Spyware

Spyware is a broad category of malicious software intended to intercept or take partial control of a computer's operation without the user's informed consent. While the term taken literally suggests software that surreptitiously monitors the user as a spy would, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party.

Spyware programs differ from computer viruses and worms in that they do not usually self-replicate. However, spyware also differs from earlier categories of malware in that it is almost always designed explicitly for commercial or financially fraudulent exploitation of the infected computer. Within this generalization, however, spyware programs exhibit many different behaviors. These include the delivery of unsolicited pop-up advertisements; the theft of personal financial information such as credit card numbers; the monitoring of Web browsing activity for marketing purposes; or the re-routing of Web page requests to sites filled with advertisements profitable to the offender.

As of 2005, spyware has become an expensive technical and social problem for users of Microsoft Windows operating systems. Minority systems like Mac OS X and Linux have not, to date, suffered from spyware. The reasons for this are a matter of some debate; minority systems present a smaller target for spyware authors, but also have what some security researchers consider better security models.

The history and development of spyware

The first recorded use of the term spyware occurred on October 16, 1995, in a Usenet post that poked fun at Microsoft's business model. Spyware later came to refer to espionage equipment such as tiny cameras. However, in 1999 Zone Labs used the term when they made a press release for the Zone Alarm Personal Firewall. Since then, computer users have used the term in its current sense. 1999 also saw the introduction of the first popular freeware program to include built-in spyware: a humorous and popular game called "Elf Bowling" spread across the Internet in November of 1999, and many users learned with surprise that the program actually transmitted user information back to the game's creator, Nsoft. For many Internet users, "Elf Bowling" provided their first experience with spyware.

In 2000, Steve Gibson of Gibson Research released the first ever anti-spyware program, OptOut, in response to the growth of spyware, and many more software antidotes have appeared since then. More recently Microsoft (http://www.microsoft.com) has released an anti-spyware program (Microsoft Anti-Spyware) and the International Charter now offers software developers a Spyware-Free Certification (http://www.icharter.org/certification/software/spyware_free/index.html) programme.

According to an October 2004 study (http://www.staysafeonline.info/news/safety_study_v04.pdf) by America Online and the National Cyber-Security Alliance, 80% of surveyed users' computers had some form of spyware, with an average of 93 spyware components per computer. 89% of surveyed users with spyware reported that they did not know it was present, and 95% reported that they had not given permission for it to be installed.

Spyware and viruses

Spyware can closely resemble computer viruses, but with some important differences. Many spyware programs install without the user's knowledge or consent. In both cases, system instability commonly results.

A virus, however, replicates itself: it spreads copies of itself to other computers if it can. (For self-replicating viruses, see computer worms.) Spyware generally does not self-replicate. Whereas a virus relies on users with poor security habits in order to spread, and spreads so far as possible in an unobtrusive way (in order to avoid detection and removal), spyware usually relies on persuading ignorant or credulous users to download and install itself by offering some kind of bait. For example, one typical spyware program targeted at children, Bonzi Buddy, claims that:

He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE! [1] (http://www.bonzi.com/bonzibuddy/bonzimail.asp)

A typical piece of spyware installs itself in such a way that it starts every time the computer boots up (using CPU cycles and RAM, and reducing stability), and runs at all times, monitoring Internet usage and delivering targeted advertising to the affected system. It does not, however, attempt to replicate onto other computers — it functions as a parasite but not as an infection. [2] (http://www.spywareguide.com/product_show.php?id=512)

A virus generally aims to carry a payload of some kind. This may do some damage to the user's system (such as, for example, deleting certain files), may make the machine vulnerable to further attacks by opening up a "back door", or may put the machine under the control of malicious third parties for the purposes of spamming or denial-of-service attacks. The virus will in almost every case also seek to replicate itself onto other computers. In other words, it functions not only as a parasite, but as an infection as well.

The damage caused by spyware, in contrast, usually occurs incidentally to the primary function of the program. Spyware generally does not damage the user's data files; indeed (apart from the intentional privacy invasion and bandwidth theft), the overwhelming majority of the harm inflicted by spyware comes about simply as an unintended by-product of the data-gathering or other primary purpose.

