Misplaced Pages

Spyware: Difference between revisions

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Browse history interactively← Previous editNext edit →Content deleted Content addedVisualWikitext
Revision as of 05:23, 1 May 2005 editAenar (talk | contribs)447 editsm Reverted edits by 72.9.230.49← Previous edit Revision as of 07:56, 1 May 2005 edit undo62.255.32.14 (talk) External linksNext edit →
Line 168: Line 168:
* — (Still in Beta - as of Apr 2005) * — (Still in Beta - as of Apr 2005)
* — personal and business spyware removal software and checker * — personal and business spyware removal software and checker
* — Find the best spyware removal tools


===Others=== ===Others===

Revision as of 07:56, 1 May 2005

Strictly defined, spyware consists of computer software that gathers and reports information about a computer user without the user's knowledge or consent. More broadly, the term spyware can refer to a wide range of related malware products which fall outside the strict definition of spyware. These products perform many different functions, including the delivery of unrequested advertising (pop-up ads in particular), harvesting private information, re-routing page requests to fraudulently claim commercial site referral fees, and installing stealth phone dialers.

Spyware as a category overlaps with adware. The more unethical forms of adware tend to coalesce with spyware. Malware uses spyware for explicitly illegal purposes. Exceptionally, many web browser toolbars may count as spyware. On the other hand, adware may simply load ads from a server and display them while a user runs a program, with the user's permission; the software developer gets ad revenue, and the user gets to use the program free of charge. In these cases, adware may function ethically. If the software collects personal information without the user's permission (a list of websites visited, for example, or a log of keystrokes), it may become spyware.

Data collecting programs installed with the user's knowledge do not, technically speaking, constitute spyware, provided the user fully understands what data they collect and with whom they share it. However, a growing number of legitimate software titles install secondary programs to collect data or distribute advertisement content without properly informing the user about the real nature of those programs. These barnacles can drastically impair system performance, and frequently abuse network resources. In addition to slowing down throughout, they often have design features making them difficult or impossible to remove from the system.

The first recorded use of the term spyware occurred on October 16, 1995, in a Usenet post that poked fun at Microsoft's business model. Spyware later came to refer to espionage equipment such as tiny cameras. However, in 1999 Zone Labs used the term when they made a press release for the Zone Alarm Personal Firewall. Since then, computer users have used the term in its current sense. 1999 also saw the introduction of the first popular freeware program to include built-in spyware: a humorous and popular game called "Elf Bowling" spread across the Internet in November of 1999, and many users learned with surprise that the program actually transmitted user information back to the game's creator, Nsoft. For many Internet users, "Elf Bowling" provided their first experience with spyware.

In 2000, Steve Gibson of Gibson Research released the first ever anti-spyware program, OptOut, in response to the growth of spyware, and many more software antidotes have appeared since then. More recently Microsoft has released an anti-spyware program and the International Charter now offers software developers a Spyware-Free Certification programme.

According to a study by the National Cyber-Security Alliance, spyware has affected 90% of home PCs.

Spyware and viruses

Spyware can closely resemble computer viruses, but with some important differences. Many spyware programs install without the user's knowledge or consent. In both cases, system instability commonly results.

A virus, however, replicates itself: it spreads copies of itself to other computers if it can. Spyware generally does not self-replicate. Whereas a virus relies on users with poor security habits in order to spread, and spreads so far as possible in an unobtrusive way (in order to avoid detection and removal), spyware usually relies on persuading ignorant or credulous users to download and install itself by offering some kind of bait. For example, one typical spyware program targeted at children, Bonzi Buddy, claims that:

He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE!

A typical piece of spyware installs itself in such a way that it starts every time the computer boots up (using CPU cycles and RAM, and reducing stability), and runs at all times, monitoring Internet usage and delivering targeted advertising to the affected system. It does not, however, attempt to replicate onto other computers — it functions as a parasite but not as an infection.

