Using Spybot Search & Destroy in a corporate setting

BROWSE BY TAG Application Security,   Application and Platform Security,   Web Security Tools and Best Practices,   Web Application Security,   Malware, Viruses, Trojans and Spyware,   Information Security Threats,   VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Security How to secure a .pdf file How do hackers bypass a code signing procedure to inject malware Do Facebook URL security concerns justify blocking social networks? What are Google Chrome's security features? Is there a way to block iPhone widgets that bypass Web filters? Should enterprises be concerned with Twitter in the workplace? Are there still Google Desktop security problems? Can an IP spoofing tool be used to spam SPF servers? Will an application usage policy best control network bandwidth? How can URL-shortening services be manipulated? Web Application Security Black box and white box testing: Which is best? InZero Systems launches hardware-based security gateway Web application vulnerability assessment shows patching progress Preventing SQL injection attacks: A network admin's perspective Cisco acquires SaaS security vendor ScanSafe Web application firewall use goes beyond compliance, company finds Gumblar Trojan drive-by exploits spike following Adobe update Some Facebook applications lead to Russian attack sites Barracuda acquires Purewire expanding Web security reach An enterprise strategy for Web application security threats Malware, Viruses, Trojans and Spyware The world's top 5 riskiest domains New Zeus spam poses as Social Security statements Increase in Gumblar backdoors poses FTP credential problems Hackers to sharpen malware, malicious software in 2010 iPhone worm Rickrolls jailbroken phones Israeli Mossad add Trojan Horse to Syrian laptop Schneier-Ranum Face-Off: Is antivirus dead? Modern malware, stealthy botnets, adapt quickly, expert says Computer worm infections up, scareware antivirus down, Microsoft says Web-based attacks skyrocket, pirating sites surge, security firms say

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary anonymous Web surfing  (SearchSecurity.com) buffer overflow  (SearchSecurity.com) cache cramming  (SearchSecurity.com) cookie poisoning  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) National Computer Security Center  (SearchSecurity.com) threat modeling  (SearchSecurity.com) trigraph  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

Spyware has fast become the number one Internet security threat facing corporations, silently tracking surfing behaviour, keyboard strokes or worse. Compromised data, increased technical support and reduced productivity are all direct consequences of spyware infections. One problem system administrators face is that it is difficult to centrally scan and safely remove harmful files from networked computers as most spyware is also linked by registry entries, which need to be cleaned as well, and some threats actually need to be removed by using Windows Application Programming Interface functions. This means that antispyware tools need to be installed, configured and run on each machine in the same way as antivirus software.

One of the leading Windows-based antispyware tools is Spybot Search & Destroy, a freeware program that removes adware, spyware, dialers, keyloggers and Trojans. It works with the leading browsers and is compatible with many antivirus and other antispyware programs you may be running. It also includes various useful tools, reports and an integrated update function, which installs weekly updates. There are several advanced settings such as being able to exclude certain products, cookies and files types from searches, but what I really like about it is the detailed information given about any problems it finds. This is particularly important given the trouble that can follow removing incorrect files and registry settings.

For a small organization it's possible to install and configure Spybot on each PC, but for larger corporations this is not really an option as it would be too time consuming, and frankly, quite dangerous to allow users to configure it themselves. Thankfully there is Server for Spybot that allows you to create a centralized standard configuration for Spybot, schedule scans on client machines, and send scan reports to an administrator. Clients can also update themselves from your server thus avoiding the need for every client to download updates from the Internet. Unlike Spybot, this product is not free but as it greatly reduces network traffic and gives the administrator the ability to control the configuration of Spybot's advanced options, which finesse how it works, it is worth the cost.

As part of a corporate rollout, of Spybot I would run a Security Awareness course that highlights the problems of spyware and what users should do to avoid it. The course should also cover the Spybot software and its function so that users understand what it does and how to respond to any messages. Of course, anti-spyware should not be your only weapon against spyware. It must be used in conjunction with a firewall, an antivirus application, spam and pop-up blockers, and a well-enforced security policy.

More information