Spyware Description Spyware is computer software that is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.
While the term spyware suggests software that secretly monitors the user's behavior, the functions of spyware extend well beyond simple monitoring.
Spyware programs can collect various types of personal information, such as Internet surfing habit, sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software, redirecting Web browser activity, accessing websites blindly that will cause more harmful viruses, or diverting advertising revenue to a third party.
Spyware can even change computer settings, resulting in slow connection speeds, different home pages, and loss of Internet or other programs.
In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.
In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software.
Running anti-spyware software has become a widely recognized element of computer security best practices for Microsoft Windows desktop computers.
A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer.
Spyware, Adware and Tracking The term adware frequently refers to any software which displays advertisements, whether or not the user has consented. Programs such as the Eudora mail client display advertisements as an alternative to shareware registration fees.
These classify as "adware" in the sense of advertising-supported software, but not as spyware.
Adware in this form does not operate surreptitiously or mislead the user, and provides the user with a specific service.
Most adware is spyware in a different sense than "advertising-supported software," for a different reason: it displays advertisements related to what it finds from spying on you.
Claria Corporation's Gator Software and Exact Advertising's BargainBuddy are examples.
Visited Web sites frequently install Gator on client machines in a surreptitious manner, and it directs revenue to the installing site and to Claria by displaying advertisements to the user.
The user receives many pop-up advertisements.
Other spyware behavior, such as reporting on websites the user visits, occurs in the background.
The data is used for "targeted" advertisement impressions.
The prevalence of spyware has cast suspicion upon other programs that track Web browsing, even for statistical or research purposes.
Some observers describe the Alexa Toolbar, an Internet Explorer plug-in published by Amazon.com, as spyware, and some anti-spyware programs such as Ad-Aware report it as such.
Many of these adware distributing companies are backed by millions of dollars of adware-generating revenues.
Adware and spyware are similar to viruses in that they can be malicious in nature.
However, people are now profiting from these threats, making them more and more popular.
Similarly, software bundled with free, advertising-supported programs such as P2P act as spyware, (and if removed disable the 'parent' program) yet people are willing to download it.
This presents a dilemma for proprietors of anti-spyware products whose removal tools may inadvertently disable wanted programs.
For example, recent test results show that bundled software (WhenUSave) is ignored by popular anti-spyware program Ad-Aware, (but removed as spyware by most scanners) because it is part of the popular (but recently decommissioned) Edonkey client.
To address this dilemma, the Anti-Spyware Coalition has been working on building consensus within the anti-spyware industry as to what is and isn't acceptable software behavior.
To accomplish their goal, this group of anti-spyware companies, academics, and consumer groups have collectively published a series of documents including a definition of spyware, risk model, and best practices document.
Spyware, Virus and Worm Unlike viruses and worms, spyware does not usually self-replicate. Like many recent viruses; however, spyware—by design—exploits infected computers for commercial gain.
Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements; theft of personal information (including financial information such as credit card numbers); monitoring of Web-browsing activity for marketing purposes; or routing of HTTP requests to advertising sites.
Effects and Behaviors A spyware program is rarely alone on a computer: an affected machine can rapidly be infected by many other components.
Users frequently notice unwanted behavior and degradation of system performance.
A spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic, all of which slow the computer down.
Stability issues, such as application or system-wide crashes, are also common.
Spyware, which interferes with networking software commonly causes difficulty connecting to the Internet.
In some infections, the spyware is not even evident.
Users assume in those situations that the issues relate to hardware, Windows installation problems, or a virus.
Some owners of badly infected systems resort to contacting technical support experts, or even buying a new computer because the existing system "has become too slow".
Badly infected systems may require a clean reinstallation of all their software in order to return to full functionality.
Only rarely does a single piece of software render a computer unusable.
Advertisements Many spyware programs display advertisements.
Some programs simply display pop-up ads on a regular basis; for instance, one every several minutes, or one when the user opens a new browser window.
Others display ads in response to specific sites that the user visits.
Spyware operators present this feature as desirable to advertisers, who may buy ad placement in pop-ups displayed when the user visits a particular site.
