Presentation on theme: "Adware and Spyware. Objectives u Define terms, scope, and motivation u Discuss impact (personal and business) u Review basic technical aspects u Provide."— Presentation transcript:
Adware and Spyware
Objectives u Define terms, scope, and motivation u Discuss impact (personal and business) u Review basic technical aspects u Provide basic identification and removal resources u Discuss prevention techniques 2
Definitions, Scope, and Motivation 3
Definitions u Malware: malicious software – Adware: advertising-oriented – Spyware: information-oriented u Anti-adware and anti-spyware are the tools that fight them 4
What and Why? Adware u Advertising u Goal is to sell or promote u Data pushed from them to you u Hopefully you will buy or visit Spyware u Spying u Goal is to gather information u Data pulled from you to them u Hopefully information can be used for sale or power 5
Motivation u Money – Firms place ads for selves or clients – Paid by click-through or direct purchase – Identity/data theft u Power – Ruin rival’s reputation – Blackmail, intelligence activities – Gain notoriety and satisfaction 6
Relationships u Trojans, viruses, phishing, pharming, rootkits, adware, spyware … so much bad stuff! u Questions: – Can adware be spyware? – Is there a relationship between adware, spyware, and other malware? 7
Impact and Effects 8
u Loss of computer functionality 9
What Is This? 10Source:
Internet Explorer On XP 11 Entire screen The web page! Source:
Impact and Effects u Loss of computer functionality u Loss of computer performance u Loss of personally identifiable information 12
Impact: Identity Theft u Maricopa County u Continues to grow in frequency u Effects: – Loss of money – Credit problems – Criminal record – Inability to work 13
Technical Aspects (How It Works) 14
Some Adware Techniques u Pop-ups u Conditional acceptance u Tracking cookies (history) u Tracking images (web, ) 15
Some Adware Techniques u Click tracking u Active web technology u Careless use of protective software (or none at all!) 16
Some Spyware Techniques u Software downloads u Online games u Keystroke loggers u Pop-ups 17
Some Spyware Techniques u Free adware/spyware removal programs u Commercial software u Careless use of protective software (or none at all!) 18
Identifying and Removing 19
Identifying and Removing u Adware is everywhere 20 “Zwinky is free with download of toolbar”
Identifying and Removing u 67% infected among those surveyed* u Can you keep up? 21 * Source: Enterprise Information Systems Assurance and System Security (Warkentin and Vaughn, ed.), p. 51.
Identifying and Removing u Common symptoms* – Pop-ups – Toolbars – Performance problems – More OS/application crashes u Can be symptomless 22 * Source: Enterprise Information Systems Assurance and System Security (Warkentin and Vaughn, ed.), p. 51.
Identifying and Removing u Anti-adware tools u Anti-spyware tools u Network packet sniffing 23
Removal u Methods: – Manual – “Free” tools – Commercial tools u Can be difficult 24
Prevention u What does not prevent it?* – Personal firewalls – Anti-virus programs u The best you can hope for is to discourage it. 26* But they do help prevent spyware and adware that spread that way.
Prevention u Anti-spyware and anti-adware – No single product or suite handles it all – Investigate tools carefully u Firewall and anti-virus – Up to date – Properly configured u Stay informed! 28
Business Aspects 29
Business Impact 1. Loss of productivity 2. Increased IT support costs 3. Theft of intellectual property 4. Liability associated with privacy violations 5. Premature information disclosure 6. Loss of credibility … 30Source: Enterprise Information Systems Assurance and System Security (Warkentin and Vaughn, ed.), p. 52.
Business Prevention u Security policy – Write it down – Educate everyone – Management buy-in – Audit compliance u Use generally good practices u Stay up to date! 31
Conclusions u Adware and spyware come with serious consequences u Identification and removal can be difficult u Prevention is best u User education is key 32
Credits u Enterprise Information Systems Assurance and System Security, Warkentin and Vaughn, ed., u Wikipedia, u Original clip art is from the Microsoft Office web site unless otherwise cited 34