These are the six most common spyware myths:
1.It’s an isolated problem
2.Blocking at the gateway is good enough
3.Locking down the desktop is good enough
4.Drive-by downloads are a primary source of penetration
5.The problem comes from the outside in
6.No one wants spyware
But the truth of the matter is somewhat different. Let’s look at the real situation that’s masked by each myth.
1. Most spyware comes in as the direct result of user behavior, whether that user is naïve or ill-intentioned.
2. Stuff comes in at the desktop all day long. Blocking at the gateway without securing the desktop PC doesn’t make security sense. It’s like locking the doors and windows of the house - with the burglar still in the basement – and not bothering to call the police. What’s more, gateway defenses cannot detect threats already on desktop PCs.
3. If “locking down” the desktop and restricting user installation were effective, there would be no need for antivirus software. Spyware is designed to get around acceptable use policies and exploits users’ inquisitive nature.
4. “Drive-by downloads” should never occur in a corporate environment, because they come from sites that users should not visit at work.
5. Sure, spyware comes from outside - because someone opened the door and let it in. Not recognizing this results in a porous security infrastructure.
6. True, no-one actually wants spyware, but it comes as part of that cool application that users do want. So spyware gets installed anyway.