Spyware

From open-encyclopedia.com - the free encyclopedia.

Strictly defined, spyware is computer software that gathers and reports information about a computer user without the user's knowledge or consent. More broadly, the term spyware can refer to a wide range of related malware products which fall outside the strict definition of spyware. These products perform many different functions, including the delivery of unrequested advertising (pop-up ads in particular), harvesting private information, re-routing page requests to illegally claim commercial site referal fees, and installing stealth phone dialers.

Spyware as a category overlaps with adware. The more unethical forms of adware tend to coalesce with spyware. Malware uses spyware for explicitly illegal purposes. Data collecting programs installed with the user's knowledge do not, properly speaking, constitute spyware, provided the user fully understands what data they collect and with whom they share it. This is not the usual situation, but applies to some browser toolbars.

The first recorded use of the term spyware occurred on October 16, 1995 in a usenet post that poked fun at Microsoft's business model. Spyware later came to refer to espionage equipment such as tiny cameras. However, in 1999 Zone Labs used the term when they made a press release for the Zone Alarm Personal Firewall. Since then, computer users have used the term in its current sense. In 2000 Steve Gibson of Gibson Research released the first ever anti-spyware program, OptOut, in response to the growth of spyware, and many more software antidotes have appeared since then.

Spyware and viruses

Spyware can closely resemble computer viruses, but with some important differences. Many spyware programs install without the user's knowledge or consent. In both cases, system instability commonly results.

A virus, however, replicates itself: it spreads copies of itself to other computers if it can. Spyware generally does not self-replicate. Whereas a virus relies on users with poor security habits in order to spread, and spreads so far as possible in an unobtrusive way (in order to avoid detection and removal), spyware usually relies on persuading ignorant or credulous users to download and install it by offering some kind of bait. One typical spyware program targeted at children, for example, claims that:

He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE! [1]

A typical piece of spyware installs itself in such a way that it starts up every time the computer starts up (using CPU cycles and RAM, and reducing stability), and runs at all times, monitoring Internet usage and delivering targeted advertising to the affected system. It does not, however, attempt to replicate onto other computers — it functions as a parasite but not as an infection. [2]

A virus generally aims to carry a payload of some kind. This may do some some damage to the user's system (such as, for example, deleting certain files), may make the machine vulnerable to further attacks by opening up a "back door", or may put the machine under the control of malicious third parties for the purposes of spamming or denial of service attacks. The virus will in almost every case also seek to replicate itself onto other computers. In other words, it functions not only as a parasite, but as an infection as well.

The damage caused by spyware, in contrast, usually occurs incidentally to the primary function of the program. Spyware generally does not damage the user's data files; indeed (apart from the intentional privacy invasion and bandwidth theft), the overwhelming majority of the harm inflicted by spyware comes about simply as an unintended by-product of the data-gathering or other primary purpose.

A virus does deliberate damage (to system software, or data, or both); spyware does accidental damage (usually only to the system software). In general, neither one can damage the computer hardware itself (but see CIH virus). Certain special circumstances aside, in the worst case the user will need to reformat the hard drive, reinstall the operating system and restore from backups. This can prove expensive in terms of repair costs, lost time and productivity. Instances have occurred of owners of badly spyware-infected systems purchasing entire new computers in the belief that an existing system "has become too slow."

Consequences

Unprotected Windows-based computers, particularly those used by children or credulous adults, can rapidly accumulate a great many spyware components. The consequences of a moderate to severe spyware infection (privacy issues aside) generally include a substantial loss of system performance (over 50% in extreme cases), and major stability issues (crashes and hangs). Difficulty in connecting to the Internet also commonly occurs as some spyware (perhaps inadvertently) modifies the DLLs needed for connectivity.

As of 2004, spyware infection causes more visits to professional computer repairers than any other single cause. In more than half of these cases, the user has no awareness of spyware and initially assumes that the system performance, stability, and/or connectivity issues relate to hardware, Windows installation problems, or a virus. (On the other hand, older versions of Windows itself, as well as CPU undercooling, can manifest spyware-like symptoms, specifically including instability or slowness.)

Some spyware products have additional consequences. Stealth dialers attempt to connect directly to a particular telephone number rather than to the user's own ISP: where connecting to the number in question involves long-distance or overseas charges, this can result in massive telephone bills which the user has no choice but to pay.

A few spyware vendors, notably 180 Solutions, have created what the New York Times has dubbed "stealware" — spyware applications that redirect affiliate links to major online merchants such as eBay and Dell, effectively hijacking the commissions that the affiliates would have expected to earn in the process. [3]

Some other types of spyware (Targetsoft, for example) even go to the extent of modifying system files to make themselves harder to remove. (Targetsoft modifies the Winsock (Windows Sockets) files. The deletion of the spyware-infested file inetadpt.dll will result in interrupting normal networking usage.)

Installation

Spyware normally installs itself through one of two common methods:

1. The spyware component comes bundled with an otherwise apparently useful program. The makers of such packages usually make them available for download free of charge, so as to encourage wide uptake of the spyware component. This applies especially with file-sharing clients such as Kazaa and earlier versions of Bearshare.
2. The spyware takes advantage of security flaws in Internet Explorer.

Spyware can also install itself on a computer via a virus or an e-mail trojan program, but this does not commonly occur.

