What is Spyware?

Spyware refers to computer software, programs, that are installed, usually without the computer users knowledge and gather information about how the computer is being used and the websites the user visits.

The simplest and most insidious form of spyware are so-called “cookies” although not all cookies are bad. These tiny pieces of computer code are loaded into your browser when you visit a site. They are usually required to let you login to an ecommerce site, such as Amazon, or a social networking site like Facebook. They are a necessary evil in such cases, without them login would not necessarily work, but they also allow the owners of various sites to track your browsing on that site.

At worst, however, a cookie might be planted by a less than ethical site that traces your activity across different sites. Modern browsers have built in controls that allow you to control which sites can install cookies. They also let you automatically delete cookies when you close your browser and retain the ones you need on an ad hoc basis.

Spyware, however, is more than crumbling cookies. When the term was first coined in the 1990s it usually referred to a small program that was installed on your computer when you installed another program, such as a freeware or shareware drawing package, text editor, or other application.

Examples of programs that contain spyware include: Bonzi Buddy, Dope Wars, EDonkey2000, Grokster, Kazaa, Morpheus, RadLight, Sony’s Extended Copy Protection, WeatherBug, WildTangent, and SpyEagle. This is not a current or comprehensive list and many of these programs are no longer widely used.

These hidden programs can run in the background when you start your computer and send all kinds of information about your computer activity to a central server owned by the spyware creator.

Initially, such spyware may have been undesirable but it was not necessarily malicious, usually being used simply to gather information about consumer behavior and so produce more targeted advertising campaigns. However, the line between spyware and malicious software (malware) has become very blurred and malware is now commonly used by criminals to steal private information, such as bank details and logins, rather than simply spying on the websites you visit.

Indeed, malware of this kind can not only steal your personal and private data but can surreptitiously manipulate your computer, often without you even knowing anything is wrong. It might, for instance, install additional software or redirect your web searches to specific sites. Spyware/malware often changes computer settings, which can slow your connection speed, change your browser home page or add new and unwanted bookmarks to your favorites list. Occasionally, your computer may accumulate so much software that you lose Internet connectivity or functionality altogether. Rather than refer generically to spyware or malware, the term privacy-invasive software was coined.

As with most threats, there are now companies and organizations that have emerged to respond to the threat and address the problem. Anti-spyware software is now available, including the recommended Spybot S&D (don’t be put off by the old-fashioned website, this is a powerful tool), Adaware (don’t be put off by the cheesy photos and marketspeak, this is also a powerful tool), and Microsoft’s Malicious Software removal tool (this time, don’t be put off by the fact that it’s a Microsoft freebie, for once they got something right with this application). Oh, there’s also SuperAntiSpyware, which sounds pathetically naff, but is very powerful.

Keenly priced security suites, from Zone Labs and Mcafee, and AVG, represent good value as they provide antispyware, firewall, and antivirus all in one package. My only reservation about recommending a suite rather than using three distinct products for each category is that if the suite is compromised by malicious software, then all your security is disabled at the same time. Three distinct products for firewall, virus, and spyware, has the potential to keep you protected on two fronts even if the third is breached and you may have time to reinstall and get re-protected before serious harm is done.

Many antispyware tools are free for personal use. But, be warned, unknown popup windows that appear on your computer are usually themselves spyware and entice you to run checks and download antispyware tools. Do not click them, your computer will be infected with worse still. With some of these popups clicking the X to close the box may trigger a cascade of infection events.

The following is a list of “products” that claim to protect and serve, but are themselves malware. DO NOT INSTALL any of these, no matter how credible the advertising, popup box or whatever that suggests you do may seem.

  • AntiVirus 360
  • Antivirus 2008
  • Antivirus 2009
  • AntiVirus Gold
  • ContraVirus
  • Errorsafe (AKA system doctor)
  • MacSweeper
  • Pest Trap
  • PSGuard
  • Spy Wiper
  • Spydawn
  • Spylocked
  • Spysheriff
  • SpyShredder
  • Spyware Quake
  • SpywareStrike
  • UltimateCleaner
  • WinAntiVirus Pro 2006
  • WinFixer
  • WorldAntiSpy

According to Daniel Garrie formerly of CRA International, in New York, spyware has reached epidemic proportions. “Spyware poses a serious threat of privacy infringement to unassuming internet users across the globe,” he says. Of course, the likes of Phorm and other corporate spyware being tested and run by Internet Service Providers (ISPs) offers an even more insidious and perhaps inescapable threat to privacy. By the way, Phorm and its ilk are referred to euphemistically by the industry as “behavioural advertising companies”. Spies. Here are a few alleged…ahem…behavioural advertisers:

Predicta BT, AdLINK 360, Adaptlogic, Avail, Boomerang, Criteo, DoubleClick (prior to 2002), Leiki, nugg.ad, prudsys, ValueClick, and wunderloop.

These tools monitor your web surfing habits and send information back to the ISP and its collaborators for market research purposes and so that the company can then provide targeted advertising.

Garrie explains that existing European legislation attempts to protect end-users from unethical processing of their personal data. However, he suggests that the technology used in spyware should be outlawed globally, which echoes recent pleas from Chinese researchers to help counter cybercrime at the international level rather than focusing on national defense.

Unfortunately, on the corporate front at least, that is looking unlikely as the FTC in the US is discussing “self-regulation” of the behavioral marketing business and the UK government has just this week announced that it will not investigate Phorm.

Research Blogging IconDaniel B. Garrie (2009). Spyware and national privacy laws: consumer education is empowerment Int. J. Intercultural Information Management, 1 (2), 177-190