Presentation is loading. Please wait.

Presentation is loading. Please wait.

SPYWARE Presented by The State Security Office November 17, 2004.

Similar presentations

Presentation on theme: "SPYWARE Presented by The State Security Office November 17, 2004."— Presentation transcript:

1 SPYWARE Presented by The State Security Office November 17, 2004

2 We Have Viruses, Worms, Spam Virus – code inside existing program Worm – independent code that spreads Spam – message broadcast to many email addresses

3 So What’s Spyware? Technology Gains information about user... without their knowledge Benefits other party, not user

4 Spyware Can... Track Browsing Steal Identity Corrupt Data Create Profiles Slow the Computer Slow the Network Change Homepage Modify Hosts File Download Malware Modify Registry Change Settings Hijack Computer Leak Information Violate HIPPA

5 Good Cookie Not all Information Gathering is Bad! Retains sign-on through session Holds a shopping cart Allows purchases Gets correct delivery address Holds the user’s place

6 Bad Cookie Some Information Gathering is Very Bad Gets more than you intend to give Holds it longer than you want Shares it with others

7 Kinds of Spyware Adware –  Annoyance or  Serious problem System Monitors –  Monitors activity  Reports to others Trojan Horses  Innocent looking program  Causes harm

8 $pyware Why do we have Spyware infections? $$$$ MONEY $$$$$ “I’m your bank, give me your account number...” “Okay, it’s 4323409857... anything else you want?”

9 $$ Motivation $$ Target advertising Aggressive advertising Advertisers pay to piggyback Sell bogus products Credit cards, passwords, account numbers Get private business information Extortion

10 How? People Open Doors... F for User Awareness... Fall for ploys (phishing) Fail to keep software updated Fail to keep security settings reasonable Fail to use spyware protection

11 Doors Users Open #1 is P2P File Sharing Software vulnerabilities Weak privacy settings Intentional downloads Bad Internet neighborhoods End User License Agreements Clicking on pop-up advertisements Phishing

12 Sneaky Ways In Cookies Unintentional downloads Drive-by downloads Piggybacking on legitimate downloads Disguised anti-spyware Disguised anti-porn Associated with trusted products

13 Prevention People Tools Policy

14 People Awareness Reactions to social engineering ploys  Don’t click on links in pop-ups  Don’t believe spam reports Extreme caution when loading software Know how to recognize problems Know how to use the tools Understand the policies

15 Tools Choose good software tools  Keep the products updated  Use them regularly Know about good resources Take advantage of the P3P standard

16 Policy Product updates Restrict or forbid dangerous practices  P2P file sharing  Public instant messaging  Unapproved software installation Use appropriate settings Consider notebook and home systems Report problems promptly

17 Legislation State and Federal Much is already illegal Legislation may not help much

18 Detection Use good tools Inoculate Update weekly Scan weekly Symptoms: Slow computer, lots of pop-ups, browser hijacking

19 Removal Remove bad files Remove copies of files! Reverse host file changes Reverse browser changes Reverse registry settings Good tools and/or Experienced Help

20 Resources The State Security Office  Spyware Warrior  Spybot Search and Destroy  Ad-Aware 

21 Ad-Aware Can I use Ad-Aware Personal (free) version at work? No, Ad-Aware Personal is free for individual use only. For profit business entities, governmental entities, or educational institutions, must purchase a valid end-user license in order to use the software. Lavasoft FAQ,, November 16, 2004

22 Spyware Warriors Real Spyware... Real Spyware Warriors... Their Stories Tim Stoddard, UALR Sky Brower, PC Assistance

Download ppt "SPYWARE Presented by The State Security Office November 17, 2004."

Similar presentations

Ads by Google