How to Eliminate Spyware to Protect Your Business

A Distributed Denial-of-Service (DDoS) attack can be caused by a particularly potent type of Pest on the Internet. Litigation surrounding related types of dangers suggest a DDoS victim can successfully make the case that the victim is entitled to compensation from a negligent Internet administrator who allows his facilities to be used as an instrument for launching an attack.

Rather than being something that inhibits operation, a computer Pest might be an espionage tool, which helps a snoop steal personal or sensitive customer information, like credit card or social security numbers. U.S. financial institutions are subject to new information security regulations under the Gramm-Leach-Bliley Financial Services Modernization Act. Financial institutions include banks, insurance companies and securities firms, and the regulations extend to the subsidiaries and service providers of these institutions. The purpose of the regulations is to promote the confidentiality and integrity of data about customers.

The regulations require institutions to assess risks to private customer data and take measures to control those risks. The risks could include the introduction of computer Pests that allow vandals to access or abuse personal data. Regulatory examiners will be monitoring institutions for compliance, and shortcomings can lead to sanctions.

Similarly, new regulations45 CFR Parts 160 and 164under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) obligate health care institutions to put in place security measures to ensure that patient information remains confidential. If an institution falls short on this obligation it could be subject to civil and criminal penalties.

Also, a growing number of American companies are signing on to the EU-US Safe Harbor relating to the protection of private data collected about people in the European Union. Under the Safe Harbor's fourth principle, organizations collecting personal data must take reasonable precautions (which may include actions against Pests) to guard against the loss, misuse or unauthorized access to or disclosure of the data.

Even where legal action may not occur, damage from computer Pests attracts the public spotlight. In Finland, the operator of an anonymous Internet remailer shut down his system under pressure from the Finnish police even though it was not clear the operator had violated any particular Finnish law. The service, which forwarded millions of messages a day in a way that hid the identities of the original senders, was accused of facilitating distribution of child pornography.

Securities laws require companies to maintain control over their assets and information systems, which by implication means companies must rid themselves of vermin like computer Pests. The portions of the Securities Exchange Act of 1934, known as the Foreign Corrupt Practices Act, require that publicly owned companies protect their assets and maintain internal control over assets. The Securities and Exchange Commission routinely brings actions against companies for wasting assets and maintaining lax internal controls, such as in computer systems.

The SEC took action against Material Sciences Corporation for failing to protect its inventory management computer system from access and abuse by unauthorized people. "MSC's computer system?... lacked safeguards to prevent inappropriate manual computer entry of general ledger information."

Best Practices to Combat Spyware

Businesses that wish to guard against spyware, adware and other unwanted applications will benefit from supplementing traditional protection methods (including firewalls, intrusion detection systems and antivirus programs) with new strategies that address the unique characteristics of spyware. A comprehensive, company-wide spyware-prevention strategy should include multiple elements:

How Do I Remove Spyware?

The major challenge of spyware is that it is extremely difficult to remove. Spyware programs can have hundreds of bits of individual code that are cumbersome, difficult and risky to manually remove. The uninstallers of most spyware programs do not usually completely uninstall the program; they can include self-protection mechanisms, such as reinstallers; they have constant rewrites to the registry; and they can even have two copies of the program running at the same time to protect each other.