As the Internet Security Threat Report observed, Symantec’s research has shown that there are good technical countermeasures to spyware and adware, such as implementing more restrictive Web browser settings. In addition, many companies have security policies in place that prohibit users from downloading or installing unauthorized software on corporate computers. Despite this, users often knowingly engage in activities that risk exposure of confidential information.

For this reason, it is important for users to read and understand the End User License Agreement (EULA) and other notification methods before installing any software. Spyware EULAs typically contain ambiguous language designed to mislead users about the information-gathering functionality of the software. At the same time, it is equally important that software publishers provide users with clear and unambiguous notifications of the actions that their software performs.

For its part, Gartner recommends that IT organizations promote cooperation between end-user groups, technical support, and security teams to ensure that a company’s response to spyware keeps pace with this growing threat to privacy.


Conclusion

As the spate of recent legislative and FTC activity attests, public intolerance of spyware has reached a new plateau. In the enterprise environment, spyware is rapidly becoming a serious security concern, particularly as most corporate networks allow HTTP traffic, the means by which spyware is propagated.

Symantec continues to view spyware as a significant threat and recommends that enterprise users be vigilant about updating their antivirus software. Security administrators should take extra measures to maintain a strong security posture on client systems. They should also ensure that client system patch levels are up-to-date and that acceptable usage policies are in place and enforced.