A virus generally aims to carry a payload of some kind. This may do some damage to the user's system (such as, for example, deleting certain files), may make the machine vulnerable to further attacks by opening up a "back door", or may put the machine under the control of malicious third parties for the purposes of spamming or denial-of-service attacks. The virus will in almost every case also seek to replicate itself onto other computers. In other words, it functions not only as a parasite, but as an infection as well.

The damage caused by spyware, in contrast, usually occurs incidentally to the primary function of the program. Spyware generally does not damage the user's data files; indeed (apart from the intentional privacy invasion and bandwidth theft), the overwhelming majority of the harm inflicted by spyware comes about simply as an unintended by-product of the data-gathering or other primary purpose.

A virus does deliberate damage (to system software, or data, or both); spyware does accidental damage (usually only to the system software). In general, neither one can damage the computer hardware itself (but see CIH virus). Certain special circumstances aside, in the worst case the user will need to reformat the hard drive, reinstall the operating system and restore from backups. This can prove expensive in terms of repair costs, lost time and productivity. Instances have occurred of owners of badly spyware-infected systems purchasing entire new computers in the belief that an existing system "has become too slow." Technicians who hear complaints about a computer "slowing down" (as opposed to "becoming outdated") should probably suspect spyware.

Consequences

Windows-based computers, sometimes those used by children or sometimes those used by adults, can rapidly accumulate a great many spyware components. The consequences of a moderate to severe spyware infection (privacy issues aside) generally include a substantial loss of system performance (over 50% in extreme cases), and major stability issues (crashes and hangs). Difficulty in connecting to the Internet also commonly occurs as some spyware (perhaps inadvertently) modifies the DLLs needed for connectivity.

As of 2004, spyware infection causes more visits to professional computer repairers than any other single cause. In more than half of these cases, the user has no awareness of spyware and initially assumes that the system performance, stability, and/or connectivity issues relate to hardware, Windows installation problems, or a virus. (On the other hand, older versions of Windows itself, as well as CPU undercooling, can manifest spyware-like symptoms, specifically including instability or slowness.)

Some spyware products have additional consequences. Stealth dialers attempt to connect directly to a particular telephone number rather than to the user's own internet service provider: where connecting to the number in question involves long-distance or overseas charges, this can result in massive telephone bills which the user has no choice but to pay.

A few spyware vendors, notably 180 Solutions, have written what the New York Times has dubbed "stealware" — spyware applications that redirect affiliate links to major online merchants such as eBay and Dell, effectively hijacking the commissions that the affiliates would have expected to earn in the process.

Some other types of spyware (Targetsoft, for example) even go to the extent of modifying system files to make themselves harder to remove. (Targetsoft modifies the Winsock (Windows Sockets) files. The deletion of the spyware-infected file "inetadpt.dll" will interrupt normal networking usage.)

Installation

Spyware normally installs itself through one of three methods:

  1. The spyware component comes bundled with an otherwise apparently useful program. The makers of such packages usually make them available for download free of charge, so as to encourage wide uptake of the spyware component. This applies especially with file-sharing clients such as Kazaa and earlier versions of Bearshare. (To address this concern, and to discourage the U.S. Congress from regulating the P2P "industry", P2P United formed to promise informed consent and easy removal. Kazaa does not form part of P2P United. -- Note furthermore that anti-spyware removers generally do not remove spyware applications from their databases because of such changes. Lavasoft has come under criticism from some on its support forums for reaching agreements with former vendors of spyware to be removed from their database. Lavasoft representatives say they remove spyware if it no longer meets their inclusion criteria.)
  2. The spyware takes advantage of security flaws in Internet Explorer.
  3. Internet Explorer can also install spyware on your computer either via a drive-by download with or without any prompt. A drive-by download takes advantage of easy installation via an ActiveX control (or several ActiveX components) with or without a prompt, depending on security settings within Internet Explorer.

Spyware can also install itself on a computer via a virus or an e-mail trojan program, but this does not commonly occur.

