Over the past few years, spyware has become a very real threat for organisations and computer users alike. If you're concerned about exposing private information and browsing habits every time your users surf the Web -- and who isn't? -- then your company probably runs one of the more popular adware/spyware removal programs.
Several of these programs are freely available, including Lavasoft's Ad-Aware (http://www.lavasoftusa.com/) and CyberDefenderFREE (http://www.cyberdefender.com/products.html). Even Microsoft has gotten into the spyware removal business with Windows Defender (http://www.microsoft.com/athome/security/spyware/software/default.mspx). In addition, a host of pay products are out there, and each of them does a good job of removing the adware/spyware from a system.
While programs included with free CD-ROMs or other media given away make up some of this adware/spyware, users pick up most of it from surfing the Internet. They visit a link on the Internet and BAM! -- some malicious user has surreptitiously installed malware on their system! Tracking cookies and programs install automatically, and pop-ups appear that tell users something has compromised their computer.
Most users understand that the Internet is a lawless environment that sometimes requires making some tough choices. Conventional wisdom tells you not to install free programs from free CD-ROMs -- after all, nothing is free. And if you really want to protect yourself, don't install freeware programs even from trusted sites -- even better, don't browse the Internet. Of course, this really isn't realistic.
Users will always install free programs that have a feature they want, and no one's going to stop browsing the Web. So, where's the middle ground of protecting ourselves? Let's look at the real problem and discuss a current solution.
If you run an adware/spyware removal program, it has to detect the offending program or cookie while it's on your system -- in other words, after it's already done the damage. If it's already on your system, that means it could have already accessed your personal information or browsing habits.
These programs do mitigate some of the damage by offering to remove or disable the offending software. That would be fine, if it weren't for another factor compounding the problem: Like virus writers, the people that write these programs are constantly adapting them to evade detection.
This becomes a never-ending struggle of running the right removal program (some users run several) to stop the invasion after the fact. But this is what we call reactive security. While reactive security is better than no security at all, a better solution is proactive security. In other words, take action before these programs get the chance to wreak havoc.
As usual, knowledge is power. Since most malware comes from browsing the Internet, it's vital that you know whether a Web site is potentially harmful before you browse.
This is where a tool such as the McAfee SiteAdvisor (http://www.siteadvisor.com/index.html) comes in handy. Traditional security products focus on trying to clean up problems after they occur, but McAfee SiteAdvisor warns you before you browse to a dangerous Web site.
It also complements and enhances your existing security software by detecting threats that traditional security products often miss -- including spyware attacks, online scams, and sites that spam you. SiteAdvisor works with Internet Explorer and Firefox browsers. It labels Web sites using a green, yellow, and red system to identify potentially harmful sites and content. In addition, it offers the following:
|> Safe search ratings: Learn in advance whether a search listing has adware,
viruses, spam, or on-line scams.
|> Safe browser ratings: Find out if a Web site engages in annoying practices such as excessive pop-ups.
|> Exploit protection:This feature redirects
you from a site known to cause browser exploits.
Final thoughts
Adware and spyware isn't going to disappear anytime soon, and browser exploits delivered from rogue sites are becoming more common every day. Users need a proactive solution that gives them the information they need about a Web site before they visit. Arm your users with that information before they click the link -- not after the malware is already on their system.
This was published in 
