Combating Spyware in the Enterprise

Spyware is a term that in many ways has become a commonly used substitute for many other types of intrusions on a host. To compare it to something in the nontechnical world, it would be similar to asking someone for some aspirin, but in return getting acetaminophen, ibuprofen, or some other pain reliever.
In this chapter, we are going to set aside a number of pages to pull back from this grouping of concepts. As such, we will define what spyware is and compare and contrast it against other types of similar attacks. We will begin with what is generally accepted as the true definition of spyware.
Spyware is unauthorized software installed on your computer system which somehow spies or gathers information about you or your computer and delivers it to someone else. It runs hidden in the background and can monitor your Web surfing, capture keystrokes typed on your keyboard, gather information from your hard drive, and more.
The majority of spyware is not inherently designed to harm you or your computer. The intent of the spyware is to monitor your actions and behaviors on the computer and return that information to someone else, who can use it to predict what will interest you so that they can sell you products and services. What makes spyware malicious is primarily that it is installed without your direct knowledge or consent.
One of the most common ways to get spyware on your system is...