An HTTP cookie, a well-known mechanism for storing information about Internet users on their own computers, often stores an individual identification number for subsequent recognition of a website visitor. However, the existence of cookies and their use generally does not hide from users, who can also disallow access to cookie information. Nevertheless, to the extent that a Web site uses a cookie identifier (ID) to build a profile about the user, who does not know what information accumulates in this profile, the cookie mechanism could count as a form of spyware. For example, a search engine website could assign an individual ID code to a user the first time he or she visits and store all search terms in a database with this ID as a key on all subsequent visits (until the expiry or deletion of the cookie). The search engine could use this data to select advertisements to display to that user, or could — legally or illegally — transmit derived information to third parties.

Granting permission for web-based applications to integrate into one's system can also load spyware. These Browser Helper Objects — known as Browser Hijackers — embed themselves as part of a web browser.

Spyware usually installs itself by some stealthy means. User agreements for software may make references (sometimes vague) to allowing the issuing company of the software to record users' Internet usage and website surfing. Some software vendors allow the option of buying the same product without this overhead.

Solutions

To avoid spyware issues altogether, networked computer users should refrain from installing any piece of software that seems too good to be true, such as bogus "free" music downloads and the like. To remedy spyware problems completely (albeit temporarily), the following advice for users of Microsoft Windows may apply:

CAUTION! For advanced users only! If the computer's performance has degraded to such a state that that computer no longer functions usefully and reliably, the user may have to consider the option of a clean install. Novice users should avoid this solution; and the more experienced should only consider it when a problem has become so severe that the Windows-based PC has essentially become non-functional. Please note that one must have a complete back up of one's data along with all the setup disks that came with one's PC. A clean install means erasing all the data from ones hard drives, formatting, and re-installing the operating system. Only advanced users or a computer technician should attempt this remedy.

Use of automatic updates (on Windows systems), antivirus, and other software upgrades will help to protect systems. Software bugs and exploits remaining in older software leave computers vulnerable, because malefactors rapidly learn how to exploit unpatched systems.

Users of Windows-related operating systems who wish to stay protected should install Windows XP SP2 along with all the latest security updates and hotfixes available via Windows Update. As suggested below, Windows Antispyware may greatly reduce the chances of having system performance lag; Windows-users can download this program free of charge as of March 2005, and some believe this situation will continue. Microsoft-users who do not want to invest in Windows XP can secure older Windows versions (98, ME and 2K) by keeping patches up-to-date and by regularly scanning for spyware. If possible, users of Windows 95 should replace their operating system — even in a home environment — as it has stability and other concerns aside from spyware.

A number of software applications exist to help computer users search for and remove spyware programs. (See sections Spyware Removal Programs and External links below.) Some programs purge a system of spyware, only to install their own.

As some spyware takes advantage of Internet Explorer vulnerabilities, using a less vulnerable browser such as Mozilla Firefox or Opera may also help.

Disabling ActiveX in Internet Explorer will prevent some infections. However, websites that make use of ActiveX will not work in this scenario.

Currently-known spyware does not specifically target non-Windows systems, such as those running Mac OS or Linux. However, such systems can store browser cookies. Changing security settings may make installing spyware on a Linux system impossible. As such, it seems plausible that no economic incentive to create spyware for non-Windows systems may exist in the forseeable future.

An important factor in dampening the spread of spyware involves knowing, as an end-user, the actual need for new software. A rational, cold, observation will lead in many cases to the genuine conclusion that one does not need a certain piece of new software, thus preventing at once even the potentiality of a problem spreading. This difficult solution requires some thinking and some knowledge. When one wishes to install a new program (in particular one available free of charge) it makes sense to use a search engine to see if this program has a reputation for bundling spyware. Some programs,such as AOL Instant Messenger, have debatable components that one can be uncheck at the time of installing the program; it pays not to rush through the installer.

Technical solutions to problems such as spyware may inherently contain flaws. Indeed, what a tool considers as acceptable may differ from what the end user wants. Take the example of signed software. Signature recognition implies that the corporation providing the operating system somehow knows the software considered suitable for installation, independently of what the user actually considers acceptable. No system actually knows nor can automate such a decision. Nor can cryptography verify the innocuous nature of a program; at most, it can verify the identity of the program's author.

