Thursday, June 24, 2004

Malicious code?

Okay, I'm in a fighting mood. I've had to argue repeatedly in the last week that Spyware is nothing more than malicious code. It's just a trojan with a few odd twists. By using various prevention and detection/clean-up tools, an organization should be able to keep ahead of the malicious code.

Prevention tools include: content filtering for web and mail traffic, pop-up blockers, anti-virus software (those that include spyware scanning), and active systems adminstration and network monitoring. A good portion of the problem can be prevented by blocking specific sites. Unlike worms/viruses, the sources of spyware do not move around much.

Detection/clean-up tools include: spyware scanners or anti-virus scanners with spyware detection capabilities, active systems administration and network monitoring.

Spyware gets in (mostly) via user interaction. It also is included in legitimate software and can even be installed via RPC. People noticed the Blaster worm because it was noisy and infected other systems. How many people have noticed spyware that was quietly installed and only occasionally connects to a website?

Anyone want to convince me otherwise?