Download presentation
Presentation is loading. Please wait.
Published bySavannah Jess Modified over 9 years ago
1
SPYWARE Presented by The State Security Office November 17, 2004
2
We Have Viruses, Worms, Spam Virus – code inside existing program Worm – independent code that spreads Spam – message broadcast to many email addresses
3
So What’s Spyware? Technology Gains information about user... without their knowledge Benefits other party, not user
4
Spyware Can... Track Browsing Steal Identity Corrupt Data Create Profiles Slow the Computer Slow the Network Change Homepage Modify Hosts File Download Malware Modify Registry Change Settings Hijack Computer Leak Information Violate HIPPA
5
Good Cookie Not all Information Gathering is Bad! Retains sign-on through session Holds a shopping cart Allows purchases Gets correct delivery address Holds the user’s place
6
Bad Cookie Some Information Gathering is Very Bad Gets more than you intend to give Holds it longer than you want Shares it with others
7
Kinds of Spyware Adware – Annoyance or Serious problem System Monitors – Monitors activity Reports to others Trojan Horses Innocent looking program Causes harm
8
$pyware Why do we have Spyware infections? $$$$ MONEY $$$$$ “I’m your bank, give me your account number...” “Okay, it’s 4323409857... anything else you want?”
9
$$ Motivation $$ Target advertising Aggressive advertising Advertisers pay to piggyback Sell bogus products Credit cards, passwords, account numbers Get private business information Extortion
10
How? People Open Doors... F for User Awareness... Fall for ploys (phishing) Fail to keep software updated Fail to keep security settings reasonable Fail to use spyware protection
11
Doors Users Open #1 is P2P File Sharing Software vulnerabilities Weak privacy settings Intentional downloads Bad Internet neighborhoods End User License Agreements Clicking on pop-up advertisements Phishing
12
Sneaky Ways In Cookies Unintentional downloads Drive-by downloads Piggybacking on legitimate downloads Disguised anti-spyware Disguised anti-porn Associated with trusted products
13
Prevention People Tools Policy
14
People Awareness Reactions to social engineering ploys Don’t click on links in pop-ups Don’t believe spam reports Extreme caution when loading software Know how to recognize problems Know how to use the tools Understand the policies
15
Tools Choose good software tools Keep the products updated Use them regularly Know about good resources Take advantage of the P3P standard
16
Policy Product updates Restrict or forbid dangerous practices P2P file sharing Public instant messaging Unapproved software installation Use appropriate settings Consider notebook and home systems Report problems promptly
17
Legislation State and Federal Much is already illegal Legislation may not help much
18
Detection Use good tools Inoculate Update weekly Scan weekly Symptoms: Slow computer, lots of pop-ups, browser hijacking
19
Removal Remove bad files Remove copies of files! Reverse host file changes Reverse browser changes Reverse registry settings Good tools and/or Experienced Help
20
Resources The State Security Office http://www.cio.arkansas.gov/security http://www.cio.arkansas.gov/security Spyware Warrior http://www.spywarewarrior.com http://www.spywarewarrior.com Spybot Search and Destroy http://spybot.safer-networking.de/en http://spybot.safer-networking.de/en Ad-Aware http://www.lavasoft.de http://www.lavasoft.de
21
Ad-Aware Can I use Ad-Aware Personal (free) version at work? No, Ad-Aware Personal is free for individual use only. For profit business entities, governmental entities, or educational institutions, must purchase a valid end-user license in order to use the software. Lavasoft FAQ, http://www.lavasoft.de/, November 16, 2004http://www.lavasoft.de/
22
Spyware Warriors Real Spyware... Real Spyware Warriors... Their Stories Tim Stoddard, UALR Sky Brower, PC Assistance
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.