The brief history of personal computing is replete with advances in productivity, processing power and entertainment. From word processing to e-mail to the World Wide Web, computer technology has forever changed the way we work and play. As with any new technology, however, these advances have also provided new methods for criminals to separate us from our money. One of those methods is spyware.
According to a number of sources, the first use of the term spyware occurred in a 1994 posting that made light of Microsoft's business model. Later, the term was used to describe devices used for spying, such as small cameras and microphones. In 2000, a press release from security software provider Zone Labs used the current meaning of spyware for the first time and it's been used that way ever since.
Spyware is software that resides on a computer and sends information to its creator. That information may include surfing habits, system details or, in its most dangerous form, passwords and login information for critical applications such as online banking. Many spyware programs are more annoying than dangerous, serving up pop-up ads or gathering e-mail addresses for use in spam campaigns. Even those programs, however, can cost you valuable time and computing resources.
Often, spyware comes along with a free software application, such as a game or a supposed productivity booster. Once it's downloaded to your computer, the functional element of the software works exactly as promised, while the information-gathering system sets up shop behind the scenes and begins feeding your personal data back to headquarters.
In many cases, the hidden activities of the software are clearly described in the end-user license agreement (EULA) that is displayed during the installation process. This protects the developer from potential legal action because they can prove you knew (or should have known) that the program included this functionality when you installed it. Most of us, however, don't read EULAs because they are long, boring and written in hard-to-understand legalese. As further proof that there's a software application for everything these days, you can now obtain software that will read EULAs for you and display a warning if keywords or phrases indicate there's a spyware risk.
Other Types of Malware
In addition to spyware, there are other kinds of invasive programs that can make your computing life miserable, so it's worth it to take a moment to define a few terms:
Malware: Short for malicious software, malware is a catch-all phrase used to define any program that runs on a computer without the user's knowledge and performs predetermined functions that cause harm. In that sense, spyware can also be malware.
Adware: Similar to spyware and malware, in that it resides on a computer without the user's knowledge, adware specifically refers to programs that display pop-up advertisements. The subject matter of the ads is often based on surfing habits, but may also be tied to a specific advertiser.
Virus: As the name implies, a virus is a program that is designed to spread itself among files on a single computer or computers on a network -- usually the Internet. Often, crackers (hackers with malicious intent) create these programs just to see how far they will spread. Unfortunately, even a supposedly harmless virus can have a serious effect on processing and network operations.
Worm: Similar to a virus, a worm spreads itself around a network. Worms, however, do so by making copies of themselves as they spread. They also may be capable of changing their profile to avoid detection.
Trojan: Like the infamous horse of Greek mythology, the computer version takes on the appearance of something benign, such as an update or add-on to an actual program. Once on your computer, it may perform harmful functions such as erasing your hard disk or deleting all your image files. Like spyware, a Trojan may also gather information and send it to the developer.
Cookie: While cookies aren't really malware, they can be used in similar ways. Cookies are small data files used by Web sites to store information on your computer. For example, a shopping site may want to identify items you've looked at, but not purchased, or store data on current purchases until you head for the checkout. A less scrupulous site, however, may decide to look through your cookies for personal information, such as recent sites you have visited.
The Effects of Spyware
In its most benign form, spyware can gather data on your Web surfing habits and serve up ads for specific products or services. It can also turn your computer into a zombie system, sending spam e-mail messages to your contacts and far beyond. Your system can also be used to store data, such as e-mail lists, personal information or illegal images. Some spyware programs are designed to capture every keystroke and mouse click, allowing hackers to follow you around the Web in real time, as you log in to your bank account or other important sites.
Spyware cost one substitute teacher her job and almost put her in jail. In October 2004, 37-year old Julie Amero was substitute teaching in a seventh-grade class at Kelly Middle School in Norwich, Conn. Amero, who said she wasn't an experienced computer user, had finished checking her personal e-mail and left the room briefly to use the restroom. When she returned, some children were standing around the computer giggling at a series of semi-pornographic images that were popping up in various windows on the screen.
Amero said she didn't even know how to turn the machine off and tried unsuccessfully to get the images to stop. When she asked for assistance from the school's vice-principal, she was told not to be concerned about it. At the end of the day, angry parents began calling the school, having been informed of the incident by their children. Alarmed by the frantic calls, the school alerted police, who arrested Amero. Prosecutors charged her with several counts of risk of injury to a minor.
The prosecution relied on a witness who told jurors Amero had clearly clicked on the link that brought up the dangerous images. As a result, she was convicted on four counts and faced up to 40 years in prison. Alex Eckelberry, CEO of Sunbelt Software, heard about the case and set out to prove the incident was the result of spyware. With the assistance of other computer experts, Eckelberry convinced the judge overturn the conviction and order a new trial.
As prosecutors waffled on whether or not to retry her, Amero agreed to plead guilty to a single count of disorderly conduct in November 2008 to avoid further court time. At the time of this writing, Amero is no longer allowed to work as a teacher and had been unable to find other work [source: ABC News]
PandaLabs recently conducted a research study on identity theft spyware. The report contained some startling statistics:
- Of the 67 million devices PandaLabs scanned in 2008, more than 10 million had some form of spyware designed to steal personal data. Only 35 percent of all devices had updated antivirus tools installed.
