Even as a Congressional committee and Federal Trade Commissioners sparred over what to do about spyware, a study by a top employee Internet management software company estimated that 92 percent of companies with 100 or more employees have been contaminated with spyware - but only 6 percent of the workers believed their computers were infected.
Performed for Websense, Inc. by Harris Interactive, the fifth annual Web@Work survey showed "a major discrepancy between employees' knowledge and understanding of spyware versus IT managements' findings on the number of... work stations that are actually infected."
The study found, among other things, that among those polled a third of the workers did not believe or were not sure their computers could be infected, while 40 percent of the IT managers who reported spyware rising in the work stations believe that infection volume has risen in the last 12 months.
Spyware is "a rogue technology," Websense said, which can do anything from collect Web surfing patterns, keystrokes, and password information secretly to collecting more detailed personal information. Business often fear that such programs might also be capable of passing sensitive inside company information to rivals or other interested third parties.
IT managers, the Web@Work survey said, say an average 29 percent of their corporate personal computers have been infected with the programs, while 6 percent of the employees under those surveyed said they had ever visited Websites at work that might have contained spyware.
The programs are often acquired unknowingly through such applications as peer-to-peer file-swapping programs like KaZaA or Morpheus. "Many P2P users do not realize," Websense said, "that by downloading a seemingly harmless mp3 file, it may be accompanied by a spyware application."
"Employees are typically exposed to spyware as a parasitic program that is attached to something useful they've intentionally downloaded from the Internet, or been tricked into downloading, or it is surreptitiously loaded by a malicious hacker," said META Group program manager Peter Firstbrook, commenting on the Websense study.
"Most employees don't even know they are infected; however, spyware can be merely a nuisance, clogging the network with advertising traffic or pestering the user with pop up ads; or it can be an invasion of privacy and collect what sites they've been browsing on; or less often, a security threat that records keystrokes or screenshots that reveal confidential corporate information and potentially create backdoors by revealing passwords and user names, he said.
Websense itself offers what they call a three-tiered spyware defense - Websense Enterprise, blocking worker access to spyware-inclusive Websites, stopping spyware from launching on the desktop, and stopping spyware from passing confidential information to third parties. There are also a number of free spyware-erasing programs available in cyberspace, such as Spybot Search and Destroy and Ad-Aware, the latter disposing of adware - programs which facilitate popup advertising and other kinds of online advertising, programs often confused with spyware.
