Before spending that amount of money for a suspicious product, I did a Google search for ["Name of Anti-spyware program" + Avoid].

Yes! It was shown as Rogue/Suspect Anti-Spyware(*) at SpywareWarrior.com along with another 199 similarly suspicious offerings, and advice on how to avoid being duped or robbed by False Positive findings.

(*)"Rogue/Suspect" means that these products are of unknown, questionable, or dubious value if used for anti-spyware protection.

Spyware Warrior is a great website to bookmark for future reference. Here's a link: http://www.spywarewarrior.com/rogue_anti-spyware.htm

These are programs I used to confirm my suspicions. None found four infiltrators:

Spybot S&D,AdAware, Xoftspy, Xcleaner, CWSshredder, HijackThis, AVG, and ErrorNuker.

It's possible that Suspect anti-spyware program would have removed them.

I wasn't going to take that gamble. It's bad enough that spyware and adware are disabling millions of home computers. Exploiting this epidemic with fake programs that claim to remove these pests for an exorbitant fee, but might not, is unscrupulous and unconscionable behavior.

Important, and sometimes critical documents left on web servers. Information that only internal or technical people should have access to;

Poor password and authentication policy. Users using weak passwords to access accounts, especially remote access devices that are present on Internet;

Test servers that have been forgotten about and are still present on Internet;

Poor network border architecture For instance; installing a firewall and forgetting that there are other network that need to be protected or should be placed behind firewall.

The above is just a handful of "Little Things" that get overlooked and can result in undoing of your networks security measures.

As an example; Many organizations provide their internal and external customers with a public FTP service. Most times, this is done to allow people to easily post "non-critical" or public information and share it with other associates.

Recently, I identified just such an FTP server. The server allowed anonymous logons, however it contained sub-directories that were secured. These secure directories were only accessible by people who owned account. It was obvious to me that I was not going to easily compromise these accounts. On other hand, sitting right in anonymous "root" directory was a .zip file that was rather large. I downloaded file, which took quite a while, unzipped it on my desktop, and guess what it contained? It was a compressed file of entire FTP server, including secure directories.

I would bore you with what I found within these directories. The bottom line is, I should have never had access to information they contained.

Conclusion ---------- The bottom line is this; it really is little things that will come back to haunt you when it comes to computer security. No system should ever be rushed into production. This is one of most common causes for poorly secured systems. The team in charge of implementing new technology needs to be educated on how to securely deploy new systems. And if you are installing support software from outside vendors, make sure you thoroughly review their products security features. Also, make sure they fully disclose any known bugs or improperly functioning features.