Spyware is topping the list of information technology headaches. From its less easy-to-spot forms (keylogging, cookies) to the annoying (adware, Trojan horses) to the malicious (data miners, dialers), spyware programs that monitor user activities and transmit information to remote servers or show targeted advertisements are on the rise. Spyware puts enterprises at risk for loss of privacy, potential legal liability, decreased productivity, and more helpdesk calls.

The four basic kinds of spyware are (in order of threat magnitude):

1. System monitors
2. Trojan horses
3. Adware, and
4. Cookies.

System monitors, which include keyloggers and can track a computer's activity, represent the greatest threat to user or corporate privacy. They can record any or all of the following: keystrokes, e-mails, chat rooms, instant messages, Web pages visited, even user names and passwords.

Trojan horses -- malicious programs disguised as innocuous ones -- spread through e-mail attachments and downloads. They can wreak havoc on a computer, including creating, renaming, deleting, or transferring files.

Adware, the most dominant form of unwanted software on computers today, is any software application in which advertising banners are displayed while the program is running. These applications include additional code that delivers the ads as pop-up windows or through a banner or bar. While annoying, that's not the worst of it. Adware can also include code that tracks a user's personal information and passes it on to third parties, without the user's authorization or knowledge. This proliferation can lead to loss of privacy, system crashes, IT helpdesk calls, and lost productivity.

Although not everyone agrees that tracking cookies should be considered spyware, cookies do indeed constitute a threat if they are unwanted. They can give detailed information that the user has not authorized to outside sources.

Sample Anti-Spyware Solutions

Two of the best known anti-spyware solutions are summarized here.

Spybot Search & Destroy: Created by Germany's Patrick Kolla as an altruistic solution to the growing spyware problem, Spybot Search & Destroy has become the one to beat. This free downloadable application checks your system against a database of known spyware files. The online-update feature ensures that Spybot always has current and complete listings of uninvited system residents. The immunize feature identifies and blocks uninvited programs before they reach your computer. This is not an enterprise solution; it would need to be installed on every computer and initiated by the user. It is compatible with other anti-spyware programming, so can be used in conjunction with them for a double dose of effectiveness.

Lavasoft Ad-Aware Enterprise Edition: Lavasoft's Ad-Aware Enterprise Edition allows you to control network distributions of Ad-Aware centrally, including scheduled execution on corporate network clients. Server status and malware detection can be tracked and reported and the reference files are centrally updated, which keeps Internet traffic to download updates low and makes reference file updating of your desktops simple and secure. The price for this enterprise solution ranges from $22 to $32 dollars per seat based on number of seats needed. There is also a free non-enterprise version: Ad-Aware SE Personal Edition.

Things to Consider

When choosing your anti-spyware solution, there are many options and features to consider.

1. Stand-alone, or bundled?

Some specialized anti-spyware programs are excellent because they have become experts at what they do; others are impressive because they come in a package that includes other services such as malicious mobile code blocking, pop-up blockers, anti-virus and malware prevention, browser hijack alerts, or anti-phishing protection. You'll want to determine if it's best to have it all in one package, or if your enterprise needs are better served with specialized solutions. But be sure the program covers the basics: system monitors, Trojan horses, adware and cookies.

2. Reputable?

Some purported anti-spyware solutions are actually themselves spyware in disguise. Be sure to do some checking online to see if the solution is actually what it claims to be. For example, SpywareGuide.com has a listing of many known spyware programs. Also, look for user recommendations.

3. Easy and safe to download?

Of course, there are costs associated with having to take the time to download an anti-spyware solution on every computer in your company. Some programs provide quick user-friendly downloads that wouldn't require IT's supervision. Others would need to be installed by IT staff. Also, be sure to pick a reputable downloading site. Some of the shareware anti-spyware solution downloads are hosted on sites independent from their creators, and this presents the opportunity for the independent site to add or edit the code. They may actually send their own spyware within the download while blocking all others.

4. To buy or not to buy?

Many of the best known and most reputable anti-spyware programs are free downloads; i.e., Spybot and Lavasoft. However, these are specialized programs and don't have a lot of bells and whistles, nor do they include a live service package. Prices for more sophisticated programs can range from $30 to $40 per package to custom-built solutions with custom-built pricing. Some are also available as subscriptions, which keeps a relationship going with the provider and ensures notification of updates.

5. Live or FAQ customer support?

Depending on the needs of your company, you may want user help to be available to your IT department or to the actual user. Some programs provide this as part of their package, others require further contracting. The free programs have detailed FAQs and the option to email them.

6. Automated, or user-initiated?

Obviously not every user will remember to update regularly and run the anti-spyware solution you provide. Some programs include the ability to schedule the scan; others run non-stop, providing not only search and destroy capability but also act as a firewall to prevent spyware from being downloaded. Likewise, some programs delete the problems they find; others quarantine them so you can track where they came from and gain other valuable information.

7. Quarantine and restore functionality?

Does the program search and destroy automatically, or can you recover items that you'd like to keep? Some programs allow you to pick and choose as you go; others "quarantine" or move a file out of the way so that it's non-functioning but can be restored later if desired. Quarantining also has the advantage of keeping the information at hand for reporting purposes as well as possible discovery of where the spyware originated.

8. Networked, or on individual desktops?

The intense capability of an anti-spyware program can be installed as a centrally-managed enterprise tool, scanning across network files and updating automatically. This may sacrifice some privacy for individual employees, however.

9. After download, or as a firewall?

Are downloads at your company already too much of a problem, even if they're being caught eventually? Then you might consider a solution that acts as a firewall, preventing the download of damaging files from known offenders.

10. Reporting tools?

Will your management or department need to know results from the anti-spyware's activity? Some programs include reporting capability that can provide the information you need.