340 likes | 459 Views
Adware and Spyware. Define terms, scope, and motivation Discuss impact (personal and business) Review basic technical aspects Provide basic identification and removal resources Discuss prevention techniques. Objectives. Definitions, Scope, and Motivation. Malware: mal icious soft ware
E N D
Define terms, scope, and motivation • Discuss impact (personal and business) • Review basic technical aspects • Provide basic identification and removal resources • Discuss prevention techniques Objectives
Malware: malicious software • Adware: advertising-oriented • Spyware: information-oriented • Anti-adware and anti-spyware are the tools that fight them Definitions
What and Why? Adware Spyware Spying Goal is to gather information Data pulled from you to them Hopefully information can be used for sale or power • Advertising • Goal is to sell or promote • Data pushed from them to you • Hopefully you will buy or visit
Money • Firms place ads for selves or clients • Paid by click-through or direct purchase • Identity/data theft • Power • Ruin rival’s reputation • Blackmail, intelligence activities • Gain notoriety and satisfaction Motivation
Trojans, viruses, phishing, pharming, rootkits, adware, spyware … so much bad stuff! • Questions: • Can adware be spyware? • Is there a relationship between adware, spyware, and other malware? Relationships
Loss of computer functionality Impact and Effects
What Is This? Source: http://en.wikipedia.org/wiki/Image:Spyware_infestation.png
Internet Explorer On XP The web page! Entire screen Source: http://en.wikipedia.org/wiki/Image:Spyware_infestation.png
Loss of computer functionality • Loss of computer performance • Loss of personally identifiable information Impact and Effects
Maricopa County • Continues to grow in frequency • Effects: • Loss of money • Credit problems • Criminal record • Inability to work Impact: Identity Theft
Pop-ups • Conditional acceptance • Tracking cookies (history) • Tracking images (web, email) Some Adware Techniques
Click tracking • Active web technology • Careless use of protective software (or none at all!) Some Adware Techniques
Software downloads • Online games • Keystroke loggers • Pop-ups Some Spyware Techniques
Free adware/spyware removal programs • Commercial software • Careless use of protective software (or none at all!) Some Spyware Techniques
Adware is everywhere Identifying and Removing www.zedo.com “Zwinky is free with download of toolbar” http://www.youtube.com/v/1jbEZlnl9WQ
67% infected among those surveyed* • Can you keep up? Identifying and Removing * Source: Enterprise Information Systems Assurance and System Security (Warkentin and Vaughn, ed.), p. 51.
Common symptoms* • Pop-ups • Toolbars • Performance problems • More OS/application crashes • Can be symptomless Identifying and Removing * Source: Enterprise Information Systems Assurance and System Security (Warkentin and Vaughn, ed.), p. 51.
Anti-adware tools • Anti-spyware tools • Network packet sniffing Identifying and Removing
Methods: • Manual • “Free” tools • Commercial tools • Can be difficult Removal
What does not prevent it?* • Personal firewalls • Anti-virus programs • The best you can hope for is to discourage it. Prevention * But they do help prevent spyware and adware that spread that way.
Safe browsing: • Disable active browser technologies • Limit use of cookies • Limit browsing to reputable sites • Use “high” security settings • Flush cached and personal information Prevention
Anti-spyware and anti-adware • No single product or suite handles it all • Investigate tools carefully • Firewall and anti-virus • Up to date • Properly configured • Stay informed! Prevention
Loss of productivity • Increased IT support costs • Theft of intellectual property • Liability associated with privacy violations • Premature information disclosure • Loss of credibility … Business Impact Source: Enterprise Information Systems Assurance and System Security (Warkentin and Vaughn, ed.), p. 52.
Security policy • Write it down • Educate everyone • Management buy-in • Audit compliance • Use generally good practices • Stay up to date! Business Prevention
Adware and spyware come with serious consequences • Identification and removal can be difficult • Prevention is best • User education is key Conclusions
Enterprise Information Systems Assurance and System Security, Warkentin and Vaughn, ed., 2006. • Wikipedia, http://www.wikipedia.org • Original clip art is from the Microsoft Office web site unless otherwise cited Credits