Definitive solutions to spyware issues seem unlikely, because the problems do not lend themselves to a fully rational approach. Also, governments internationally have yet to grasp the importance of spyware and to pass laws to counter its spread. The problem seems likely to grow until they do so.

Enterprise Anti-Spyware Products

Enterprise-level anti-virus products (such as Symantec, McAfee, Trend Micro, etc.) have lagged in responding to the threat of spyware. Possible reasons for this include:

  • Differences between spyware and viruses
    • End-users usually install spyware themselves, even though they may have no idea of the consequences of their actions
    • Spyware may inform end-users, albeit in hidden legal jargon, what it will do. Organisations manufacturing and spreading spyware can use this escape clause - "Well, we told the user what our software would do, and they installed it anyway"
  • The difficulty of defining spyware
    • Defining spyware can pose problems because spyware can come bundled with legitimate programs that a user agrees to install
  • Legal Issues
    • Viruses usually originate with individuals. However, spyware originates from companies, often from companies with large teams of programmers. They also employ effective legal teams. Companies which produce spyware can sue makers of anti-spyware software for listing their product(s) as spyware. This makes the matter of scanning for and cleaning spyware off of machines different than in the anti-virus world, as virus writers operate anonymously outside the law and would reveal their identity by suing.

Companies have started to respond to the spyware threat. Webroot Software's Spy Sweeper and Lavasoft's Ad-aware both have enterprise product versions that offer a level of protection similar to that offered by anti-virus companies. Many companies have started to offer products in this area, but the market still resembles the wild west and the early days of the Internet - commercial winners and losers and standards have yet to emerge.

Legal aspect in the US

The United States has made several steps in preventing spyware installation on home computers. The Computer Fraud and Abuse Act covers unauthorized installations. Existing laws including false advertising, deceptive business practices, and trespass can be applied in some cases against spyware.

New York Attorney General Eliot Spitzer on April 28, 2005 "sued a major Internet marketer, claiming the company installed spyware and adware that secretly install nuisance pop-up advertising on screens which can slow and crash personal computers. Spitzer said the suit filed in New York City against Intermix Media Inc. of Los Angeles combats the redirecting of home computer users to unwanted Web sites and its own Web site that includes ads, the adding of unnecessary toolbar items and the delivery of unwanted ads that pop up on computer screens. After a six-month investigation Spitzer concluded the company installed a wide range of advertising software on countless personal computers nationwide."

Known spyware

The following (incomplete) list of spyware programs classifies them by their effects:

Generating pop-ups:

Generating pop-ups, damaging and/or slowing computers:

Hijacking browsers:

  • CoolWebSearch - a well-known browser hijacker; some variants have a reputation for damaging the TCP stack when forcibly uninstalled
  • Euniverse
  • Xupiter

Committing fraud:

Stealing information:

  • Back Orifice (arguably better categorized as a Trojan Horse, since its open source code militates against secrecy and -- unlike most spyware -- it has no commercial motive. Also has legitimate uses such as remote administration.)

Masquerading as a spyware-remover:

Miscellaneous:

  • Internet Optimizer (Advertising, fake alert messages, possible privacy violation, security risk)
  • MarketScore (Claims to speed up Internet connections: serious privacy violation, loss of Internet connection on some systems)
  • CnsMin (Made in China; privacy violation. Preset in many Japanese PCs as JWord!)

Known programs bundling adware

  • Kazaa
  • Bearshare
  • DivX (except for the paid version, and the 'standard' version without the encoder)
  • Note: Also any related P2P networking software may also contain some type of known spyware. Users should read software licenses carefully.

Spyware removal programs

It is good practice to use two or more different spyware removal programs in combination to prevent infections.

See also

External links

Removal

Others

Prevention

Software distribution
Licenses
Compensation models
Delivery methods
Deceptive and/or illicit
Software release life cycle
Copy protection
Categories: