Articles by IntegriNet Solutions, Inc.

Reducing the Effect of Spyware

Notwithstanding the latest round of viruses and worms that took down the websites of CNN and other media giants, the greatest bane of computer users in the last few years has been spyware. And the problem is growing.

The security firm, Webroot, recently published the results of scanning 60 thousand business computers. It found that 80 percent of them were infected to some degree with spyware. Moreover, the average number of simultaneous infections per computer has risen to twenty-seven.

This is confirmed in our experience as well. When we are called out to remove spyware from a computer, we sometimes find nearly one hundred different versions of spyware infecting the machine. No wonder it runs slowly, or not at all.

Sometimes the infections have gotten so numerous and intertwined that there has been no way to remove them all except by starting over from a clean installation of the operating system. This process can cost several hundred dollars. Not infrequently, the business owner just decides to replace the infected computer with a new one.

Interestingly, the damage to the computer may be the smaller portion of the cost of spyware. More and more spyware is being developed to facilitate identity theft. The perpetrators hope to spy as you type your credit card numbers or access your accounts at financial websites.

For the most part, this pain and expense is unnecessary.

True, according to national studies, 84 percent of small businesses have antivirus protection, but only 43 percent have spyware protection. But there is another reason that I believe the bulk of the problem is avoidable.

Spyware typically enters a system one of two ways. The first is through spam email. In our professional opinion, every business should have antispam protection. Imagine that a certain percentage of the junk mail that arrived at our homes carried anthrax spores. Surely we would find a way to ensure that unsolicited mail did not get into our house. The analogy fits spam quite well – it is a carrier of all kinds of infectious material and a reasonable effort should be made to keep it out of our systems.

The other method by which spyware gets into our systems is by visiting infectious websites. These sites are usually designed to be attractive nuisances. They may offer free pictures of disrobed celebrities, free music downloads, free funny pictures, free email post cards, etc. Sometimes just by visiting them, but particularly if you are tricked into downloading content from them, you get spyware.

According to a study by Accountemps, the average business computer user will spend about one hour each day in personal use of the Internet, including personal email, shopping, and Web surfing. An hour per day of personal use of the Internet! Imagine what that must cost in lost productivity. If an employee were making personal phone calls for an hour each day, his or her manager would probably do something about it.

It is often during that hour per day that employees get their computers loaded up with spyware. When we are called upon to remove a spyware infection, the history invariably shows that the employee has definitely not been limiting his or her surfing to business-related sites.

If employers want to substantially reduce the impact of spyware on their companies, in addition to blocking spam, they should publish an “acceptable use” policy governing personal use of the computer by employees. Then they should enforce it. Two-thirds of large companies actively monitor email and Internet use by their employees. Not many small businesses do.

To get a handle on these costs, a few business owners have taken the drastic step of limiting the Web access of their employees to certain reputable, business-related websites. If an employee wants to have access to a blocked website, he or she must apply to the manager to make it available. Such a “white list” approach is amazingly effective at cutting the rate and cost of spyware infections.

IntegriNet offers an inexpensive antispam solution to its clients. For information, call us. Ratings of other products can be found here.

For suggestions on establishing “acceptable use” policies, click here.

Microsoft’s Internet Security and Acceleration Server is an excellent program for businesses that want to monitor/control Internet use.