Spyware

Definition
There seems to be no firm definition of spyware; but, in practice, it is any software that runs on your computer, modifies your system settings, or collects data and uses it without your full knowledge and permission. Spyware is as widespread as computer viruses and similar threats, and its prevalence continues to escalate. Ninety percent of computers are believed to have at least one (probably many) of the hundreds of known spyware programs already installed on them.

Spyware has been subdivided into various categories, but the distinctions among them are not clear-cut. Nor is the distinction between spyware and other types of electronic threats. Here are some of the categories:

  • Adware, in its most benign form, is not spyware. It provides advertisements with your consent, often in exchange for the free or low cost use of a program that has desirable features. When you stop running the program or uninstall it, the ads no longer appear. However, adware becomes spyware if it also changes settings without your consent, performs a surreptitious privacy-invading function (e.g., collecting your personal data) or reports your Internet browsing activity to advertisers.
  • Pestware doesn’t have an uninstall function or is very difficult to eliminate. It usually needs to be removed manually by someone who knows the difference between the pestware and the legitimate system files that it has appropriated. Even if you uninstall the program that brought the pestware into your computer, the pestware itself will continue to function.
  • Malware or Crimeware is used for clearly illegal purposes such as stealing credit card numbers or passwords.

How it gets onto your computer
Spyware can be installed when you do one or more of the following:

  • download a free file or program (e.g., music file, game, video clip, animation) that contains a hidden spyware function
  • open an email attachment containing an electronic threat that subsequently installs the spyware
  • click on a link inside an email that contains a malicious script
  • download a plug-in (with spyware built in) from a Web site that claims the plug-in is necessary for browsing the site
  • visit a spyware-generating Web site with a Web browser whose security loophole is being exploited by the site
  • install peer-to-peer file sharing software that has built-in spyware
  • agree to the installation of a program that has the installation of spyware as one of the provisions of the program’s license agreement

What spyware does
Various forms of spyware have been known to do one or more of the following:

  • generate pop-up ads
  • make a record of the Web sites you visit
  • change your browser’s start page
  • disconnect you from your Internet service provider
  • log your keystrokes
  • steal your personal information (e.g., passwords, credit card numbers, online banking information)
  • modify your system files to make removal of the spyware difficult or disruptive
  • use your modem to make long distance calls that you are charged for
  • commandeer your computer and use it to send out spam or participate in a denial of service attack on a selected Web site

Spyware usually begins running as soon as you boot up your computer and runs continuously, wasting your computer’s resources (e.g., RAM, CPU cycles), slowing it down or causing it to crash frequently. In addition, when spyware is sending information from your computer over the Internet, it is wasting bandwidth and slowing down traffic. Unlike viruses and worms, spyware cannot replicate itself, but these threats can be used to deliver spyware.

Minimizing the possibility of getting it

  • Keep your operating system up to date.
    This is crucial. Depending on your operating system, it may be possible to have updates downloaded and installed automatically.
  • Install and use a firewall. (See¬†Firewall.)
    Firewalls can’t prevent the installation of spyware once it’s been brought into your computer by another program, but they can keep spyware from sending out the information it gathers. However, firewalls can protect you from the small amount of spyware that’s sent out by hackers.
  • Install and use antispyware.
    Some anti-spyware programs can only detect and remove spyware that’s already installed. Others prevent spyware from being installed in the first place but don’t detect what’s already there. It’s a good idea to use more than one anti-spyware program, because they find different threats. Whatever programs you use, be sure to update them as soon as you install them and every few days afterward. The following ones are freeware. You can find comparison reviews of these and others on the Internet:

    • SpywareBlaster
      Prevents spyware installation
    • SpyBot Search & Destroy
      Detects installed spyware
    • Ad-Aware
      Detects installed spyware
    • Trend Micro HijackThis
      Detects installed spyware, many false positives;
      WARNING: You could disable your computer if you delete some of the items found in the logs that HijackThis creates when it scans your system. Before you run this program, go to one of the online forums that specialize in helping users to delete only the registry entries and other files associated with spyware. Follow their established procedures for cleaning up your computer and posting a HijackThis log. For example, see Spyware Warrior or WhattheTech: HijackThis РQuick Start.
    • Windows Software Removal Tool, released monthly by Microsoft, detects a small set of malicious software.
  • Maintain appropriate browser security settings.
    Set them at medium or higher. Be sure that your settings will warn you if there is an attempt to download an ActiveX control or plugin when you visit certain Web sites. Otherwise, you could unwittingly become a victim of a “drive-by download” containing spyware.
  • Heed warnings about downloading ActiveX controls or plugins.
    Some Web sites make it appear that you’ll need to download a control or plugin so that you can use all the features of the site. Some of these may be labeled as “security” downloads. However, these downloads may bring you spyware. If you can’t view the site without the download, it isn’t worth the risk.
  • Don’t close a pop-up window by clicking on a link inside the window.
    You may install spyware if you click on an OK, Agree or Close link. Instead, click on the red X (if there is one) in the upper right corner. If there isn’t one, hold down the Alt key and press the F4 key.
  • Don’t use an email preview feature.
    If you use Outlook or Outlook Express for email, turn off the “Preview Pane” feature. Otherwise, if you preview an email message containing a spyware-installing script, you’ll get spyware.
  • Beware of offers that seem too good to be true.
    Free programs are often Trojan horses that bring in spyware. Downloading such programs is probably the most common way that spyware is acquired. Use a search engine to get information on a suspicious program before you download it.
  • Be cautious about opening email attachments.
    Attachments can harbor a host of troublesome computer threats, including spyware.
  • Don’t click on any link inside an email unless you are certain about its origin and intent.
    Clicking on such links can result on crimeware or malicious scripts being installed on your computer.
  • Read license agreements carefully.
    When you install a piece of software, make sure you know all the provisions of the agreement that comes with it. That document may be very difficult to understand and may contain a statement about installing one or more spyware programs on your computer.
  • Make sure that other users of your computer know about spyware.
    It’s important that every user take precautions to prevent the installation of spyware and other threats.

Indications that you may already have spyware
Newer spyware programs are designed to work in the background, with little indication of their presence. However, you might have spyware if you notice one or more of the following:

  • Your computer runs sluggishly or hangs up frequently.
  • Pop-up ads appear, even if you’re not online.
  • Your browser settings change unexpectedly.
  • An undeletable tool bar appears in your browser.
  • Your phone bill shows a number of expensive long-distance calls that you didn’t make.
  • You can no longer connect to your Internet service provider.

Getting rid of spyware
Even if you are able to identify and delete the downloaded file that originally contained it, the spyware will often continue to operate, having already installed itself elsewhere in your computer. Very often spyware uses legitimate files, so if you try to delete it manually without knowing which files to keep, you may remove crucial system files. Be sure to get help from an experienced person if you need to remove the spyware manually. In many cases you can use one or more anti-spyware programs like those mentioned above, but make sure you get a legitimate one. Some so-called anti-spyware programs actually install spyware instead of removing it.

More about spyware and protection from it
There are numerous spyware information pages in the Internet. One that appears to be particularly useful is The Spyware Warrior Guide to Anti-spyware Programs: Feature Comparison, which contains reviews of various programs and recommends several free tools. Elsewhere on this site are a forum and a blog.

Go to Safe Computing at NC State.