Unlike most conventional spyware, imrworldwide.com's Red Sheriff is loaded as a Java applet embedded in a Web page you visit. Once loaded, it sends information about your Internet usage (how long the page took to load, how long you stayed, etc.) to the parent company, supposedly bypassing firewalls, cookie blockers and the like. A number of Internet Service Providers have begun including Red Sheriff on their start pages, which are programmed to load every time the user logs on to the Internet.
 
Currently, the Red Sheriff program is billed as a reporting tool to measure how visitors use a Web site, kind of like an access_log reader with some extra frills.

Previously, the Red Sheriff product page (cached) was more obscure about what kind of information was collected, suggesting access to surfing habits beyond the original Web site containing the Red Sheriff applet, and bragging of its ability to get past personal firewalls and cookie crunchers.
 
This applet, included with some ISP packages, causes severe slowdowns on some systems as reported in Gibson Research's grc.spyware newsgroup.

Solutions:
The most obvious (if not user-friendly) solution is to disable Java in your web browser.
Proxomitron users can use this filter to eliminate the Red Sheriff from their surfing. (Updated 11/17/02 to detect the latest version of Sheriff.)
 

Known (former/current) users of Sheriff:
www.ninemsn.com.au
Bigpond/Telstra Internet Services
Peakhour (http://www.peakhour.com.au/, http://www.peakhour.net.au/ http://www.peakhour.com/)
BBC.co.uk

"All trademarks are hereby acknowledged as the property of their respective owners." So don't even THINK about suing me :)