Enterprise Gateway Anti-Spyware
Spyware is malicious software that performs many different functions, including delivering unrequested advertising (pop-up ads), harvesting private information and monitoring your activities. It may also re-route page requests (to illegally claim commercial site referral fees) and install stealth phone dialers. This software can drastically impair system performance and consume network resources. It often incorporates design features which make it difficult or impossible to remove from the system.
Identifying spyware is not always easy because spyware can come bundled with legitimate programs. Data collecting programs installed with the user's knowledge do not, technically speaking, constitute spyware, provided the user fully understands what data they collect and with whom they share it. However, a growing number of legitimate software titles install secondary programs to collect data or distribute advertisement content, without properly informing the user about the real nature of those programs.
Not a Virus
Unlike a virus, spyware is usually installed by the end-user, even though they may have no idea of the software's real effect. Spyware tells you, albeit in hidden legal jargon, what it will do. This is the spyware company's escape clause.
Since spyware is typically written by companies with their own development staff, it differs from viruses. In addition, spyware companies sue makers of anti-spyware software for listing their company as spyware. This makes the matter of scanning for and cleaning spyware from your machine more difficult.
Types of Spyware
Hacker Tools
These are programs that are intentionally run by a hacker, usually in the hacker's machine. Such tools have interfaces through which the hacker interacts with the program.
Key Loggers
This is an application, running in the background, recording all the user keystrokes.
Remote Administration Tools
A Remote Administration Tool, or RAT, is a trojan that enables an attacker to remotely-control a machine via a client in the attacker's machine, and a server in the victim's machine.
Trojans
This is unkown and unwanted software that runs in a user's machine as an agent of
the attacker.
Worms
Any program that propagates by attacking other machines and copying itself to them.
How is it installed?
Spyware normally installs itself through a variety of methods, the most common are:
- Bundling with an apparently useful program. The makers of such packages usually make them available for download free of charge, to encourage wide uptake of the spyware component. This applies especially with file-sharing clients.
- Taking advantage of security flaws in your internet browser software.
- Downloading with or without any prompt. A drive-by download takes advantage of easy installation via ActiveX controls.
Spyware can also install itself on a computer via a virus or an email trojan program, but this does not commonly occur.
An HTTP cookie, a well-known mechanism for storing information about Internet users on their own computers, often stores an individual identification number for subsequent recognition of a Website visitor. However, the existence of cookies is not hidden from users, who can also disallow access to cookie information. Nevertheless, to the extent that a Website uses a cookie identifier (ID) to build a profile about the user, who does not know what information accumulates in this profile, the cookie mechanism could count as a form of spyware. For example, a search engine Website could assign an individual ID code to a user the first time he or she visits. That cookie can then store all search terms in a database with this ID as a key on all subsequent visits (until the expiry or deletion of the cookie). The search engine could use this data to select advertisements to display to that user, or could -- legally or illegally -- transmit derived information to third parties.
Granting permission for web-based applications to integrate into one's system can also load spyware. These Browser Helper Objects -- known as Browser Hijackers -- embed themselves as part of a web browser.
Protection at the Gateway
Marshal Ccontent Ssecurity solutions are designed to identify and handle threats to your organization at the Internet gateway. Marshal can integrate with a wide variety of specialist third-party products; including anti-spyware / anti-malware. Through seamless integration, Marshal solutions can identify these threats as they attempt to enter your organization via the Internet or email. These threats can then be automatically quarantined and managed according to your corporate security policy.