Spyware

Spyware consists of computer software that gathers information about a computer user and then transmits this information to an external entity without the knowledge or informed consent of the user.

Adware, spyware and malware

Spyware as a category overlaps with adware — generally speaking, the more unethical forms of adware often get dubbed "spyware". Malware uses spyware for explicitly illegal purposes. The way in which software installs itself or operates without the user's knowledge or informed consent -- forms the key defining characteristic of spyware.

Data-collecting programs installed with the user's knowledge do not, properly speaking, constitute spyware, provided the user fully understands who collects what data. Likewise, intrusive adware (of the sort that delivers unrequested advertising pop-ups, for instance) may not properly constitute spyware, provided the user knows of its installation.

More broadly, the term spyware often applies to a wide range of related malware products which do not constitute spyware in the strict sense. These products perform many different functions, including harvesting private information, re-routing page requests to illegally claim commercial site referral fees, and installing stealth dialers.

Spyware and viruses

Spyware can closely resemble computer viruses, but with some important differences. Many spyware programs install without the user's knowledge or consent. In both cases, system instability commonly results.

A virus, however, replicates itself: it spreads copies of itself to other computers if it can. Spyware generally does not self-replicate. Whereas a virus relies on users with poor security habits in order to spread, and spreads so far as possible in an unobtrusive way (in order to avoid detection and removal), spyware usually relies on persuading ignorant or credulous users to download and install it by offering some kind of bait. One typical spyware program targeted at children, for example, claims that:

He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE!

A typical piece of spyware installs itself in such a way that it starts up every time the computer starts up (using CPU cycles and RAM, and reducing stability), and runs at all times, monitoring Internet usage and delivering targeted advertising to the affected system. It does not, however, attempt to replicate onto other computers - it functions as a parasite but not as an infection. [1]

A virus generally aims to carry a payload of some kind. This may do some some damage to the user's system (such as, for example, deleting certain files), may make the machine vulnerable to further attacks by opening up a "back door", or may put the machine under the control of malicious third parties for the purposes of spamming or denial of service attacks. The virus will in almost every case also seek to replicate itself onto other computers. In other words, it functions not only as a parasite, but as an infection as well.

The damage caused by spyware, in contrast, usually occurs incidentally to the primary function of the program. Spyware generally does not damage the user's data files; indeed (apart from the intentional privacy invasion and bandwidth theft), the overwhelming majority of the harm inflicted by spyware comes about simply as an unintended by-product of the data-gathering or other primary purpose.

A virus does deliberate damage (to system software, or data, or both); spyware does accidental damage (usually only to the system software). In general, neither one can damage the computer hardware itself. Certain special circumstances aside, in the worst case the user will need to reformat the hard drive, reinstall the operating system and restore from backups. This can prove expensive in terms of repair costs, lost time and productivity. Instances have occurred of owners of badly spyware-infected systems purchasing entire new computers in the belief that an existing system "has become too slow."

Consequences

Unprotected Windows-based computers, particularly those used by children or credulous adults, can rapidly accumulate a great many spyware components. The consequences of a moderate to severe spyware infection (privacy issues aside) generally include a substantial loss of system performance (over 50% in extreme cases), and major stability issues (crashes and hangs). Difficulty in connecting to the Internet also commonly occurs.

As of 2004, spyware infection causes more visits to professional computer repairers than any other single cause. In more than half of these cases, the user has no awareness of spyware and initially assumes that the system performance, stability, and/or connectivity issues relate to hardware, Windows installation problems, or a virus.

Some spyware products have additional consequences. Stealth dialers attempt to connect directly to a particular telephone number rather than to the user's own ISP: where connecting to the number in question involves long-distance or overseas charges, this can result in massive telephone bills which the user has no choice but to pay.

Installation

Spyware normally installs itself through one of two common methods:

1. The spyware component comes bundled with an otherwise apparently useful program. The makers of such packages usually make them available for download free of charge, so as to encourage wide uptake of the spyware component.
2. The spyware takes advantage of security flaws in Internet Explorer.

Spyware can also install itself on a computer via a virus or an e-mail trojan program, but this does not commonly occur.

An HTTP cookie, a well-known mechanism for storing information about Internet users on their own computers, often stores an individual identification number for subsequent recognition of a website visitor. However, the existence of cookies and their use generally does not hide from users, who can also disallow access to cookie information. Nevertheless, to the extent that a Web site uses a cookie identifier (ID) to build a profile about the user, who does not know what information accumulates in this profile, the cookie mechanism could count as a form of spyware. For example, a search engine website could assign an individual ID code to a user the first time he or she visits and store all search terms in a database with this ID as a key on all subsequent visits (until the expiry or deletion of the cookie). The search engine could use this data to select advertisements to display to that user, or could — legally or illegally — transmit derived information to third parties.

Granting permission for web-based applications to integrate into one's system can also load spyware. These browser helper objects embed themselves as part of a web browser.

Spyware usually installs itself by some stealthy means. User agreements for software may make references (sometimes vague) to allowing the issuing company of the software to record users' internet usage and website surfing. Some software vendors allow the option of buying the same product without this overhead.

Solutions

Use of automatic updates (on Windows systems), antivirus, and other software upgrades will help to protect systems. Software bugs and exploits remaining in older software leave one vulnerable, because the public rapidly learns over time how to exploit unpatched systems.

A number of software applications exist to help computer users search for and remove spyware programs (see external links). Some programs purge a system of spyware, only to install their own.

Known spyware

• Bonzi Buddy
• Gator, made by the Claria Corporation (Advertising, pop ups, privacy violation, significant security risk, partially disables firewalls, some stability issues)
• Internet Optimizer (Advertising, fake alert messages, possible privacy violation, security risk)
• lop (advertising, pop ups, security risk, tries to dial out at random)
• MarketScore (Claims to speed up Internet connections: serious privacy violation, loss of Internet connection on some systems)
• New.net (security risk, stability issues, common cause of inability to connect)
• CnsMin (Made in China; privacy violation. Preset in many Japanese PCs as JWord!)
• (Many others not listed here)

Known programs bundleing spyware

• Kazaa
• DivX (except for the paid version, and the 'standard' version without the encoder)

Spyware removal programs

• Ad-aware
• Spybot - Search & Destroy
• HijackThis
• PestPatrol

See also

• Adware
• Exploit
• Malware
• Keystroke logging

External links

Removal

• Ad-Aware — a well-known anti-spyware package
• Spybot - Search & Destroy — well-regarded removal tools
• MacScan — Detect and removes spyware for the Macintosh.
• Merijn.org (mirror: 1 2) — Offers utilities to remove several spyware problems which Ad-Aware or Spybot Search & Destroy cannot currently fix
• Spyware Removal — Basic explanations of Spyware removal and prevention
• Free Spyware Removal — Directory of free applications to aid in ridding a computer of spyware and adware.
• Bleeping Computer Spyware Removal Tutorials — tutorials for HijackThis, Spybot, and Ad-Aware

Prevention

• How to Find, Remove and Prevent Spyware, Internet Intruders, and Pop-Ups
• SpywareBlaster—Prevents the installation of ActiveX-based spyware
• SpywareInfo — a site that has many articles on Spyware along with a weekly newsletter providing up-to-date information
• Dealing with unwanted spyware and parasites
• SpywareWarrior — forum that came under fire in May 2004 for posting information about a spyware company.
• The Spyware Inferno - article on the different types of spyware with a hierarchical list based on levels of danger