A virus does deliberate damage (to system software, or data, or both); spyware does accidental damage (usually only to the system software). In general, neither one can damage the computer hardware itself (but see CIH virus). Certain special circumstances aside, in the worst case the user will need to reformat the hard drive, reinstall the operating system and restore from backups. This can prove expensive in terms of repair costs, lost time and productivity. Instances have occurred of owners of badly spyware-infected systems purchasing entire new computers in the belief that an existing system "has become too slow." Technicians who hear complaints about a computer "slowing down" (as opposed to "becoming outdated") should probably suspect spyware.

Consequences

Windows-based computers, whether used by children or by adults, can sometimes rapidly accumulate a great many spyware components. The consequences of a moderate to severe spyware infection (privacy issues aside) generally include a substantial loss of system performance (over 50% in extreme cases), and major stability issues (crashes and hangs). Difficulty in connecting to the Internet also commonly occurs as some spyware (perhaps inadvertently) modifies the DLLs needed for connectivity.

As of 2004, spyware infection causes more visits to professional computer repairers than any other single cause. In more than half of these cases, the user has no awareness of spyware and initially assumes that the system performance, stability, and/or connectivity issues relate to hardware, Windows installation problems, or a virus. (On the other hand, older versions of Windows itself, as well as CPU undercooling, can manifest spyware-like symptoms, specifically including instability or slowness.)

Some spyware products have additional consequences. Stealth dialers may attempt to connect directly to a particular telephone number rather than to a user's own intended ISP: where connecting to the number in question involves long-distance or overseas charges, this can result in massive telephone bills which the user has no choice but to pay.

A few spyware vendors, notably 180 Solutions, have written what the New York Times has dubbed "stealware" — spyware applications that redirect affiliate links to major online merchants such as eBay and Dell, effectively hijacking the commissions that the affiliates would have expected to earn in the process. [3] (http://www.benedelman.org/spyware/180-affiliates/)

Some other types of spyware (Targetsoft, for example) even go to the extent of modifying system files to make themselves harder to remove. (Targetsoft modifies the Winsock (Windows Sockets) files. The deletion of the spyware-infected file "inetadpt.dll" will interrupt normal networking usage.)

Spyware, along with other threats, has led some former Windows users to move to other platforms. [4] (http://www.fortune.com/fortune/bing/0,15704,1067104-1,00.html)

Installation

Spyware normally installs itself through one of three methods:

The spyware component comes bundled with an otherwise apparently useful program. The makers of such packages usually make them available for download free of charge, so as to encourage wide uptake of the spyware component. This applies especially with file-sharing clients such as Kazaa and earlier versions of Bearshare. (To address this concern, and to discourage the U.S. Congress from regulating the P2P "industry", P2P United formed to promise informed consent and easy removal. Kazaa does not form part of P2P United. -- Note furthermore that anti-spyware removers generally do not remove spyware applications from their databases because of such changes. Lavasoft has come under criticism from some on its support forums for reaching agreements with former vendors of spyware to be removed from their database. Lavasoft representatives say they remove spyware if it no longer meets their inclusion criteria.)
The spyware takes advantage of security flaws in Internet Explorer.
Internet Explorer can also install spyware on your computer either via a drive-by download with or without any prompt. A drive-by download takes advantage of easy installation via an ActiveX control (or several ActiveX components) with or without a prompt, depending on security settings within Internet Explorer.

Spyware can also install itself on a computer via a virus or an e-mail trojan program, but this does not commonly occur.

An HTTP cookie, a well-known mechanism for storing information about Internet users on their own computers, often stores an individual identification number for subsequent recognition of a website visitor. However, the existence of cookies and their use generally does not hide from users, who can also disallow access to cookie information. Nevertheless, to the extent that a Web site uses a cookie identifier (ID) to build a profile about the user, who does not know what information accumulates in this profile, the cookie mechanism could count as a form of spyware. For example, a search engine website could assign an individual ID code to a user the first time he or she visits and store all search terms in a database with this ID as a key on all subsequent visits (until the expiry or deletion of the cookie). The search engine could use this data to select advertisements to display to that user, or could — legally or illegally — transmit derived information to third parties.

