Problem solve Get help with specific problems with your technologies, process and projects.

Spyware's impact on the network

I ran a spyware program on my work laptop and found 43 different spyware applications residing on it -- 526 instances in all. I'm just one person. My company has around 300 people. Assuming everyone averages the same, what is the over all network slow down?

As a little background info, there are two kinds of spyware used: The first kind is used by businesses on the Internet and the second type is defined as malicious code.

Online businesses use spyware to track usage of a site for demographic/sales reasons. Although intrusive, the actual threat is little to none as related to things such as viruses and other malicious code. They do cause a lack of privacy, and if you are not careful, you could provide more information to these threats than you would like. The 200+ that you have identified is in fact spyware of the lower risk factor and can be removed using any of the free tools today such as Ad-aware, Pc Pitstop or Spybot Search &Destroy.

The second type of spyware is considered malicious code. It is an application that keystroke logs everything you enter into your computer and sends that information to a hacker/cracker. Most spyware is not in this category, but it should not be long when the hacking community creates a way to utilize this threat.

In regards to your specific concerns, spyware findings by automated software sometimes have very high false/positive reports due to the very nature of what they are looking for on your systems. For example, you may have special libraries files loaded for a valid application, but spyware-checking software will identify it as "spyware", which is wrong. So, just like all other security checking software you must know your systems and the files associated with them. Another avenue you can pursue is checking each and every instance reported for validation.

I have similar issues with spyware and users in the company where I work. Normal, non-admin, people will run a spyware checker and find a bunch of alerts. They think they have hit the mother load only to find out their entire list of findings is filled with false positives. (If you really had 526 spyware applications in your systems, you would have much greater problems and most likely lose your network or computer access in a matter of hours.)

If you are running this at home you must still validate each and every instance. Actually, anytime you use an automated security tool the results must be validated and cannot be accepted as face value. Systems are systems. Each is different.

I recommend you run one of the many freeware programs to remove the spyware. As far as your company goes they may not see spyware as a valid threat only because they are more concerned with the high-level malicious code like viruses, Trojan horses and worms. Most likely, your company is depending its "Internet Use" policy to protect them from harmful spyware. Also, most firewalls or IDSes will alert on any serious spyware threat such as the keystroke loggers.

For more info on this topic, please visit these SearchSecurity.com resources:
  • Article: One company's spyware is another's monitoring tool
  • Ask the Expert: Does spyware and adware qualify as 'malicious software' under the HIPAA rules?
  • Article: Lawmakers target spyware
  • This was last published in February 2004

    Dig Deeper on Email and Messaging Threats-Information Security Threats

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.