In a narrow sense, spyware is a term for some tracking technologies (specifically, executable applications) deployed on your computer without adequate notice, consent, or control. Spyware can monitor your activities online and/or perform functions without your knowledge or consent. Depending on the program, spyware can track and report on every Web site you visit, generate pop-up advertising, change your home page and browser settings, or record every key you press.
In its broader sense, spyware is also commonly used as the overall name for most types of potentially unwanted technologies detected by popular anti-spyware programs.
These technologies are implemented in ways that impair your control over the following: collection, use, and distribution of your personal information; material changes that affect your desktop experience, privacy, or system security; and use of your system resources. These are items that users of anti-spyware software will want to be informed about and that they may want to easily remove or disable.
Adware is a subset of the broader spyware category, which is designed to
deliver targeted advertising to your Web browser, especially through the use of pop-up ads. Adware is often bundled with other software programs, such as peerto- peer file-sharing software, games, or other utilities that can be downloaded for free from the Web. Adware knows what kinds of ads to deliver to you because it tracks the places you surf. For instance, if you surf to a car rental site, an adware program might generate a pop-up ad that a competing car rental company has paid the adware company to deliver to you. Besides tracking your behavior and annoying you with ads, adware may also open a connection on the Internet to report your surfing habits back to a central server. This information, which may
include your age, your sex, your shopping habits, and even your location, is used to conduct ?market research? to attract new clients.
Trojan horses are programs that claim to be something they are not. For
instance, a Trojan horse may advertise itself as an amusing animation clip, a screen saver, or a free software program that promises to do something cool or helpful. But Trojan horses also include unadvertised functions (if, in fact, the advertised function works at all). The most common goal of a Trojan horse is to install a back door on your computer or steal passwords. A back door lets attackers control your machine remotely. Some classes of spyware can be considered Trojan horses because they arrive under false pretenses. For instance, you may have downloaded a neat little screen saver with pretty butterflies on it that also happens to monitor
your Web-surfing habits or log your keystrokes.Trojan horses often rely on viruses, worms, andsocial engineering to get unsuspecting users to download them. The term Trojan horse has become shorthand for any program that resideson your computer and provides remote access to an unauthorized person or performs unwanted functions. Most anti-virus (AV) software and some anti-spyware software can detect Trojan horses.
Spyware, adware, and Trojan horses can?t replicate themselves. Thus, these categories of applications need other ways to spread. For instance, Trojan horses may be delivered as part of the payload of a worm or virus, includedas an e-mail attachment, or bundled with other software. Spyware and adware use similar techniques to spread, but they are most frequently downloaded as part of a ?free? file-sharing program or software utility or via drive-by downloads (in which you visit a Web site that installs the program without your permission).
Defining Spyware and Adware
While security risks such as spyware and adware can be seen as an extension of the virus problem, there are significant differences in how these programs are judged as desirable or undesirable and whether you want them on yourmachine.
Viruses, worms, and Trojan horses are always undesirable and should be automatically removed from a computer. Many types of programs classified as adware and spyware are also high-risk and can have a significant negative impact on computer performance or invade your privacy by transmitting personal information to a third party.
However, other adware programs are low-risk. They can deliver useful functionality such as games or utilities and have a relatively small impact on privacy and computer performance. Just as broadcast television programs are free because television companies earn revenue from advertising, many software programs are free to download because they too rely on advertising to generate income. Such software programs are called ad-supported programs. They include adware to deliver targeted ads. Some ad-supported software programs seek theuser?s consent
before installing adware; others do not. Still others operate in a gray area in which user consent is part of the ?fine print? of a software license agreement. We?ll examine these distinctions and what they mean to you more closely in subsequent sections.
The broad range of spyware and adware or potentially unwanted programs
can be divided into two general categories: high-risk or malicious programs and low-risk programs. Security researchers assign spywareand adware programs to one of these categories depending on how the programs are installed, what data they try to export from yourcomputer, what impact they have on your computer?s performance, and what you are led to understand about their operation and intent. When security researchers investigate a program?s behaviors to determine risk, they look at a number of key areas, including installation characteristics, stealth properties, privacy impact, integrity impact, performance impact, and ease
of removal:
Does the program impact system stability or slow down the network connection?
Does the program launch pop-up advertisements? If so, how frequently?
Does the program serve as a means of downloading and installing other security risks (such as additional spyware and/or adware Does the program replace the browser home page or alter search options or
behavior?
Does the program cause the release of confidential, sensitive information
such as bank account numbers and passwords?