Granting permission for web-based applications to integrate into one's system can also load spyware. These Browser Helper Objects — known as Browser Hijackers — embed themselves as part of a web browser.

Spyware usually installs itself by some stealthy means. User agreements for software may make references (sometimes vague) to allowing the issuing company of the software to record users' Internet usage and website surfing. Some software vendors allow the option of buying the same product without this overhead.

Remedies and prevention

In the past few years, a number of programmers and commercial firms have released products designed to remove or block the action of spyware. Steve Gibson's OptOut, mentioned above, was only the first of a growing category. Programs such as Lavasoft's Ad-Aware and Patrick Kolla's Spybot Search & Destroy rapidly gained popularity as effective tools to remove, and in some cases intercept, spyware programs.

Major anti-virus firms such as Symantec and McAfee have come later to the table, adding anti-spyware features to their existing anti-virus products. Early on, anti-virus firms expressed reluctance to add anti-spyware functions, citing lawsuits brought by spyware authors against the authors of Web sites and programs which described their products as "spyware". More recently, Microsoft acquired the Giant Anti-Spyware software, rebadging it as Microsoft Anti-Spyware Beta and releasing it as a free download for Windows XP users.

However, an Internet user who searches the Web for spyware removal programs may not necessarily come across one of these effective tools first. Malicious programmers have released a large number of phony anti-spyware programs, and widely-distributed Web banner ads now spuriously warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware -- or worse, may add more spyware of their own. [5] (http://www.spywarewarrior.com/rogue_anti-spyware.htm) [6] (http://www.eweek.com/article2/0,1759,1821127,00.asp)

When a Windows computer has been infected by a large number of pieces of spyware, the only remedy may be to back up documents and other user data, and fully reinstall the operating system.

To deter spyware, computer users have found a number of techniques in addition to installing anti-spyware software. One common one is to use a Web browser other than Microsoft's Internet Explorer, such as Mozilla's Firefox. While other Web browsers have also had security vulnerabilities, Internet Explorer has contributed to the spyware problem in two ways: first, many spyware programs hook themselves into IE's functionality (as a Browser Helper Object or a toolbar); second, malicious Web advertisers have frequently used security holes in Internet Explorer to force the browser to download spyware.

Disabling ActiveX in Internet Explorer will prevent some infections. However, websites that make use of ActiveX will not work in this scenario.

One path by which spyware gets installed is via certain shareware programs which are offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack. One site, CleanSoftware.org (http://www.cleansoftware.org/), has been founded as an alternative to other popular Windows software sites, offering only software that has been verified not to contain "nasties" such as spyware.

Enterprise Anti-Spyware Products

Enterprise-level anti-virus products (such as Symantec, McAfee, Trend Micro, etc.) have lagged in responding to the threat of spyware. Possible reasons for this include:

Differences between spyware and viruses
- End-users usually install spyware themselves, even though they may have no idea of the consequences of their actions
- Spyware may inform end-users, albeit in hidden legal jargon, what it will do. Organizations manufacturing and spreading spyware can use this escape clause - "Well, we told the user what our software would do, and they installed it anyway"
The difficulty of defining spyware
- Defining spyware can pose problems because spyware can come bundled with legitimate programs that a user agrees to install
Legal Issues
- Viruses usually originate with individuals. However, spyware originates from companies, often from companies with large teams of programmers. They also employ effective legal teams. Companies which produce spyware can sue makers of anti-spyware software for listing their product(s) as spyware. This makes the matter of scanning for and cleaning spyware off of machines different than in the anti-virus world, as virus writers operate anonymously outside the law and would reveal their identity by suing.

Some software-makers have started to respond to the perceived spyware threat. Webroot Software's Spy Sweeper and Lavasoft's Ad-aware both have enterprise product versions that offer a level of protection similar to that offered by anti-virus companies. Many providers have started to offer products in this area, but the market still resembles the wild west and the early days of the Internet - standards and commercial winners-and-losers have yet to emerge.

