The spyware label is dropped on almost any piece of code, from annoying adware to keyloggers performing identity theft. While it's true that the definition of spyware is sometimes variable, there are a few fundamental behaviors that can make a piece of software a candidate for the spyware designation. Basically, spyware is any software that gathers information about your customer without their knowledge or permission.
While others may make a distinction between merely irritating software that aggregates surfing behavior for focused pop-ups, versus spyware that executes real monetary fraud, I recommend a zero-tolerance stance. No organization should allow any code to operate that hasn't been vetted by systems or applications development. A blanket policy for your customer should be the elimination of any and all code that executes in a manner outside of the intent and policy of the organization.
While surfing at home, your customer and its users may not have a problem with adware, but at the office, there are desktop resource issues to be raised, in addition to the legal issues.
Dig Deeper on Cybersecurity risk assessment and management
Related Q&A from Russell Dean Vines
While some SMBs are not securing their mobile broadband, there is good reason to do so, even if a customer has only a small amount of data to protect. Continue Reading
A smurf attack can slow down a network to the point of shutting it down completely. Learn how to understand a full-scale smurf attack and how to ... Continue Reading
Streaming video and audio sites are frequently visited on both home computers and work computers. Learn about streaming video security risks and what... Continue Reading