertisements, whether or not it does so with the user's
consent. Programs such as the Eudora mail client display advertisements
as an alternative to shareware registration fees. These classify
as "adware" in the sense of advertising-supported
software, but not as spyware. Adware in this form does not
operate surreptitiously or mislead the user, and provides
the user with a specific service. Many of the programs frequently
classified as spyware function as adware in a different sense:
their chief observed behavior consists of displaying advertising.
Claria Corporation's Gator Software and Exact Advertising's
BargainBuddy provide examples of this sort of program. Visited
Web sites frequently install Gator on client machines in a
surreptitious manner, and it directs revenue to the installing
site and to Claria by displaying advertisements to the user.
The user experiences a large number of pop-up advertisements.
Other spyware behaviors, such as reporting on websites the
user visits, frequently accompany the displaying of advertisements.
Monitoring web activity aims at building up a marketing profile
on users in order to sell "targeted" advertisement
impressions. The prevalence of spyware has cast suspicion
upon other programs that track Web browsing, even for statistical
or research purposes. Some observers describe the Alexa Toolbar,
an Internet Explorer plug-in published by Amazon.com, as spyware
(and some anti-spyware programs report it as such) although
many users choose to install it.
Comparison between spyware, virus and worm
Spyware differs from viruses and worms
in that it does not usually self-replicate. Like many recent
viruses, however, spyware — by design — exploits
infected computers for commercial gain. Typical tactics furthering
this goal include delivery of unsolicited pop-up advertisements;
theft of personal information (including financial information
such as credit card numbers); monitoring of Web-browsing activity
for marketing purposes; or routing of HTTP requests to advertising
sites.
What is spyware guarding?
As
the spyware threat has worsened, a number of techniques have
emerged to counteract it. These include programs designed
to remove or to block spyware, as well as various user practices
which reduce the chance of getting spyware on a system.
Nonetheless, spyware remains a costly problem. When a large
number of pieces of spyware have infected a Windows computer,
the only remedy may involve backing up user data, and fully
reinstalling the operating system.
Anti-spyware Programs
Many
programmers and some commercial firms have released products
designed to remove or block spyware. Major anti-virus firms
have started adding anti-spyware features to their existing
anti-virus products. Early on, anti-virus firms expressed
reluctance to add anti-spyware functions, citing lawsuits
brought by spyware authors against the authors of web sites
and programs which described their products as "spyware".
However, recent versions of these major firms' home and business
anti-virus products do include anti-spyware functions, albeit
treated differently from viruses. Real-time Protection blocks
spyware in the process of installing itself. Here, Windows
AntiSpyware blocks an instance of the AlwaysUpdateNews spyware.
Anti-spyware programs can combat spyware
in two ways:
|
Real-time Protection, which prevents the installation
of spyware |
|
Detection
and removal of spyware.
|
Writers of anti-spyware programs usually find detection and
removal simpler, and many more programs have become available
which do so. Such programs inspect the contents of the Windows
registry, the operating system files, and installed programs,
and remove files and entries which match a list of known spyware
components. Real-time Protection from spyware works identically
to real-time anti-virus Protection: the software scans incoming
network data and disk files at download time, and blocks the
activity of components known to represent spyware. In some
cases, it may also intercept attempts to install start-up
items or to modify browser settings.
Earlier versions of anti-spyware programs focused chiefly
on detection and removal. Javacool Software's SpywareBlaster,
one of the first to offer real-time Protection, blocked the
installation of ActiveX-based and other spyware programs.
To date, other programs such as d-Aware and Windows AntiSpyware
now combine the two approaches, while SpywareBlaster remains
focused on prevention.
Like most anti-virus software, many anti-spyware/adware tools
require a frequently-updated database of threats. As new spyware
programs are released, anti-spyware developers discover and
evaluate them, making "signatures" or "definitions"
which allow the software to detect and remove the spyware.
As a result, anti-spyware software is of limited usefulness
without a regular source of updates. Some vendors provide
a subscription-based update service, while others provide
updates gratis. Updates may be installed automatically on
a schedule or before doing a scan, or may be done manually.
Not all programs rely on updated definitions. Some programs
rely partly or entirely on historical observation. They watch
certain onfiguration parameters (such as the Windows registry
or browser configuration) and report any change to the user,
without judgment or recommendation. Their chief advantage
is that they do not rely on updated definitions. Even with
a subscription, a "critical mass" of other users
have to have, and report a problem before the new definition
is characterized and propagated. The disadvantage is that
they can offer no guidance. The user is left to determine
"what did I just do, and is this configuration change
appropriate?"
If a spyware program is not blocked and manages to get itself
installed, it may resist attempts to terminate or uninstall
it. Some programs work in pairs: when an anti-spyware scanner
(or the user) terminates one running process, the other one
respawns the killed rogram. Likewise, some spyware will detect
attempts to remove registry keys and immediately add them
again. Usually, booting the infected computer in safe mode
allows an anti-spyware program a better chance of removing
persistent spyware.
Summary
White
Knight Spyware Protection is designed to detect spyware parasites
and quarantine the infected files for immediate Protection
by blocking web pages and software downloads from web sites
that contain spyware or adware. The solution not only protects
against infection of computers within the enterprise network,
but also intercepts and blocks spyware communication from
already infected computers to spyware web sites on the Internet.
|
|
| |
|
|
|
