As this documentation is updated in the 2nd quarter of 2003, it seems that in the ever evolving landscape of security, two issues will be on the top list for the historic entries marking the year. They are SuperWorms and Spyware.
SearchCIO30 says In general, spyware is any technology that aids in gathering information about a person or organization without their knowledge.
Recently it has become obvious more than an invasion of privacy is at stake. Within 30 days, two cases appeared where a high-speed DSL connection and a reasonably modern computer were acting like a 286 on a dial up line. In both cases, hundreds of spyware programs we're consuming resources to the point where both the computer and Internet connection was almost completely consumed. As of this writing, there are over 7,000 unique spyware programs and counting. It is a safe bet that more will arrive as the battle between spyware creators and the anti-spyware groups battle. In the very front of this work is a listing of several anti-spyware utilities. The important thing to remember is to update the signatures often. New approaches appear on an almost daily basis.
The April 22, 2003 edition of PC Magazine made this their cover story.
Yet it gets worse: if you go to the web site for the magazine and you have defenses in place you see that this very publisher is involved in tracking cookies and web tracking software.
While PC Magazine complains about spyware, its own website attempts to silently install MediaPlex, a tracking cookie. In addition RedSheriff31 is also running at the publishers web site. Since the firewall is blocking RedSheriff tracking, it isnt possible to check on what RedSheriff is doing as it tracks visitors using its own software. Both were stopped here using a combination of firewall rules and Spybot.
It was an update to Spybot offering immunize that made it obvious in real time that the publisher was trying to silently install MediaPlex as opposed to catching it after the fact. RedSheriff was arrested by rules written for Kerio written by Sponge (found in the resource section at the front of this work).
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.