It is also one of the purposes for which spyware programs gather information on user behavior.
Many users complain about irritating or offensive advertisements as well.
As with many banner ads, many spyware advertisements use animation or flickering banners which can be visually distracting and annoying to users.
Pop-up ads for pornography often display indiscriminately.
Links to these sites may be added to the browser window, history or search function.
When children are the users, this could possibly violate anti-pornography laws in some jurisdictions.
A further issue in the case of some spyware programs has to do with the replacement of banner ads on viewed web sites.
Spyware that acts as a web proxy or a Browser Helper Object can replace references to a site's own advertisements (which fund the site) with advertisements that instead fund the spyware operator.
This cuts into the margins of advertising-funded Web sites.
"Stealware" and Fraud A few spyware vendors, notably 180 Solutions, have written what the New York Times has dubbed "stealware", and what spyware researcher Ben Edelman terms affiliate fraud, a form of click fraud.
Stealware diverts the payment of affiliate marketing revenues from the legitimate affiliate to the spyware vendor.
Spyware and Cookies Anti-spyware programs often report Web advertisers' HTTP cookies, the small text files that track browsing activity, as spyware.
While they are not always inherently malicious, many users object to third parties using space on their personal computers for their business purposes, and many anti-spyware programs offer to remove them.
Rogue Anti-Spyware Software Malicious programmers have released a large number of rogue (fake) anti-spyware programs, and widely distributed Web banner ads now spuriously warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware—or else, may add more spyware of their own.
The recent proliferation of fake or spoofed antivirus products has occasioned some concern. Such products often bill themselves as antispyware, antivirus, or registry cleaners, and sometimes feature popups prompting users to install them. This software is called rogue software.
It recommended that users do not install any freeware claiming to be anti-spyware unless it is verified to be legitimate.
Some known offenders include:
AntiVirus Gold
ContraVirus
Errorsafe (AKA system doctor)
MacSweeper
PAL Spyware Remover
Pest Trap
PSGuard
SpywareStrike
Spyware Quake
Spydawn
Spylocked
SpyShredder
Spy Sheriff
Spy Wiper
UltimateCleaner
WinAntiVirus Pro 2006
WinFixer
WorldAntiSpy
On January 26, 2006, Microsoft and the Washington state attorney general filed suit against Secure Computer for its Spyware Cleaner product.
On December 4, 2006, the Washington attorney general announced that Secure Computer had paid $1 million to settle with the state.
As of that date, Microsoft's case against Secure Computer remained pending.
Security (How to) To deter spyware, computer users have found several practices useful in addition to installing anti-spyware programs.
Many system operators install a web browser other than IE, such as Opera or Mozilla Firefox.
Though no browser is completely safe, Internet Explorer is at a greater risk for spyware infection due to its large user base as well as vulnerabilities such as ActiveX.
Some ISPs—particularly colleges and universities—have taken a different approach to blocking spyware: they use their network firewalls and web proxies to block access to Web sites known to install spyware.
On March 31, 2005, Cornell University's Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, Marketscore, and the steps the university took to intercept it.
Many other educational institutions have taken similar steps.
Spyware programs which redirect network traffic cause greater technical-support problems than programs which merely display ads or monitor users' behavior, and so may more readily attract institutional attention.
Some users install a large hosts file which prevents the user's computer from connecting to known spyware related web addresses.
However, by connecting to the numeric IP address, rather than the domain name, spyware may bypass this sort of protection.
Spyware may get installed via certain shareware programs offered for download.
Downloading programs only from reputable sources can provide some protection from this source of attack.
Recently, CNet revamped its download directory: it has stated that it will only keep files that pass inspection by Ad-Aware and Spyware Doctor.
The first step to removing the virus(spyware) is to put your computer on "lockdown".
This can be done in various ways such as using your anti-virus software, or simply disconnect your computer from all internet activities.
This will make whoever is in control of the virus unable to have any control of your computer.
The second step to removing the spyware is to locate it and remove it, manually or by virus protection software.
Also, stay away from websites that have potential threats to your computer.
