Computerworld - In a perfect world, corporate laptops and desktops would be outfitted with only authorized software that was appropriately configured, always up to date and patched, and protected by layers of security. Corporate information security policies would be painstakingly followed by professionals who never failed to employ best practices. IT audits, in turn, would be a formality -- a regular activity that simply confirmed a flawless IT environment.
What's far more likely is that corporate laptops and desktops include outdated, misconfigured and even unapproved applications. Users might download free games, utilities and media players on their corporate laptops or desktops or install peer-to-peer file-sharing programs.
In many cases, use of such utilities and programs is against corporate policy and a security risk to the organization. Why? Because many of these popular programs include spyware.
Threat or nuisance?
Spyware, sometimes called adware, snoopware or sneakware, is software that secretly gathers information about a user and relays that information to another party over the Internet. In many cases, users unknowingly install spyware when they download freeware or shareware, even though references -- often obscure -- to spyware might be included in the program's end-user agreement. In other instances, spyware programs are automatically installed when a user simply views an HTML e-mail or visits a certain Web page.
At its mildest, spyware is a simple tool used by advertisers to track users' Web-surfing preferences.
At its worst, spyware is used to monitor keystrokes, scan files, install additional spyware, reconfigure Web browsers, snoop e-mail and other applications, and more. Some of today's spyware can even capture screenshots or turn on webcams.
In a corporate environment, these capabilities pose a major threat to corporate security, especially since much of this activity goes on without anyone's knowledge.
Even in computing environments that encrypt data, spyware remains a threat to the security of corporate data because its keystroke-logging components capture input before it's encrypted.
An aid to spam
But that's not all. Spyware also leads to spam and vice versa. When spyware finds e-mail addresses, it sends them back out over the Internet to be traded, shared or sold to spammers. When unsolicited commercial e-mail finds a user who clicks to see an advertised product, spyware secretly downloads as the advertisement unfolds. This creates an administrative nightmare for corporate IT professionals, not to mention the legal implications it introduces as inappropriate content floods in-boxes.
Spyware also consumes memory and system resources. Because it constantly phones home to deliver user information and then sends back more pop-ups, banner ads
MySpace praises itself heavily by calling the move "ground-breaking" and "the first time that a social web site has enabled its community to dynamically share public profile information with other sites." It may be the first time these tools are available directly from the company that runs the network, but other sites (such as Facebook) have been sharing information across the web for some time now, thanks largely to the widgets and applications created by their communities. For example, there are a number of Facebook apps that allow users to import their updates to Twitter into their Facebook profiles, or cross-post their Facebook status updates to Twitter. Users can also pull in a dynamic feed of their Flickr photos to Facebook, display updates made to other social networking sites, show songs they've recently purchased on iTunes, and more. Clearly, MySpace has taken a hint from Facebook in launching its Data Availability project, but has decided to take all the credit for the idea. 
We’ve been focused on the wrong spies. When 11 Russian sleeper agents were discovered living in the United States—and then sent home in exchange for their counterparts—it was hard to resist the sexy espionage tale with echoes of the Cold War. But while we’ve fixated on Anna Chapman and her cohorts, top diplomats were working on a wonkier but more important advance in spycraft. This month, experts from 15 countries agreed to begin serious negotiations on establishing international norms on cybersecurity. This story is far more significant in the long run because, without basic agreements about cyberspace, cyberattacks, and even cyberwars could become a daily danger.
