Firms must tackle spyware now

Spyware in PCs can let sensitive company information out

When was the last time you checked on your PCs for spyware? What corporate anti-spyware system are you using? Actually, I bet most people would be pushed to name a single corporate anti-spyware tool.

I certainly couldn't until a few days ago when I came across the free online audit service offered by US software vendor Webroot - see the first web link below. This handy tool lets you run a scan on any of your company PCs and aggregate the results for all the systems tested. But be warned - it can be scary.

I've been protecting my home and office PCs against spyware for a year or two using some of the free consumer tools such as Spybot Search & Destroy and Lavasoft Ad-Aware, but I was surprised that the Webroot audit indicated a few potentially dodgy advert tracking cookies still lurking on my system.

Fortunately, the cookies are pretty low-risk and are easily deleted, but this highlights one of the problems of spyware, which is that there's no common industry definition of what constitutes harmful and intrusive software, let alone a global database of spyware.

Every anti-spyware system has its own quirks - very much like antivirus software in the early days. Back then, we spent a great deal of time in the labs seeing which antivirus packages could identify which viruses, whereas these days it's all about ease of use and speed of response to new threats.

Today, it is generally taken as read that all antivirus products should be able to detect all known viruses. I expect that very soon anti-spyware tools will end up in a similar state.

Microsoft has recently, and perhaps predictably, jumped into the fray, by launching its AntiSpyware beta service. This free (for now - expect charges to kick in by mid-year) software is the fruit of Microsoft's acquisition of the Giant Software Company in December.

Interestingly, one of the modules in Microsoft's software is the Spynet Community, a sort of neighbourhood watch system for spyware that's similar to the database services that monitor spam. Microsoft's move could be one that pushes the industry to start agreeing on what spyware actually is.

If you've never checked your PCs for spyware, I'd strongly suggest you do it right now. You've probably seen some of the more obvious spyware-type stuff, such as annoying search toolbars, and tools that hijack your browser, or generate multiple popup adverts every time you try to access the internet.

These are annoying and can reduce productivity, but more insidious are the "invisible" threats such as keyloggers and backdoor Trojans that can gather data about your PC and network. These can easily bypass your antivirus and firewall systems, slow your network to a crawl, and at the worst seriously compromise your company's data security.

If you do nothing else this month, try and get a grip on spyware. It's not just a buzzword invented to freak out paranoid home users, it can be a real threat to your business.