spyware and adware

What is it?

In the broadest sense, spyware is any software that aims to extract information about you and your computer activities, or changes the functioning of your computer, generally without your knowledge or consent.

Spyware includes annoying forms of "adware" -- advertising-related devices that track your web surfing habits or generate targeted advertising content.  It also includes truly dangerous software that can alter how your computer functions, or monitor and record every aspect of your computer activity.

Like viruses and other malware, spyware is an inevitable plague of modern computing life for anyone who wants to use the Internet.  But the risks can be managed with anti-spyware tools, and many of these are available free.

Basic forms of spyware can be picked up simply by visiting a Web page.  Spyware may also be picked up through email.  You are particularly likely to be exposed by downloading software, in particular "freeware" and "shareware" offerings.  Use of peer-to-peer services for downloads is virtually certain to result in infection.

Many software downloads are "free," but within the end user license agreement (EULA) are provisions to use information from your computer or your email and other contact information.  You have to agree to the EULA to download or install, so you essentially agree to allowing someone else to use information about your computer or you.

That's why the definition of spyware is "generally without your knowledge or consent."  Often, you've consented.  You just don't realize it because you didn't read the fine print.  This is why the definition of spyware sometimes includes the lawyerism "potentially unwanted technologies."

Adware forms of spyware often operate silently, monitoring your Web surfing activities and reporting back what sites you have visited to a marketing organization.  Others display "pop-up" ads on your computer's desktop or on top of other Web pages.

More aggressive spyware will reset your browser's home page (the page that appears when the browser starts up), change the service your browser uses for Web searches, or add new sites to your favorites list.  Or produce even more invasive advertisements. 

The most damaging spyware programs can actually install "trojans" -- computer programs which allow other people to remotely access an infected computer.  Such spyware programs can run silently "in the background" and are capable of doing anything that a typical computer program can do which does not require your intervention.

What could that include?  Installing even more invasive forms spyware on your system, or using your system to send spam and spyware to others, are a couple of possibilities.

Sometimes a spyware-infected computer will run more slowly due to all the activity going on in the background.  But just because your computer seems to be running at normal speed doesn't mean you are safe.  Neither does an absence of advertisements or any other common spyware symptom.

It's essential!  Unfortunately, there is currently no anti-spyware product that is really capable of removing all forms of spyware by itself.   The more types you use, and the more often you run them, the safer you will be.

A variety of commercial (not-free) products are also available. Free solutions include:

• Lavasoft AdAware -- Lavasoft offers a basic version of its anti-spyware for free, downloadable via their web site.  Only for Windows systems.
   
• Microsoft AntiSpyware -- Microsoft's (currently) free software can be downloaded from their web site.  Only for Windows systems.
   
• Spybot Search & Destroy -- A private effort that can be downloaded at this web site.  Only for Windows systems.

Like anti-virus software, anti-spyware will scan all the files on your system, looking for suspicious objects.   As with anti-virus, it is critical to keep the software up to date with the latest "signatures" (the digital fingerprints of spyware), so that the newest versions of spyware can be detected.

After a scan, spyware reports back with what it has found.  You have the option to remove everything, or keep some selected objects.   In most cases you'll opt to remove it all.

Some anti-spyware will also monitor "actively" for suspicious activities.  Helpful as this is, you should still run periodic file scans.

When you have run a scan, why would you ever let your anti-spyware leave anything behind?   Because some spyware can be, in a very limited number of cases, helpful.

You have probably heard the term "cookie" in the context of using the Internet, and you may even know that it refers to a computer file.  Specifically, it is a file that contains information about you and your Web browsing, to allow tracking of your activities.   This kind of spyware is sometimes called "trackware."  You will also see the term "persistent identification element."   (Yes, that's PIE and cookies.)

Are these a bad thing?  Not always.  Web sites regularly use cookies and "session variables" to keep track of where you have been on the site.  This can enhance your experience -- e.g., to remember the particular pages you've visited, so you can quickly return to them.   Not coincidentally, this also helps the site's designers figure out how to make it more attractive, which can help their business.  You'll have to decide if the cost in privacy is worth the convenience to you.

Cookies that sites use to do this are called "first-party cookies" -- because the company that produces the site generates and uses them.  In the spyware report, they will typically reveal their affiliation by including the name of the company in the file name.  Cookies that track your behavior across many sites, typically tracked by a marketing organization, are called "third-party cookies."   Most likely, you'll want to get rid of those.

You can set your browser to reject all cookies, but that will cause some Web sites to perform in a limited way, and others will not perform at all.

Tracking cookies may not be as innocent as their name, but they are innocent compared to the more malevolent forms of spyware that aim at extracting data from your computer, monitoring your behavior, or commandeering your systems resources for malign purposes.

Spyware programs such as botnets, droneware, key loggers and screen scrapers represent a true menace.   And it is menance not just to you and your privacy, but to the privacy and security of the organization for which you work, and the privacy of all the customers of that organization. 

Software can't do it all.  You need to control your own behavior if you really want to be safe.

First and foremost, don't install any application unless you are certain of what it does or where it came from. 

If you think you've downloaded spyware inadvertently, you can try detecting it using one of the anti-spyware programs above, and remove it by following the instructions.  If this doesn;t work, please contact your organization's technical support staff.

So how is spyware different than malware like viruses, worms and trojans?   The distinction is less one of form than of function.  Spyware's central aim is extraction of information -- either by harvesting data stored on computers or by monitoring a user's computer activities. 

Malware sometimes extracts information as part of its mischief, but those beasts also aim at more diverse forms of mayhem: destroying files, using the infected computer as a "zombie host," and so on.

See also:

Protecting your computer from spyware (Microsoft: Security At Home)
How computers get infected with spyware, symptoms of infection, and ways to prevent it.

Recognizing and Avoiding Spyware (US-CERT)
Common-sense tips for spyware avoidance and detection

Spyware Glossary (Anti-Spyware Coalition)
All the terms that refer to the family of beasts known as spyware (PDF format)

Last modified: 22-Apr-2006 [RC]