An HTTP cookie, a well-known mechanism for storing information about Internet users on their own computers, often stores an individual identification number for subsequent recognition of a website visitor. However, the existence of cookies and their use generally does not hide from users, who can also disallow access to cookie information. Nevertheless, to the extent that a Web site uses a cookie identifier (ID) to build a profile about the user, who does not know what information accumulates in this profile, the cookie mechanism could count as a form of spyware. For example, a search engine website could assign an individual ID code to a user the first time he or she visits and store all search terms in a database with this ID as a key on all subsequent visits (until the expiry or deletion of the cookie). The search engine could use this data to select advertisements to display to that user, or could — legally or illegally — transmit derived information to third parties.

Granting permission for web-based applications to integrate into one's system can also load spyware. These browser helper objects — known as Browser Hijackers — embed themselves as part of a web browser.

Spyware usually installs itself by some stealthy means. User agreements for software may make references (sometimes vague) to allowing the issuing company of the software to record users' Internet usage and website surfing. Some software vendors allow the option of buying the same product without this overhead.

Solutions

Use of automatic updates (on Windows systems), antivirus, and other software upgrades will help to protect systems. Software bugs and exploits remaining in older software leave one vulnerable, because the public rapidly learns over time how to exploit unpatched systems.

A number of software applications exist to help computer users search for and remove spyware programs. (See sections Spyware Removal Programs and External Links.) Some programs purge a system of spyware, only to install their own.

As some spyware takes advantages of Internet Explorer vulnerabilities, using a less vulnerable browser, such as Mozilla Firefox or Opera, may also help.

Disabling ActiveX in Internet Explorer is a good preventive measure as well, however websites using ActiveX will not work.

Non-Windows systems, such as Mac OS and Linux, are not the victims of currently-known spyware, though they can be targeted by browser cookies.

Known spyware

The following (incomplete) list of spyware programs classifies them by their effects:

Creating pop-ups:

• 180 Solutions
• DirectRevenue
• lop (advertising, pop ups, security risk, tries to dial out at random)

Creating pop-ups, damaging and/or slowing computers:

• Bonzi Buddy
• Cydoor
• Gator, made by the Claria Corporation (Advertising, pop ups, privacy violation, significant security risk, partially disables firewalls, some stability issues)
• New.net (security risk, stability issues, common cause of inability to connect)
• ShopAtHomeSelect

Hijacking browsers:

• CoolWebSearch - most well-known browser hijacker
• Euniverse
• Xupiter

Committing fraud:

• XXXDial

Stealing information:

• Back Orifice (arguably better catagorized as a Trojan Horse, since it is open source and unlike most spyware has no commercial motive.
• VX2

Masquerading as a spyware-remover:

• Spyware Nuker

Miscellaneous:

• Internet Optimizer (Advertising, fake alert messages, possible privacy violation, security risk)
• MarketScore (Claims to speed up Internet connections: serious privacy violation, loss of Internet connection on some systems)
• CnsMin (Made in China; privacy violation. Preset in many Japanese PCs as JWord!)

Known programs bundling adware

• Kazaa
• DivX (except for the paid version, and the 'standard' version without the encoder)

Spyware removal programs

• Ad-aware
• HijackThis [4]
• PestPatrol [5]
• Spybot - Search & Destroy
• Spy Sweeper

See also

• Adware
• Exploit
• Malware
• Keystroke logging

External links

Removal

Spyware/AdWare/Malware FAQ and Removal Guide. Ad-Aware — a well-known anti-spyware package. Spybot - Search & Destroy — well-regarded removal tools. MacScan — detects and removes spyware in the Macintosh environment. (Download currently disabled pending the release of an update.) Merijn.org (mirrors: 1 2 3 4) — offers utilities to remove several spyware problems which Ad-Aware or Spybot Search & Destroy cannot currently fix.

• Bleeping Computer Spyware Removal Tutorials — tutorials for HijackThis, Spybot, and Ad-Aware.
• Spyware Removal — anti-spyware software reviews, articles and definitions.
• Spyware Removal — basic explanations of Spyware removal and prevention.
• Free Spyware Removal — directory of free applications to aid in ridding a computer of spyware and adware.
• Free Spyware Removal Reviews — reviews of free spyware removal software and spyware news.
• Adware Report Spyware Review — reviews and monthly testing results of various anti-spyware products.
• Remove Spyware and Adware — resource page with help tips, spyware and adware removal tools.
• Spywareinfo Forums — help for removing adware, spyware and malware.
• Computer Security — Tips and tricks for manually removing common trojans, adware and spyware.
• Spyware Guide (free online removal)

Prevention

• Spyware Guide How to prevent Spyware and Adware, and a guide to removing it should the worst happen.
• How to Find, Remove and Prevent Spyware, Internet Intruders, and Pop-Ups.
• SpywareBlaster — software that prevents the installation of ActiveX-based spyware.
• ThreatSense — An information services company which compiles data about the business entities and individuals behind spyware threats and engages end-users in discussion about future threats. See ThreatSense's "Contract With Internet Users".
• SpywareInfo — a site that has many articles on spyware along with a weekly newsletter providing up-to-date information.
• Dealing with unwanted spyware and parasites.
• SpywareWarrior — forum that came under fire in May 2004 for posting information about a spyware company.
• Tutorial on Internet safety
• The Spyware Inferno - article on the rise of spyware, with a hierarchical list of different kinds of spyware based on levels of danger.
• Spyware informaton, cleaning and database - Spyware information and searchable database.
• Spybot Search & Destroy.

de:Spyware es:Programas espía fr:Spyware it:Spyware ku:Spyware nl:Spyware ja:スパイウェア pl:Spyware pt:Spyware sv:Spionprogram