Jump to content


Photo

Question on sources of spyware


  • Please log in to reply
6 replies to this topic

#1 harnold

harnold

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 26 July 2007 - 09:26 PM

I have a very basic question that I hope someone can give me a level of understanding and comfort on. I'm being told that the only way to become "infected" with spyware on a given system is by browsing from that system to a site that somehow then somehow distributes the spyware back down to the said system through that browser session or connection. Therefore, if a server is somehow prevented from browsing, lets say by by removing all browser software, then it is impossible for the server to aquire a spyware "infection." While browsing is surely the most common way to aquire unwanted spyware, is it the only way?

I appreciate any insight or guidance anyone can share.

#2 cnm

cnm

    Mother Lion of SWI

  • Retired Staff
  • PipPipPipPipPip
  • 25,317 posts

Posted 26 July 2007 - 09:41 PM

You can become infected via email and via IM (instant messaging). If you use ftp to download files, you can be infected that way in the absence of a browser.
Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE

#3 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,442 posts

Posted 26 July 2007 - 10:39 PM

You can also get infected by floppy disk, other hard disks if they are connected to your computer, flash drives, infected CDs and so on... The only way to be totally safe owning a computer is to buy one and leave it in the box... Read the "So how did I get infected in the first place?" article linked at the top of the page for more effective ways to protect yourself...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#4 harnold

harnold

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 28 July 2007 - 08:16 AM

Thank you both for your responses. I guess what I need to know is what is the risk of spyware getting on a corporate web server that's taking customer orders. From my basic understanding of spyware in general, I would think its not unreasonable to assume some form of spyware could be designed to steal customer payment information from these servers. Unfortunately, running our anti-spyware module has deleted "good" files in the past and caused much disruption in the troubleshooting to get production back on line. Therefore the support team doesn't want to run anti-spyware, so I'm trying to determine what options should be in place to mitigate the risk. This is where I'm told if they just block all browse capability from these servers then its not possible to get spyware; but what I'm gathering is that that's just not the fact, as I suspected.

#5 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,442 posts

Posted 28 July 2007 - 08:21 AM

Corporate computers usually use a lot of filters and other protections at the gateway that make them somewhat safer... That said, it would be a good idea for your company to at least run antivirus and firewall protection on each computer and periodic spyware scans are a good idea as well... If you IT people used a program that caused damage, that is a problem with the program, not all similar programs... There are corporate versions of most legit programs that behave nicely on corporate computers... Do you know what program they used??
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"

#6 harnold

harnold

    Member

  • Full Member
  • Pip
  • 3 posts

Posted 28 July 2007 - 08:44 AM

Corporate computers usually use a lot of filters and other protections at the gateway that make them somewhat safer... That said, it would be a good idea for your company to at least run antivirus and firewall protection on each computer and periodic spyware scans are a good idea as well... If you IT people used a program that caused damage, that is a problem with the program, not all similar programs... There are corporate versions of most legit programs that behave nicely on corporate computers... Do you know what program they used??



After getting into the discussion with them, I think it was not the program (one of the top products if not the top) itself but the policies being automatically pushed. The policies were being inadvertently changed causing the damage. Now they just don't trust anything about it. It apparently happend many times in the past. They do run anti-virus in an on-demand mode that scans files being read or written to.

#7 Budfred

Budfred

    Malware Hound

  • Administrators
  • PipPipPipPipPip
  • 21,442 posts

Posted 28 July 2007 - 11:11 AM

Depending on where your company is based, more and more companies are being held liable for customer's personal info being lost/stolen... This is reason enough for making sure the system is adequately protected... In addition to direct business losses from having that info stolen and the criminals raiding your own accounts, customers need to be notified and the business needs to provide some monitoring for those customers in some cases... In addition, if a theft can be traced back to info from your company, that customer can probably sue you for not adequately securing the info... Unless your IT people have found a good way to secure your system, your company is in danger... Ironically, most of the major losses have been things like representatives of companies carrying data on laptops that are lost or stolen... There are also a number of cases of IT simply not installing the latest security patches from MS, thus leaving gaping holes for criminals to enter... I know the company I work for rarely seems to be up to date on MS updates -- however, they do have the network secured pretty well in other ways (finally!)...
Budfred

Helpful link: SpywareBlaster...

MS MVP 2006 and ASAP Member since 2004

Please read the Instructions for posting requested logs and the article "So how did I get infected in the first place?"




Member of ASAP and UNITE
Support SpywareInfo Forum - click the button