Spyware ... Part 1

Introduction

Strictly defined, spyware consists of computer software that gathers and reports information about a computer user without the user's knowledge or consent. More broadly, the term spyware can refer to a wide range of related malware products which fall outside the strict definition of spyware. These products perform many different functions, including the delivery of unsolicited advertising (pop-up ads in particular), harvesting private information, re-routing page requests to fraudulently claim commercial site referral fees, and installing stealth phone dialers.

Categories

Spyware as a category overlaps with adware. The more unethical forms of adware tend to coalesce with spyware. Malware uses spyware for explicitly illegal purposes. Exceptionally, many web browser toolbars may count as spyware. On the other hand, adware may simply load ads from a server and display them while a user runs a program, with the user's permission; the software developer gets ad revenue, and the user gets to use the program free of charge. In these cases, adware may function ethically. If the software collects personal information without the user's permission (a list of websites visited, for example, or a log of keystrokes), it may become spyware.

Data collecting programs installed with the user's knowledge do not, technically speaking, constitute spyware, provided the user fully understands what data they collect and with whom they share it. However, a growing number of legitimate software titles install secondary programs to collect data or distribute advertisement content without properly informing the user about the real nature of those programs. These barnacles can drastically impair system performance, and frequently abuse network resources. In addition to slowing down throughput, they often have design features which make them difficult or impossible to remove from the system.

History

The first recorded use of the term spyware occurred on October 16, 1995, in a Usenet post that poked fun at Microsoft's business model. Spyware later came to refer to espionage equipment such as tiny cameras. However, in 1999 Zone Labs used the term when they made a press release for the Zone Alarm Personal Firewall. Since then, computer users have used the term in its current sense. 1999 also saw the introduction of the first popular freeware program to include built-in spyware: a humorous and popular game called "Elf Bowling" spread across the Internet in November of 1999, and many users learned with surprise that the program actually transmitted user information back to the game's creator, Nsoft. For many Internet users, "Elf Bowling" provided their first experience with spyware.

In 2000, Steve Gibson of Gibson Research released the first ever anti-spyware program, OptOut, in response to the growth of spyware, and many more software antidotes have appeared since then. More recently Microsoft (http://www.microsoft.com) has released an anti-spyware program and the International Charter now offers software developers a Spyware-Free Certification  programme.

According to a study by the National Cyber-Security Alliance, spyware has affected 90% of home PCs.

Spyware and viruses

Spyware can closely resemble computer viruses, but with some important differences. Many spyware programs install without the user's knowledge or consent. In both cases, system instability commonly results.

A virus, however, replicates itself: it spreads copies of itself to other computers if it can (self replicating viruses are called worms). Spyware generally does not self-replicate. Whereas a virus relies on users with poor security habits in order to spread, and spreads so far as possible in an unobtrusive way (in order to avoid detection and removal), spyware usually relies on persuading unaware users to download and install itself by offering some kind of bait. For example, one typical spyware program targeted at children, Bonzi Buddy, claims that:

He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE!

A typical piece of spyware installs itself in such a way that it starts every time the computer boots up (using CPU cycles and RAM, and reducing stability), and runs at all times, monitoring Internet usage and delivering targeted advertising to the affected system. It does not, however, attempt to replicate onto other computers — it functions as a parasite but not as an infection.

A virus generally aims to carry a payload of some kind. This may do some damage to the user's system (such as, for example, deleting certain files), may make the machine vulnerable to further attacks by opening up a "back door", or may put the machine under the control of malicious third parties for the purposes of spamming or denial-of-service attacks. The virus will in almost every case also seek to replicate itself onto other computers. In other words, it functions not only as a parasite, but as an infection as well.

The damage caused by spyware, in contrast, usually occurs incidentally to the primary function of the program. Spyware generally does not damage the user's data files; indeed (apart from the intentional privacy invasion and bandwidth theft), the overwhelming majority of the harm inflicted by spyware comes about simply as an unintended by-product of the data-gathering or other primary purpose.

A virus does deliberate damage (to system software, or data, or both); spyware does accidental damage (usually only to the system software). In general, neither one can damage the computer hardware itself (but see CIH virus). Certain special circumstances aside, in the worst case the user will need to reformat the hard drive, reinstall the operating system and restore from backups. This can prove expensive in terms of repair costs, lost time and productivity. Instances have occurred of owners of badly spyware-infected systems purchasing entire new computers in the belief that an existing system "has become too slow."


More ...