Spyware Growing Security and Privacy Problem

Despite the security improvements Microsoft made to Windows XP in the second service pack, computers are still susceptible to increasingly malicious spyware. Spyware is rapidly evolving beyond the innocuous gathering of limited personal information used in targeting Web-based advertisements to becoming malicious and hard-to-detect programs that can steal sensitive data, such as passwords or bank account numbers. Microsoft’s current three-step “Protect Your PC” program does little to prevent spyware from installing itself on a PC and stealing information-at a minimum, users need to take the additional step of using spyware detection software.

How Spyware Installs

In recent tests, a Windows-based computer that was connected to the Internet for more than a half-hour, even with a firewall, began to collect spyware. (Some common spyware is described in the sidebar “What Is Spyware?“.)

Spyware can install itself by exploiting vulnerabilities such as buffer overflows. Other attacks can install spyware by targeting a combination of vulnerabilities on servers and browsers, as was the case with Download.ject, which shows why keeping PCs patched is so important. (See the sidebar “Exploit Targeted Online Commerce, Banking” on page 4 of the Aug. 2004 Update.)