Spyware has fast become the number one Internet security threat facing corporations, silently tracking surfing behaviour, keyboard strokes or worse. Compromised data, increased technical support and reduced productivity are all direct consequences of spyware infections. One problem system administrators face is that it is difficult to centrally scan and safely remove harmful files from networked computers as most spyware is also linked by registry entries, which need to be cleaned as well, and some threats actually need to be removed by using Windows Application Programming Interface functions. This means that antispyware tools need to be installed, configured and run on each machine in the same way as antivirus software.
One of the leading Windows-based antispyware tools is Spybot Search & Destroy, a freeware program that removes adware, spyware, dialers, keyloggers and Trojans. It works with the leading browsers and is compatible with many antivirus and other antispyware programs you may be running. It also includes various useful tools, reports and an integrated update function, which installs weekly updates. There are several advanced settings such as being able to exclude certain products, cookies and files types from searches, but what I really like about it is the detailed information given about any problems it finds. This is particularly important given the trouble that can follow removing incorrect files and registry settings.
For a small organization it's possible to install and configure Spybot on each PC, but for larger corporations this is not really an option as it would be too time consuming, and frankly, quite dangerous to allow users to configure it themselves. Thankfully there is Server for Spybot that allows you to create a centralized standard configuration for Spybot, schedule scans on client machines, and send scan reports to an administrator. Clients can also update themselves from your server thus avoiding the need for every client to download updates from the Internet. Unlike Spybot, this product is not free but as it greatly reduces network traffic and gives the administrator the ability to control the configuration of Spybot's advanced options, which finesse how it works, it is worth the cost.
As part of a corporate rollout, of Spybot I would run a Security Awareness course that highlights the problems of spyware and what users should do to avoid it. The course should also cover the Spybot software and its function so that users understand what it does and how to respond to any messages. Of course, anti-spyware should not be your only weapon against spyware. It must be used in conjunction with a firewall, an antivirus application, spam and pop-up blockers, and a well-enforced security policy.
This was first published in August 2005