Spyware and Adware

Spyware poses a significant risk to individuals and organizations. It gathers confidential information and uses various methods to provide it to another party, often for monetary gain. Currently the market for Spyware and Adware prevention products today is very immature. There are no established industry standards and no agreement among vendors on what is and isn't classified as Spyware and Adware.

What is the difference between Spyware and Adware?
Spyware can log your keystrokes, perform screen captures, and keep track of your email correspondence and Instant Messaging conversations. Once obtained, Spyware programs use various methods to provide the data to another person. Adware tends to be narrower in scope, tracking web browsing habits or preferences and transmitting that information to third parties to enable targeted advertising. In addition, data gathered by Adware programs is generally non-identifiable; that is, you are not personally identified during the collection of the data.

Are Spyware and Adware illegal? Should they be?
The legality of these programs and how they are used differ from place to place. What may be a useful activity-monitoring tool may also be used to perform illegal acts. Thus, generally the legality of Spyware and Adware relates to how the program is being used rather than the technology itself.

How does Spyware present a risk to privacy?
Because Spyware captures sensitive information before it is encrypted for transmission, it can bypass security measures that you may have in place, sending the text on in an easily readable format. This can facilitate identity theft, as personal information such as a mother's maiden name, social security numbers or credit card information can provide enough data for identity manipulation.

How does Adware present a risk to privacy?
Data gathered by Adware is generally non-identifiable in that you are not personally identified during the collection of data. However, should you respond to the Adware, the usual security concerns apply and you should exercise due diligence when sending personal information over the Internet. You need to make sure you have a secure, encrypted connection, and that you are protected against threats like browser hijacking (in which you are unknowingly redirected to a "look-alike" Web site) and drive-by downloading (in which you unknowingly download a program just by visiting a Web site). Due to the multiplicity of threats and risks, it is important to use a product that addresses the entire spectrum of programs that threaten or introduce risk to your data.

What is the impact of Adware on my computer? Does it actually harm anything?
The impact of any program on a computer depends on many factors. Whether or not a program is undesirable is likewise subjective. Additionally, the introduction of any new program presents the risk of potentially affecting the security of your data. As there are no formal standards of acceptability and user's needs vary widely, there is a wide variance both in terms of program actions (from deliberate actions against user expectations to totally benign) and in terms of user expectations (from wanting Adware to show targeted advertising or information that is specific to location, to not wanting any program that introduces any form of additional risk).

What is Symantec's position in the anti-Spyware and anti-Adware market?
Symantec has provided Spyware detection capability in our desktop/client security products for more than a year. However, we realize that detection is not a complete solution for our customers. As a result, we have been heavily investing in the development of solutions that address the needs of the market.

How does Symantec classify and categorize Spyware and Adware programs?
Symantec products classify and categorize programs according to functionality. This allows you to select your acceptable risk level and detect only programs that fall outside your own acceptable limits.

Some vendors claim to detect more Spyware programs than Symantec. Why is that?
Vendors that do not offer complete solutions lump all Spyware, Adware, worms, bots, Trojan horses and tracking cookies together so that they can claim to detect thousands of threats. This artificially inflates the numbers, making products appear to be more effective than they actually are. In reality, the actual amount of Spyware and Adware detected by these programs is less than the number of Expanded Security Risks detected by Symantec.

How does Symantec decide what threat level to give any single piece of Spyware or Adware?
Symantec carefully evaluates risks to determine the category in which they fit. Additional information on criteria, such as stealth (or the extent to which it is difficult to know a particular program is running on your system), privacy impact, performance impact and ease of removal are available within the products.

Can I safely remove Spyware from my system?
Some spyware can be uninstalled using the uninstaller that accompanies the program. Other Spyware must be manually uninstalled, and yet other Spyware may be removed using special tools. It is also important to note the possibility that if the Spyware you remove is linked to another program, the other program may become inoperable when the Spyware is removed.

What can customers do to protect themselves against the threat of Spyware?
Symantec recommends that customers implement standard best practices to effectively protect themselves against the increasing threat of Spyware. First, set a policy in your organization on what Spyware is and what online behavior is and is not allowed. Second, deploy an endpoint security solution that provides protection from both known and unknown Spyware threats. The solution should detect and remove known Spyware threats in real-time, and should also provide mechanisms to block unknown Spyware such as a firewall that blocks/monitors both inbound and outbound network traffic. And finally, because the line is blurring between Spyware and malicious code, customers should ensure patches are kept updated, strong password policies are enforced and unneeded programs are turned off.

What should customers look for in an anti-Spyware solution?
Symantec recommends an anti-Spyware tool that offers good manageability, solid detection and repair capabilities, and a customization option to ensure it meets individual needs (one organization's prohibited Spyware may be allowed in another organization). Finally, and perhaps most importantly, the solution should also be backed by a robust and dedicated research and response mechanism that tracks new Spyware threats and provide timely updates as the threat landscape evolves.