While the term spyware suggests software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring. Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity. Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs. In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term privacy-invasive software.
In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices for computers, especially those running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer. The US Federal Trade Commission has placed on the Internet a page of advice to consumers about how to lower the risk of spyware infection, including a list of "do's" and "don'ts."
History and development
The first recorded use of the term spyware occurred on October 16, 1995 in a Usenet post that poked fun at Microsoft's business model.Spyware at first denoted hardware meant for espionage purposes. However, in early 2000 the founder of Zone Labs, Gregor Freund, used the term in a press release for the ZoneAlarm Personal Firewall.Since then, "spyware" has taken on its present sense.According to a 2005 study by AOL and the National Cyber-Security Alliance, 61 percent of surveyed users' computers had some form of spyware. 92 percent of surveyed users with spyware reported that they did not know of its presence, and 91 percent reported that they had not given permission for the installation of the spyware.As of 2006, spyware has become one of the preeminent security threats to computer systems running Microsoft Windows operating systems. Computers where Internet Explorer (IE) is the primary browser are particularly vulnerable to such attacks not only because IE is the most widely-used,but because its tight integration with Windows allows spyware access to crucial parts of the operating system.Before Internet Explorer 7 was released, the browser would automatically display an installation window for any ActiveX component that a website wanted to install. The combination of user naiveté towards malware and the assumption by Internet Explorer that all ActiveX components are benign, led, in part, to the massive spread of spyware. Many spyware components would also make use of exploits in Javascript, Internet Explorer and Windows to install without user knowledge or permission.
The Windows Registry contains multiple sections that by modifying keys values allows software to be executed automatically when the operating system boots. Spyware can exploit this design to circumvent attempts at removal. The spyware typically will link itself from each location in the registry that allows execution. Once running, the spyware will periodically check if any of these links are removed. If so, they will be automatically restored. This ensures that the spyware will execute when the operating system is booted even if some (or most) of the registry links are removed.
Comparison
Spyware, adware and trackingThe term adware frequently refers to any software which displays advertisements, whether or not the user has consented. Programs such as the Eudora mail client display advertisements as an alternative to shareware registration fees. These classify as "adware" in the sense of advertising-supported software, but not as spyware. Adware in this form does not operate surreptitiously or mislead the user, and provides the user with a specific service.
Most adware is spyware in a different sense than "advertising-supported software," for a different reason: it displays advertisements related to what it finds from spying on you. Gator Software from Claria Corporation (formerly GATOR) and Exact Advertising's BargainBuddy are examples. Visited Web sites frequently install Gator on client machines in a surreptitious manner, and it directs revenue to the installing site and to Claria by displaying advertisements to the user. The user receives many pop-up advertisements.
Other spyware behavior, such as reporting on websites the user visits, occurs in the background. The data is used for "targeted" advertisement impressions. The prevalence of spyware has cast suspicion upon other programs that track Web browsing, even for statistical or research purposes. Some observers describe the Alexa Toolbar, an Internet Explorer plug-in published by Amazon.com, as spyware, and some anti-spyware programs such as Ad-Aware report it as such. Many of these adware distributing companies are backed by millions of dollars of adware-generating revenues. Adware and spyware are similar to viruses in that they can be considered malicious in nature. People are profiting from misleading adware, sometimes known as scareware, such as Antivirus 2009.
Similarly, software bundled with free, advertising-supported programs such as P2P act as spyware, (and if removed disable the 'parent' program) yet people are willing to download it. This presents a dilemma for proprietors of anti-spyware products whose removal tools may inadvertently disable wanted programs. For example, recent test results show that bundled software (WhenUSave) is ignored by popular anti-spyware program Ad-Aware, (but removed as spyware by most scanners) because it is part of the popular (but recently decommissioned) eDonkey client. To address this dilemma, the Anti-Spyware Coalition has been working on building consensus within the anti-spyware industry as to what is and isn't acceptable software behavior. To accomplish their goal, this group of anti-spyware companies, academics, and consumer groups have collectively published a series of documents including a definition of spyware, risk model, and best practices document.
Spyware, virus and worm
Unlike viruses and worms, spyware does not usually self-replicate. Like many recent viruses, however, spyware—by design—exploits infected computers for commercial gain. Typical tactics include delivery of unsolicited pop-up advertisements, theft of personal information (including financial information such as credit card numbers), monitoring of Web-browsing activity for marketing purposes, and routing of HTTP requests to advertising sites.However, spyware can be dropped as a payload by a worm.