Pestpatrol, now owned by CA, publishes a series of standards for evaluating spyware vendors, which even it does not, by any objective standard, meet. These include a high rate of detection, high speed, and complete removal based on "lab" tests where the evaluator compares the image before spyware installation to the image after spyware installation, determines the differences and completely reverses the installation. CA arguably defined the category of "enterprise antispyware", and allows administrators to remove things not traditionally seen as spyware, including diagnostic tools capable of aiding malicious functions, and file sharing programs. Because of consumer backlash, many antispyware programs do not remove the "host" software of buggy spyware and adware like CA does.

Legal situation in the United States of America

The United States of America has taken several steps to inhibit the installation of spyware on home computers. The Computer Fraud and Abuse Act covers unauthorized installations. Existing laws including those relating to false advertising, deceptive business practices, and trespass can in some cases apply against spyware.

New York Attorney General Eliot Spitzer on April 28, 2005 "sued a major Internet marketer, claiming the company installed spyware and adware that secretly install nuisance pop-up advertising on screens which can slow and crash personal computers. Spitzer said the suit filed in New York City against Intermix Media Inc. of Los Angeles combats the redirecting of home computer users to unwanted Web sites and its own Web site that includes ads, the adding of unnecessary toolbar items and the delivery of unwanted ads that pop up on computer screens. After a six-month investigation Spitzer concluded the company installed a wide range of advertising software on countless personal computers nationwide." [7] (http://www.nytimes.com/aponline/technology/AP-Spitzer-Spyware.html?hp&ex=1114747200&en=c5cdf0a1dc4c5b73&ei=5094&partner=homepage)

Lawsuits by Spyware purveyors

In recent years, some spyware corporations have filed lawsuits demanding that web site owners not refer to their programs as spyware. Claria Corporation, for example, has tried this SLAPP tactic.

Known spyware

The following (incomplete) list of spyware programs classifies them by their effects:

Generating pop-ups:

180 Solutions
DirectRevenue
lop.com (advertising, pop ups, security risk, tries to dial out at random)

Generating pop-ups, damaging and/or slowing computers:

Bonzi Buddy
Cydoor
Gator, made by the Claria Corporation (Advertising, pop ups, privacy violation, significant security risk, partially disables firewalls, some stability issues. Gator has a reputation as difficult to remove once installed.)
New.net (security risk, stability issues, common cause of inability to connect)
ShopAtHomeSearch

Hijacking browsers:

CoolWebSearch - a well-known browser hijacker; some variants have a reputation for damaging the TCP stack when forcibly uninstalled
Euniverse
Xupiter
VX2 - a well-known browser hijacker, commonly known as Look2Me; it usually hooks itself as a Winlogon Notify dynamic link library
Red Sherrif (http://www.cexx.org/sheriff.htm)

Committing fraud:

XXXDial

Stealing information:

Back Orifice (arguably better categorized as a Trojan Horse, since its open source code militates against secrecy and -- unlike most spyware -- it has no commercial motive. Also has legitimate uses such as remote administration.)

Masquerading as a spyware-remover:

SpyKiller
Complete list here: http://www.spywarewarrior.com/rogue_anti-spyware.htm
list of Corrupt antispyware (http://www.2-spyware.com/corrupt-anti-spyware) software with evidence of corruption

Demanding money (aka Ransomware):

SpywareNo - fake spyware-remover, generates bogus warnings and demands that user purchase the full version in order to remove threats.

Rogue anti-spyware products

AdwareAlert

Miscellaneous:

Internet Optimizer (Advertising, fake alert messages, possible privacy violation, security risk)
MarketScore (Claims to speed up Internet connections: serious privacy violation, loss of Internet connection on some systems)
CnsMin (Made in China; privacy violation. Preset in many Japanese PCs as JWord.)

Known programs bundling malware

Kazaa
Bearshare
DivX (except for the paid version, and the 'standard' version without the encoder)
WeatherBug
Atomic clock sync
Bonzi Buddy
Limewire (Non-pro)
Wildtangent
AOL Instant Messenger
Gator
MSN Messenger
ErrorGuard
FlashGet (free version)
Download Accelerator Pro
Grokster
Dope Wars
Cliprex DVD player - If you search for "free dvd player" in google this is first on the list
Note: Any related P2P networking software may also contain some type of known spyware. Users should read software licenses carefully.