Does the program cause the release of less-sensitive data such as tracking of Web-surfing habits?
Does the program have a privacy policy, and does its behavior match the
stated policy?
Does the program try to hide itself or avoid being uninstalled by the user,
including an unsolicited reinstallation and techniques to restart user terminated processes?
Does the program lack an uninstall feature or fail to register in the
Microsoft Windows Add or Remove Programs area?
Does the program install itself silently, with little or no indication to the
user?
Does the program lack a user interface?
Does the program conceal its processes or hidethem from the user using
an obscure name?
Is the user notified of the program?s presence only through an End User
License Agreement (EULA)? Does the EULA appear to relate to a different
program?
To qualify as high-risk or malicious spyware and adware, programs must have significant impact on system stability and/or performance or release confidential, sensitive information and/or exhibit stealth behaviors such as a silentinstallation, no user interface, and concealment of application processes. Examples of highrisk programs can include keystroke loggers, browser hijackers, and dialers.
(Table 5.1 describes these and other kinds of programs.) Malicious spyware is illegal and therefore is employed by criminals who want to steal from you. Malicious spyware gets installedon your computer through software vulnerabilities, worms and viruses, social engineering, and drive-by downloads.
Low-risk programs include many popular commercial adware or ad-assisted
programs. However, some adware generates multiple pop-up ads and performs other unwanted functions, like changing your home page, directing you to unfamiliar search engines, or installing toolbars in your Web browser that you didn?t
Spyware Definitions
Term Definition
Spyware Spyware is a general class of software programs that monitor computer activity and relay that information to other computers or
locations on the Internet. Among the information that may be
actively or passively gathered and transmitted by spyware are
passwords, log-in details, account numbers, personal information,
individual files, and personal documents. Spyware may also gather
and distribute information related to the user?scomputer, applications
running on the computer, Internet browser usage, and other
computing habits. Spyware is usually loaded onto a user?s computer
without the user?s knowledge and is created by underground
attackers or criminals.
Adware Adware is a type of advertising display technology?specifically,
executable applications whose primary purpose is to deliver advertising
content. Many adware applications also performtracking
functions and therefore may also be categorized as tracking technologies.
Consumers may want to remove adware if they object to
such tracking, do not want to see the advertising generated by the
program, or are frustrated by its effects on system performance.
Some users might want to keep particular adware programs if
their presence is a condition for the use of other free software.
Adware is created by commercial software companies rather than
criminals and is often bundled with popular freesoftware, such as
file-sharing programs. Some adware describes its functions in a
license agreement and provides uninstall options; other adware
may install itself without a user?s permission and thwart attempts
at removal.
Keystroke logger Keyloggers are tracking technologies that surreptitiously record (also known as a keylogger) keyboard activity. Keyloggers typically either store the recorded keystrokes for later retrieval or transmit them to the remote process or person employing the keylogger via e-mail. Keystroke loggers are used to steal passwords and other identity information.
Browser hijacker Browser hijackers reset your home page and redirect your browser to unwanted or unknown search engines or other Web sites. Some browser hijackers can prevent you from restoring your home page.
Browser hijackers work by deleting the entry for the home page
you?ve selected and inserting their own in a special file that your
computer consults (the hosts file). They also might intercept
search queries typed into a legitimate search engine and display
their own results.
Browser Helper Object (BHO) BHOs are companion applications for Microsoft Internet Explorer (IE) that run automatically whenever IE is launched. They are a form of state management tool. Many tracking technologies or advertising display technologies are implemented as BHOs. BHOs can search the Web pages a user visits and replace banner ads
generated by the Web server with targeted ads. BHOs can also
monitor and report on a user?s surfing behavior and may reset a
user?s home page. Note that not all BHOs are malicious; many
legitimate Web browser toolbars are BHOs.
Trojan horse Trojan horse software masquerades as an innocuous or useful program to trick a user into installing it. Once installed, the Trojan
horse engages in unwanted or unadvertised functions.
Remote Access/ RATs are executable applications designed to allow remote access Administration Tool (RAT) to or control of a system. They are a type of remote-control technology. Many legitimate uses of RATs do not pose security threats, but they can be used maliciously, especially when used by someone other than the computer?s legitimate owner or administrator. Dialer Dialers are programs that use a computer?s modem to make calls or access services. Users may want to remove dialers that can
result in unexpected phone numbers being dialed or unexpected telephone charges. Dialer is a colloquial term for dialing technologies.