Spyware and grayware refer to applications or files not classified as viruses or Trojans, but can still negatively affect the performance of the computers on the network. Spyware and grayware introduce significant security, confidentiality, and legal risks to an organization. Spyware/Grayware often performs a variety of undesired and threatening actions such as irritating users with pop-up windows, logging user keystrokes, and exposing computer vulnerabilities to attack.
Spyware: Gathers data, such as account user names and passwords, and transmits them to third parties
Adware: Displays advertisements and gathers data, such as user Web surfing preferences, to target advertisements at the user through a Web browser
Dialer: Changes client Internet settings and can force a computer to dial pre-configured phone numbers through a modem. These are often pay-per-call or international numbers that can result in a significant expense for an organization.
Joke Program: Causes abnormal computer behavior, such as closing and opening the CD-ROM tray and displaying numerous message boxes
Hacking Tools: Helps hackers enter computers
Remote Access Tools: Help hackers remotely access and control computers
Password Cracking Applications: Helps hackers decipher account user names and passwords
Others: Other types not covered above
OfficeScan can perform the following actions against these spyware/grayware types: Clean, Pass, Deny Access.
Spyware/Grayware often gets into a corporate network when users download legitimate software that has grayware applications included in the installation package. Most software programs include an End User License Agreement (EULA), which the user has to accept before downloading. Often the EULA does include information about the application and its intended use to collect personal data; however, users often overlook this information or do not understand the legal jargon.
The existence of spyware and other types of grayware on the network have the potential to introduce the following:
Reduced computer performance: To perform their tasks, spyware/grayware applications often require significant CPU and system memory resources.
Increased Web browser-related crashes: Certain types of grayware, such as adware, often display information in a browser frame or window. Depending on how the code in these applications interacts with system processes, grayware can sometimes cause browsers to crash or freeze and may even require a computer restart.
Reduced user efficiency: By needing to close frequently occurring pop-up advertisements and deal with the negative effects of joke programs, users become unnecessarily distracted from their main tasks.
Degradation of network bandwidth: Spyware/Grayware applications often regularly transmit the data they collect to other applications running on or outside the network.
Loss of personal and corporate information: Not all data that spyware/grayware applications collect is as innocuous as a list of Web sites users visit. Spyware/Grayware can also collect user credentials, such as those used to access online banking accounts and corporate networks.
Higher risk of legal liability: If computer resources on the network are hijacked, hackers may be able to utilize client computers to launch attacks or install spyware/grayware on computers outside the network. The participation of network resources in these types of activities could leave an organization legally liable to damages incurred by other parties.
There are many ways to prevent the installation of spyware/grayware to a computer. Trend Micro suggests adhering to the following standard practices:
If you have the privilege, configure all types of scans (Manual Scan, Real-time Scan and Scheduled Scan) to scan for and remove spyware/grayware files and applications.
Read the End User License Agreement (EULA) and included documentation of applications you download and install.
Click No to any message asking for authorization to download and install software unless you are certain both the creator of the software and the Web site you view are trustworthy.
Disregard unsolicited commercial email (spam), especially if the spam asks you to click a button or hyperlink.
Configure Web browser settings
that ensure a strict level of security. Configure Web browsers to prompt
you before installing ActiveX controls. To increase the security level
for Internet Explorer
If using Microsoft Outlook, configure the security settings so that Outlook does not automatically download HTML items, such as pictures sent in spam messages.
Do not use peer-to-peer file-sharing services. Spyware and other grayware applications may be masked as other types of files you may want to download, such as MP3 music files.
Periodically examine the installed software on the computer and look for applications that may be spyware or other grayware. If you find an application or file that OfficeScan cannot detect as grayware but you think is a type of grayware, send it to Trend Micro: http://subwiz.trendmicro.com/SubWiz. TrendLabs will analyze the files and applications you submit.
Keep your Windows operating system updated with the latest patches from Microsoft. See the Microsoft Web site for details.