Features – Who Downloaded the Spyware? Not Me!

Chris Hayes is CEO of CourtEXPRESS, a national and international court access and document retrieval service using leading-edge Internet and telecommunications technologies.

Introduction

If you think you don’t have spyware on your network, you’re probably wrong. A recent study by Websense, Inc., a San Diego-based provider of “anti-spyware” software, revealed that 92% of IT managers believed spyware existed somewhere in their networks, while only 6% of the companies’ employees believed they were responsible for downloading spyware onto the companies network. Therein lay the problem: people outside the tech world are not familiar enough with spyware to help prevent spyware problems. Regardless, spyware is spreading quickly, and even Congress has begun to take note.

What is Spyware?

In the broadest terms, spyware is any program that is downloaded to your PC to collect information about you. This is usually done without your knowledge when you visit any website that has a spyware program embedded in its code. The spyware concept actually began years ago with the invention of cookies. Cookies were innocuous, small files downloaded to your PC to send small bits of information back to the website to make the website more user-friendly. You had to set your browser to “accept cookies” before a cookie could be loaded onto your PC.

But cookies have grown up, for now they can send info back to large marketing databases. They also have been joined by a variety of programs that interact with web sites, including spyware, adware, loggers and bugs. Technically spyware is any program that watches your behavior on the Internet.

How Does Spyware Work?

Let’s start with a common type of spyware: adware. In simplest terms, adware is a software program that tracks for a website’s owner the web pages you visit and collects information about your preferences. Adware helps the website owner learn more about customer preferences, but, most importantly, adware helps the website owner sell advertising space.

Adware is sold by “media networks,” a relatively new breed of companies that track online consumer behavior and build databases of behavioral information for the purpose of targeted advertisement. A media network offers website owners the free adware program to embed in their websites and, in return, the website owners lease to the media network the advertising spaces on the site.

When you visit a site that uses adware, the adware is downloaded onto your computer. News outlets, industry portals, search engines, shopping sites, travel sites, and sites offering free “shareware” frequently use adware. The likelihood your computer has some form of adware is very high. (A scan of a friend’s home PC revealed 42 instances of adware, with some program appearing several times.)

The job of most adware programs is to collect demographic information about you—what web sites and web pages you visit, what banner ads you clicked and what terms you search. Some particularly invasive programs continue to track the sites you visited long after your have left the site where the adware resided. Some adware continues to collect data until it reaches a pre-determined expiration date or you delete it, either of which could be years. The demographics are sent to the media network’s central database.

The media network gives the adware to hundreds of website owners, accumulates a large inventory of ad space to sell, uses the demographics it collects to identify sets of web sites that make good advertising packages, and sells the packages to advertisers. The advertiser buys a package and his or her ads suddenly appear across dozens of sites before people who, according to their demographics, are interested in the advertiser’s product. This is why you can visit a site and see a banner ad for a vacation resort while your friend visits the same site and sees an ad for diet supplements like phen375.

This process is called behavioral advertising, and studies show it works well. It’s a win-win-win situation for the website owner, the media network and the advertisers. Unfortunately, it’s a win-lose situation for the consumer. While the consumer get ads that are more likely to appeal to his or her needs, the consumer also becomes a number in a database containing his/her history of web use – and that’s where the problems begin.

Why is spyware of such concerm?

Many people are not happy having their Internet surfing habits documented, especially if the sites they visit are unsavory. Many people fear, and rightfully so, that an innocuous adware program can become malicious software (malware, for short) that carries a virus, hacks into personal files, hijacks a PC to propagate spam, steals personal information or changes your start-up page to a porn site. Malware could copy your credit card number when you buy something online or copy your PIN number when you bank online. Add that type of personal information to the adware database and you have a repository ripe for identity thief and fraud.

What to do?

First, Internet users must recognize that spyware is everywhere. More than 1,700 adware programs are known to exist. While it has not become a modern day plague as of yet, the potential exits. Your best defense is to (1) install anti-spyware software and (2), in an office environment, install your own “domestic spyware” to monitor employee Internet usage. These programs should be in addition to your (1) firewall software that stops hackers from entering your PC through your network, (2) anti-virus software that prevents worms and viruses from intruding via email, and (3) anti-spam software that stops “junk.”

Anti-spyware is designed to stop spyware, whether adware or malware, from invading your PC. Anti-spyware resides on your PC or your firm’s Internet server and intercepts adware programs trying to gain access to a hard drive. One such program is Spybot Search and Destroy, a free program that comes highly recommended by PC World Magazine. You can download it from the web (safely, according to PC World magazine) and search your drives for spyware.

Be aware that Spybot isolates the spyware and prevents its use but does not delete it immediately. Some web sites will not work if the adware is missing, so Spybot gives you the ability to reactivate the adware if you want. Going forward, Spybot alerts you to new adware attacks and asks you if you want to block it. The next time you run Spybot system-wide, it deletes any adware held in isolation since your previous run.

What is the right spyware program?

It’s important to select the right anti-spyware program for your company. While Spybot is a good program for individual PCs, a law firm may need a commercially available package because of the need for speedy execution, the ability to include/exclude certain drives, IDs, etc., and the availability of technical support to troubleshoot problems in a complex network. To help you make the right decision, check out the Editors’ Choices in the April issue of PC Magazine and the recommendations in the July issue of PC World. Unfortunately, no program catches everything.

What is “domestic spyware?” Another means of stopping spyware is to prevent all Internet users in your organization from reaching the web pages where spyware resides and to zap adware automatically upon detection. That can be accomplished with “domestic spyware,” more often called Employee Internet Monitoring (EIM) software. Such packages let an IT administrator establish a blacklist and a whitelist of sites. Blacklisted sites can be restricted for everyone or just for certain categories of users. Whitelisted sites are exceptions set up for specific users. For example, everyone might be blocked from shopping sites except the people responsible for buying supplies for the office.

Ironically, some employees view EIM software as spyware, rather than anti-spyware, and resent its use. However, many law firms are motivated to use EIM software for reasons other than stopping spyware, including (1) conserving system resources by preventing the downloading of videos and music files that use excessive bandwidth and enormous amounts of disk space and (2) maintaining a professional work environment by preventing the downloading of pornographic material, the use of gambling sites, and the surfing of non-work-related sites.

Finding the best EIM software for your law firm can be a bit of a challenge since few reviews and comparisons seem to be available. Nevertheless, Yahoo lists some thirty plus packages to consider in its online directory. Websense Enterprise® from Websense Inc.1 received PC Magazine’s Editors’ Choice award in March 2004.

Will Congress Act?

In recent months Congress has taken up the battle against spyware, viewing it as an invasion of privacy issue. Senate Bill 2145, introduced February 27, 2004 by Senator Conrad Burns, R-MT and called the Software Principles Yielding Better Levels Of Consumer Knowledge (SPYBLOCK Act, for short), has been introduced to require adware vendors to give you the option of accepting or rejecting the program before it downloads and the ability to fully uninstall the program at any time. It also would make “harmful” spyware illegal. The Federal Trade Commission opened hearings on the topic last month, and a bill could be passed this session.

The SPYBLOCK Act will not take the place of a well-secured network, just as the passage of the CAN-SPAM Act did not stop unsolicited emails. While it will set parameters for honest advertisers and provide penalties for dishonest ones, it will not stop the true criminal intent on invading your network. The best defense is layering the security software—a firewall with anti-virus, anti-spam, anti-spyware software—and keeping close watch.


Note: No spyware of any type is used by CourtEXPRESS or resides on the CourtEXPRESS site. Websense Enterprise is a registered trademark of Websense, Inc.

Posted in: Cybersecurity, Features