Choosing and Using Spyware Blockers
You have a significant challenge right now: You need to choose a good spyware-blocking program. These days, standards for what good spyware-blocking software should do are still taking shape, and few good reviews comparing the products are available. In fact, this market is so young that the terminology is still pretty fluid, and different products may refer to the same feature with different names.
Because there's such variance in terminology and function at this point, you need more than the typical one-page, product-feature glossies to figure out what each product is doing. Most likely, you need to demo each product to understand the features they tout and whether the features are meaningful to you.
The changing spyware-blocker market
The spyware-blocking market is changing rapidly. Not long ago, spyware-blocking programs were the fruit of a new cottage industry. Literally dozens of so-called spyware-blocking programs have been available for free, and some of the better programs have fee-based models with even more features.
Few spyware blockers have true big-company features, such as central control and management, reporting, and hands-free operation for users (so you won't need to remind them to download new updates or manually scan for spyware).
The larger your organization, the greater the risk you're undertaking by making a large investment in what is still a pure, mostly unmanaged, client-side solution. No matter how you solve the spyware problem, you'll be solving it again in a couple of years because the product market will mature and spyware blockers will catch up with antivirus products in terms of management capability.
Don't try to stay safe sitting on the sidelines, however. Spyware is a serious problem in many environments. It's a problem that you may need to solve even though the tools for dealing with it are still relatively immature.
Training users on spyware blockers
Unless you're deploying one of the very few mostly hands-off spyware-blocking products, you're going to have to get your users' help. You may need to ask them to do a variety of chores regularly, including
- Updating signatures: Every two to four weeks, users should update signatures. Like antivirus software, anti-spyware software isn't very useful if it doesn't have up-to-date signatures.
- Performing scans: Users need to manually perform scans on spyware blockers that lack a scan-scheduling capability.
- Reporting anything that the scan comes up with: Most spyware blockers work by reporting the presence of spyware after the fact, so if they find something, the machine may have been infected for a while, and you need to know about that in case sensitive information was exposed.
You might also discover other chores that your users need to perform from time to time until the spyware-blocking products do these automatically.
You also need to remove the stigma that goes along with getting infected by spyware. Users tend to not report getting infected because they think it reflects badly on them and their Internet usage. In fact, sometimes it does, but you really need an amnesty policy for the first few times someone becomes infected because otherwise, users won't tell you about it. If the user doesn't 'fess up, you have a company machine that's sharing information with someone on the Internet, and you don't have a clue about it. It's smarter to forgive bad user habits any day than to have the problem go undiscovered. In exchange for this amnesty, ask users to review your user policy and explain that following it can help prevent future problems.
Finding a spyware blocker that deploys easily
Unless you're deploying a spyware-blocking solution to a very small number of computers, you need to consider the ease with which you can deploy it to all your users' systems without installing it yourself on each one. You may want to consider several other factors so that you can deploy the blocker more easily, including the following:
- Default settings: What settings do you want your spyware-blocking program to have on all of your users' systems? Can you automatically deploy the program with the settings you need? Can you "lock" the settings so that users cannot change them?
- Browser-protection settings: Some spyware-blocking programs have features that provide added protection for browsers, such as preventing configuration changes. Are such settings appropriate for your site?
- HOSTS file protection: Some spyware-blocking programs can prevent the HOSTS file from being modified. Is that appropriate for your environment?
- Browser and OS versions: Before you install your chosen spyware blocker on everyone's computers, make sure that it plays well with all the versions of Windows (and Mac OS and Linux) installed on your users' computers. Also, test it with different versions of Internet Explorer and even other browsers such as Firefox and Opera if that applies to your environment. More important than just behaving, does your spyware blocker continue to provide protection with different browsers and versions of Windows?
IT veterans will advise you to perform plenty of testing before pushing your spyware blocker out to everyone. The larger the organization, the more important testing becomes.
Using spyware blockers
Until anti-spyware programs mature and include more enterprise features, you may be flying blind in terms of knowing how your spyware-blocking programs are performing on users' systems. Not all programs that block spyware in real time have event logs. Must you rely on faith alone to know whether your spyware-blocking programs are doing anything? Until event logging is commonplace, you may have no choice. You may need to rely upon month-to-month helpdesk statistics to see if spyware-related calls decrease over time.
Keep in mind that spyware blocking is relatively new, and to some degree, imperfect. For an example of this, find a spyware-infected machine somewhere (any machine that's been operating without a blocker for a while should do) and run a spyware-blocking tool of your choice, eliminating everything that it complains about. Now, repeat the process on the just-cleaned machine with a different blocker. There's an excellent chance that the second program will still find something. Just because you're running a spyware blocker doesn't mean that your users are spyware-free. It really means that they're mostly spyware-free.