External links

Software

Lavasoft Ad-Aware SE Personal [8] (http://www.lavasoftusa.com/support/download/#free) — (Freeware Version)
Spybot - Search & Destroy [9] (http://www.safer-networking.org) Free software, one of the better spyware removers available
HijackThis (http://merijn.org) (mirrors: 1 (http://spywareinfo.com/~merijn) 2 (http://209.133.47.200/~merijn/) 3 (http://ftp.officefive.org.uk/sites/www.spywareinfo.com/~merijn/) 4 (http://www.richardthelionhearted.com/~merijn)) — Offers utilities to manually select the removal of spyware. A tool for more advanced users.
Microsoft Anti-Spyware [10] (http://www.microsoft.com/athome/security/spyware/software/default.mspx) — (Still in beta as of April 2005)
PestPatrol [11] (http://www.pestpatrol.com/)
Spyware Doctor [12] (http://www.pctools.com/spyware-doctor/)
Spy Sweeper [13] (http://www.webroot.com/land/spysweeperb.php?rc=993)
Spyware Blaster - Stops many spyware programs from running [14] (http://www.javacoolsoftware.com/spywareblaster.html)
X-RayPC Process Analyzer Analyzes processes for spyware [15] (http://www.x-raypc.com)

Communities

Security Forums HijackThis Logs // Malware Removal Forum (http://www.security-forums.com/forum/viewforum.php?f=48) — Spyware and malware removal forum
Google Spyware Removal Group (http://groups-beta.google.com/group/spyware-removal)
Bleeping Computer Spyware Removal Tutorials (http://www.bleepingcomputer.com/forums/tutecat38.html) — tutorials for HijackThis, Spybot, and Ad-Aware.
Geeks To Go (http://www.geekstogo.com/forum) — Hijack assistance and malware removal forum.
Spywareinfo Forums (http://forums.spywareinfo.com/index.php) — help for removing adware, spyware and malware.
ProcessLibrary.com (http://www.processlibrary.com) — site providing users with detailed information on individual running processes.

Guides

Spyware/AdWare/Malware FAQ and Removal Guide (http://www.io.com/~cwagner/spyware/)
doxdesk.com parasite database (http://www.doxdesk.com/parasite/) — Removal instructions for most common spyware/adware/malware parasites.
Computer Security (http://www.boredguru.com/modules/articles/index.php?storytopic=16) — Tips and tricks for manually removing common trojans, adware and spyware.
Magoo's Guide to Eliminating Spyware (http://www.magooswisewords.com/MagoosBook/spyware/remove_spyware_01.htm) - Infomation on how to get rid of spyware and keep it from coming back
Rogue AntiSpyware List (http://www.spywarewarrior.com/rogue_anti-spyware.htm) — list of spyware removal programs to avoid
Spyware Guide (http://www.spywareguide.com) — searchable database of known spyware and adware
CareOfWindowsXP Spyware guide (http://www.careofwindowsxp.com/Spyware.html) — Advice on spyware for beginners

Prevention

Financial investors who support spyware (http://www.benedelman.org/spyware/investors/) A list of investment firms which support large scale spyware companies
How Spyware And The Weapons Against It Are Evolving (http://www.windowsecurity.com/articles/Spyware-Evolving.html) Article discussing why the spyware problem has grown and possible remedies
Spyware Prevention and Removal (http://www.pcreview.co.uk/articles/Internet/Spyware_and_Adware_Removal/) How to prevent Spyware and Adware, and a guide to removing it should the worst happen
Dealing with unwanted spyware and parasites (http://mvps.org/winhelp2002/unwanted.htm)
The Spyware Inferno (http://news.com.com/2010-1032-5307831.html) - article on the rise of spyware, with a hierarchical list of different kinds of spyware based on levels of danger

Template:Software distribution de:Spyware es:Programas espía fr:Logiciel espion it:Spyware he:רוגלה ku:Spyware nl:Spyware ja:スパイウェア pl:Spyware pt:Spyware sv:Spionprogram vi:Phần mềm gián điệp zh:间谍软件

Retrieved from "https://academickids.com:443/encyclopedia/index.php/Spyware"

Categories: Application software | Spyware