- In the United States, personal data retrieval spyware affected more than three million people in 2008.
- Infections grew by an incredible 800 percent in the second half of 2008, compared to the first half.
- Based on trends over a period of 14 months, PandaLabs estimates the infection rate of ID theft spyware will increase 339 percent per month in 2009.
Spyware is against the law -- sort of. The federal government and many states have passed laws against installing software on a computer without the user's consent and using spyware to gather personal information, such as passwords. The problem is that many users actually consent to spyware being included when they download and install free utilities or games. As mentioned earlier, when you click on the Next button to install software, stating you have read and understand the end user license agreement, you're allowing spyware to go to work on your computer.
When it comes to spyware, the best defense is a great offense. Taking action to avoid getting spyware on your computer in the first place helps prevent you from becoming a victim. That is, of course, easier said than done. However, there are a number of actions you should take to guard against the spyware threat:
- Keep Windows up-to-date by setting up automatic updates in the control panel. Microsoft issues critical updates at least monthly. Many of those are designed to eliminate or avoid specific spyware threats.
- Install an anti-virus software package and keep it updated at all times. There are many of these available, some of which are free. The most popular brands include Norton, Microsoft Defender, McAfee, Spybot, Search & Destroy, Pest Control and Grisoft. Your Internet service provider may offer a utility or guide you to a recommended solution, too.
- Don't download shareware (or anything else for that matter) from unknown sources. Seek out reliable providers of free utilities, such as download.com.
- When you do download software, read the end user license agreement before committing to the installation. When in doubt, do not install the software.
- Don't click on any pop-up or advertisement for free anti-spyware software. These are almost always fake, even if they carry the name and logo of a well-known publisher. Ironically, this is a very popular method used to distribute spyware and other malware. If you're looking for anti-virus software, go directly to the company's Web site and be sure you're where you think you are.
- Set your browser and operating system security level to at least the medium setting (or higher) for best results. You may see a few more warning messages, but it's a small price to pay for security.
- Install a firewall and, if you have a home network, use a separate router, rather than sharing the Internet connection through one of your computers. This puts one more barrier between you and the bad guys.
- Avoid questionable Web sites. If you visit a site that seems strange, there's a good chance you shouldn't be there.
- If a virus alert appears on your screen as you visit a Web site, don't click on it, even to close it. Instead, type control-alt-delete to launch the Task Manager and use the "End Task" command to close the window. Next, use your own anti-virus software to run a complete scan of the system.
- Never open an e-mail attachment if you're uncertain of its source.
If, despite all your efforts, you find your computer has spyware on it, stop working immediately and disconnect the computer from the Internet to avoid passing any information to the bad guys. Run a comprehensive scan using your anti-virus software. It's also wise to contact the help desk of the company that manufactured your computer for advice on how to proceed. Your Internet service provider may be helpful, too.
Updated anti-virus or anti-spyware software will probably catch the errant program, display a warning and take care of the problem for you. Again, that's only if you have a solid protection package in place and are keeping it and your operating system updated at all times.
If all else fails, you may have to reformat your hard drive, reinstall the operating system and software and copy your data back to your drive. While painful and time-consuming, this solution also serves to clean up the system, eliminating unused applications and data. This is almost certain to make the machine run faster and increase the space available on your hard drive. Just be sure you have a recent, clean backup of your data prior to taking the plunge.
While the number of threats to computers seems to increase almost daily, the defense mechanisms available to protect them are also growing in number and sophistication. Today, most users can protect themselves from spyware through the vigilant application and maintenance of the operating system and reputable anti-virus software.
For more information on viruses, spyware, Trojans and other nefarious software, scan over to the next page.
- Dang, Alan. "Behind Pwn2Own: Exclusive Interview with Charlie Miller." Tom's Hardware. March 25, 2009. (April 6, 2009)http://www.tomshardware.com/reviews/pwn2own-mac-hack,2254.html
- Ibanga, Imaeyen. "Teacher: Wrong Computer Click Ruined My Life." ABC News. Jan. 27, 2009. (April 6, 2009) http://abcnews.go.com/GMA/Story?id=6739393
- Magid, Larry. "It Pays to Read License Agreements." PC Pitstop. (April 15, 2009) http://www.pcpitstop.com/spycheck/eula.asp
- Panda Security. PandaLabs Blog. "PandaLabs Quarterly Report January-March 2009." (April 7, 2009)http://www.pandasecurity.com/img/enc/Quarterly_Report_PandaLabs_Q1_2009.pdf
- Scambusters.org. "Protect Yourself from Fake Antivirus Software." (April 2, 2009) http://www.scambusters.org/fakeantivirus.html
- spamlaws.com. "Spyware and the Law." (April 7, 2009)http://www.spamlaws.com/spyware-laws.html
- Spyware Warrior. "The Spyware Warrior List of Rogue/Suspect Antispyware Products & Web Sites." (April 8, 2009)http://www.spywarewarrior.com/rogue_anti-spyware.htm
- U.S. Federal Trade Commission. "Federal Trade Commission's Information on Spyware." (April 7, 2009)http://www.ftc.gov/bcp/edu/microsites/spyware/index.html