If you have to resort to a spyware-removal tool, of course, you've already lost at least part of the battle. Several readers cited plans to seek out enterprisewide screening or removal tools, but most cleansing efforts today seem to rely on desktop-oriented tools.
"We have spoken to several vendors offering enterprise solutions for adware/spyware, but I am still not convinced any vendor is able to effectively stop invasion at the borders," says Kevin Buchanan, MIS director at Lexington Memorial Hospital.
Indeed, few readers report having formal corporate spyware policies.
In the end, prevention may be the best cure of all, readers report. "You cannot do companywide fixes. By that time, your bandwidth will have dwindled down to nonexistent and your PCs will have been turned into zombies," Dias says.
He urges IT organizations to make spyware removal a "hygienic" practice--performed regularly on a schedule. He urges companies to forbid employees to download software enhancements, respond to pop-ups or pop-unders, and use the "X" button in the upper right corner--rather than an in-window instruction--to close such ads.
While educating users about the dangers of spyware can alleviate many problems, even savvy users can get stung by spyware, says Johnson of Johnson Computer Services. While many legitimate adware companies are up front about helping readers understand what they're installing, shadier companies will try any tactic to get their software installed--and impossible to remove--from a user's system.
"The problem is that a lot of users don't know what things are OK to install and what things are not. In many cases the text [describing a software installation] is very deceptive," Johnson says. "The spyware creators have become very clever at hiding their software. They change the name it runs under so even if you kill the process, you can't find the offending program. It can be quite challenging to remove some of it.
Not surprisingly, developing corporatewide strategies for dealing with spyware is a challenge. Most readers from large IT shops say they use the usual freeware tools. Many also simply resort to reimaging infected machines to move them back to a "healthy" state.
"In some cases, we've had infections that were so bad the machines were left in an unusable state and we had to reimage," says Lexington Memorial Hospital's Buchanan. "In those cases, our best cure has been to reimage the machine, which in most cases can be performed quicker than running Ad-aware." While reimaging is laborious and time-consuming, it always works, but it requires that companies maintain good records of the images they have on individual systems, and that too can be a challenge.
Spyware's impact on IT departments shouldn't be underestimated, IT professionals say. A PC that suddenly stops functioning because of spyware is often "elevated to an emergency situation," says John ThompsonWay, consultant, ThompsonWay Consulting. "The techs must drop everything else and deal with this immediately. This potentially leaves matters that are affecting broader productivity or even mission-critical risks on lower priority."
In fact, some IT departments have a hard time figuring out how to handle the situation. One reader at a large telecom services provider, who asked to remain anonymous, reports that his IT department is divided over how to handle spyware. One part of the organization takes the hard line and believes users should strictly follow corporate policies and not install any software "for personal use"--including, ironically, not only software that adds spyware but also programs that might help to remove spyware.
Another faction takes a more pragmatic stance, believing such software will find its way onto users' systems regardless, similar to instant messaging. That group prefers to use tools like Spyware or Ad-aware to simply and quickly fix PCs--often letting individual users manage such clean-ups on their own.
"The problem," this reader reports, "is compounded since desktop support is already running at minimal support levels due to recent layoffs. The [hard-line] group says it's a personal ethics issue and refuses to use any tool that isn't licensed by the company. Thus, they only have reimaging in their tech tool belt." This reader says that, as a result, that group doesn't close as many trouble tickets and is therefore viewed as less productive. It's something of a conundrum. "This is a major conflict of interest between good internal customer service and staying completely legal on licensing," our reader says.
When dealing with spyware, those sorts of trade-offs seem to come with the territory. Do I want to pay for software or get it for free and install adware? Do I want to limit my users' Web-surfing and downloads, or do I want to play an endless game of chase-that-spyware? Do I want to clean up systems one by one or look for more-sophisticated--and likely more-complex--border-based solutions?
These are just some of the questions IT is grappling with as the spyware problem proliferates.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.