Stopping Spyware at the edge of the network

I don't believe I've seen you here before. You may want to subscribe to my feed to keep informed of new posts at DynamicVB.NetRSS feed. Thanks for stopping by!

Spyware is a more serious problem for network today than most viruses and really pose more of a threat to the security of the network. Over the past couple of years the number of virus outbreaks have actually went down while the proliferation of Spyware has grown to enormous proportions. The main reason for this was while all the large companies where working to prevent the Virus outbreaks seen by most companies during the early part of the 21st century the rising threat of spyware was mostly over looked.

Spyware is no longer being overlooked, but the Spyware writers have a huge lead over companies that are attempting to provide products to combat this increasing threat. The main method for combating this threat is to ensure the computers in your network have the latest patches for the operating system, but this is not always feasible in this environment of companies asking Technology Support departments to do more with less resources. Technology Support personal numbers ar eon the decline in a lot of companies while the threats to the infrastructure are increasing. Testing and deploying patches is a labor intensive operation even if you us some of the automated tools out there like Windows Update Service, you still must test each patch to ensure it does not interfere with custom applications used in support of the company’s business processes.

Another popular method is to limit the user’s access on their desktop, but this is not always feasible either, since a lot of applications require the logged on user to have elevated permissions on their computer to function properly. Couple this with the fact that many Technology Support departments do not have the political clout to force users to work in a manner that is best for the company as a whole.

So considering these situations how does a Network Admin control this threat in an effective manner. The Network Admin must go to the one area that no one else has access to the Network Edge. There are quite a few commercial products out there that will hunt down Spyware on the network and kill it on the user’s computer. You can also implement a Web filtering device which prevents user’s from visiting in-appropriate websites while they are connected to the company’s network. Many of these applications also have options to detect and eliminate Spyware type applications from ever entering the network.

This may be a difficult sell since these programs are usually kind of pricey, but if approached the correct way then you can usually get Management to sign off on the cost. The most efficient way to convince them of the need is to take an approach showing how much more productive employees will be with these protective measures in place. These edge appliances can potentially provide a method for Network Administrators to take back control of their network resources and eradicate these Spyware type resource draining applications from their network.

Spyware Protection through Lowest User Access

Many of the computers that are attached to the Internet are infected with some sort of Spyware or Adware type applications. These applications are designed to subject the user from anything from annoying pop up windows to the stealing of people’s identity. As time goes along these programs will only become more advanced and will cause even more problems for Internet Service Providers and System Administrators as these programs advance in functionality and become even harder to detect.

There is a simple measure you can take to prevent these programs from being able to access your system in the first place. Many experts recommend that you keep your system updated and ensure you have the latest Virus and Protection software up to date. You can even utilize a firewall, like the one that comes default with Windows XP, to combat these threats. These are great ideas, but there is something simpler you can do that will prove to be more effective at combating Spyware than all of these methods combined. This method is described as Lowest User Access or LUA.

By default most home computers only ever have one user account created and that is the account that first came with the computer. This account known as Owner or Administrator or sometimes even your name probably has Administrator privileges. What most do not know is an account with Administrator privileges is not needed for the majority of tasks you perform on your computer. These privileges are needed when you are setting up software or installing additional hardware to your computer, but for simple surfing the net and working in office applications do not require near this level of access.

Why is this fact being mentioned, well it’s because this is the main cause of Spyware and Virus infections on the majority of computers. Most computer owners are not even aware of this fact since the default accounts shipped on computers are usually in the Administrator’s group. This is by design since this reduces the amount of support calls the computer companies receive because people can not perform a certain task and they call for support as a result. If anyone can perform any task then that reduces the chance they will need to call the support desk which saves the computer company money.

There is no valid reason for the majority of users to ever need Administrator privileges to perform 90% of all tasks you will ever need to use your computer for accomplishing. You could just as effectively accomplish your daily tasks with an account that only requires user permissions. If everyone would do this then Spyware can be eliminated and it would not be profitable for people to write these programs. The reason for this was alluded to earlier. Since only the Administrator or Power User Level accounts can install software then at least one of these types of accounts is required for Spyware to install itself. If you are not logged on under and account with these elevated privileges, then the spyware can not install. This is a very easy protective measure to take and you can implement it in just a few minutes. Just right click My Computer and select manage. Then open up the users section and add your self a new lowest access user to your system and use that account to surf the net. You can always log onto your computer with the Administrator account if you need to install something new.

How to detect Spyware on your computer

Spyware is a little piece of code or program that is usually installed on your computer without your knowledge, but sometimes these programs are installed when you install some other program, but there is additional functionality installed as part of the program.

Spyware programs are usually not destructive, but there are some programs that attempt to steal your personably identifying information and could be used to steal your identity. This is one of the most troubling problems that the spyware proliferation on the Internet poses. Everyone needs to take proper measures through keeping their operating systems up to date and utilizing third party spyware scanning programs to prevent the infection.

The second big problem that spyware imposes is that is wastes your precious computer resources and slows down the performance of your computer. This is because the programs are usually not well coded and they contain numerous memory leaks and other non optimized code. The programs usually run in the background and are designed so that they are not easily detected.

There are many SpyWare detection programs on the Internet that are designed to stop these programs, but since there are many more Spyware writers than there are spyware detector writers, then most spyware is never detected. There are a few methods you can employ to determine if you have been infected.

If you watch your hard drive light, you may notice an excessive amount of activity when you are doing much on your computer. This could be a valid process such as a Virus Scan or valid operating system process running, but it could be a spyware program doing its work in the background.

Another method is to check the processes in your computer task manager for rogue programs. This is not hard to do, but it does take a little time to effectively perform. If you are running Windows XP then an easy way to check your task manager processes is to right click on the task bar and select Task Manager. You will receive a dialog box, where you can view the processes running. You do not want to look in the Applications section as many times that will not help your cause as these programs are hidden. You will then need to research each process running using a search engine such as Google to determine if the process may be a rogue process and possibly spyware. There will be many processes running in the Task Manager and most of those will be valid. If you notice one of the programs that is taking a lot more resources than the others such as CPU time or Memory consumption then that is a good candidate for a SpyWare program. Start with the high usage programs and research those first.

If you look for these two items then you will be able to detect the prescience of most types of spyware, but that is not to say you should not have a Spyware detection program installed. There are many of these programs both free and commercial versions. While the free type of detection program may seem most appealing, there is something to be said for the viability of commercial versions too. After all if you consider the danger Spyware poses to your security then do you not want version that has a commercial entity standing behind it and thus a company with the resources to research the various threats as they evolve and do the necessary research to effectively combat the threat this poses to your identity and safe web surfing experience.