|
Spyware
Online Advertising
Spyware
Keystroke logging | AntiVirus Gold | Bonzi Buddy | C2.LOP | CoolWebSearch | HuntBar | Internet Optimizer | PSGuard | SpyAxe | SpyTrooper | WorldAntiSpy | XXXDial | Zango Messenger | Phone Home | Claria Corporation | Cydoor | New.net
Malicious websites may attempt to install spyware on readers' computers. In this
screenshot a spamblog has triggered a pop-up that offers spyware in the guise of a
security upgrade.In the field of
computing,
the term spyware refers to a broad category of
malicious software designed to intercept or take partial control of a computer's
operation without the informed consent of that machine's owner or legitimate user. While the term
taken literally suggests software that surreptitiously monitors the user, it has
come to refer more broadly to software that subverts the computer's operation
for the benefit of a third party.
Spyware differs from viruses and worms in that it does not usually
self-replicate. Like many recent viruses, however, spyware – by design – exploits infected
computers for commercial gain. Typical tactics furthering this goal include
delivery of unsolicited pop-up advertisements; theft of personal information (including financial
information such as
credit card numbers); monitoring of Web-browsing activity for
marketing
purposes; or routing of
HTTP requests to advertising sites.
As of 2005, spyware has become one of the pre-eminent security threats to
computer-systems running Microsoft Windows operating-systems (and especially to
users of Internet Explorer because of that browser's collaboration with the
Windows operating system). Some malware on the Linux and Mac OS X
platforms has behavior similar to Windows spyware, but to date has not become
anywhere near as widespread.
History and development
The first recorded use of the term spyware occurred on October 17,
1994 in a Usenet post that poked fun at Microsoft's business model. Spyware
later came to refer to espionage equipment such as tiny cameras. However, in
early 2000 the founder of Zone Labs, Gregor Freund, used the term in a press
release for the ZoneAlarm Personal Firewall.
[1] Since then, computer-users have
used the term in its current sense.
In early 2000,
Steve Gibson of Gibson Research realized that advertising software had been installed on his
system, and he suspected that the software was stealing his personal
information. After analyzing the software he determined that they were adware
components from the companies Aureate (later Radiate) and Conducent. He
eventually rescinded his claim that the ad software collected information
without the user's knowledge, but still chastised the ad companies for covertly
installing the spyware and making it difficult to remove.
As a result of his analysis in 2000, Gibson released the first anti-spyware
program, OptOut, and many more software-based antidotes have appeared since
then.
[1]
International Charter now offers software developers a Spyware-Free
Certification program.
[2]
According to a November 2004 study by
AOL and the National Cyber-Security Alliance, 80% of surveyed users' computers had some
form of spyware, with an average of 93 spyware components per computer. 89% of
surveyed users with spyware reported that they did not know of its presence, and
95% reported that they had not given permission for the installation of the
spyware.
[3]
Spyware, "adware", and tracking
The term
adware frequently refers to any software which displays advertisements,
whether or not it does so with the user's consent. Programs such as the Eudora
mail client display advertisements as an alternative to shareware
registration fees. These classify as "adware" in the sense of
advertising-supported software, but not as spyware. They do not operate
surreptitiously or mislead the user.
Many of the programs frequently classified as spyware function as adware
in a different sense: their chief observed behavior consists of displaying
advertising.
Claria Corporation's Gator Software and
Exact Advertising's BargainBuddy provide examples of this sort of program.
Visited Web sites frequently install Gator on client machines in a surreptitious
manner, and it directs revenue to the installing site and to Claria by
displaying advertisements to the user. The user experiences a large number of
pop-up advertisements.
Other spyware behaviors, such as reporting on websites the user visits,
frequently accompany the displaying of advertisements. Monitoring web activity
aims at building up a marketing profile on users in order to sell "targeted"
advertisement impressions. The prevalence of spyware has cast suspicion upon
other programs that track Web browsing, even for statistical or research
purposes. Some observers describe the Alexa Toolbar, an Internet Explorer
plug-in published by Amazon.com,
as spyware (and some anti-spyware programs report it as such) although many
users choose to install it.
Routes of infection
Spyware does not directly spread in the manner of a computer virus or worm:
generally, an infected system does not attempt to transmit the infection to
other computers. Instead, spyware gets on a system through deception of the user
or through exploitation of software vulnerabilities.
The most direct route by which spyware can infect a computer involves the
user installing it. However, users tend not to install software if they know
that it will disrupt their working environment and compromise their privacy. So
many spyware programs deceive the users, either by piggybacking on a piece of
desirable software, or by tricking the users to do something that installs the
software without them realizing. Recently, spyware has come to include "rogue
anti-spyware" programs, which masquerade as security software while
actually doing damage.
Classically, a
Trojan horse, by definition, smuggles in something dangerous in the guise of
something desirable. Some spyware programs get spread in just this manner. The
distributor of spyware presents the program as a useful utility — for instance
as a "Web accelerator" or as a helpful software agent. Users download and install the software without immediately
suspecting that it could cause harm. For example,
Bonzi
Buddy, a spyware program targeted at children, claims that:
- He will explore the Internet with you as your very own friend and
sidekick! He can talk, walk, joke, browse, search, e-mail, and download like
no other friend you've ever had! He even has the ability to compare prices
on the products you love and help you save money! Best of all, he's FREE!
[4]
-
The
BearShare file-trading program, "supported" by WhenU spyware. In order
to install BearShare, users must agree to install "the SAVE! bundle" from
WhenU. The installer provides only a tiny window in which to read the
lengthy license agreement. Although the installer claims otherwise, the
software transmits users' browsing activity to WhenU servers.
[5]
Spyware can also come bundled with shareware
or other downloadable software, as well as music CDs. The user downloads a
program (for instance, a music program or a file-trading utility) and installs
it, and the installer additionally installs the spyware. Although the desirable
software itself may do no harm, the bundled spyware does. In some cases, spyware
authors have paid shareware authors to bundle spyware with their software, as
with the Gator spyware now marketed by
Claria. In
other cases, spyware authors have repackaged desirable free software with
installers that add spyware.
A third way of distributing spyware involves tricking users by manipulating
security features designed to prevent unwanted installations. The
Internet Explorer Web browser, by design, prevents websites from initiating
an unwanted download. Instead, a user action (such as clicking on a link) must
normally trigger a download. However, links can prove deceptive: for instance, a
pop-up ad
may appear like a standard Windows
dialog box.
The box contains a message such as "Would you like to optimize your Internet
access?" with links which look like buttons reading Yes and No. No
matter which "button" the user presses, a download starts, placing the spyware
on the user's system. Later versions of Internet Explorer offer fewer avenues
for this attack.
Some spyware authors infect a system by attacking security holes in the Web
browser or in other software. When the user navigates to a Web page controlled
by the spyware author, the page contains code which attacks the browser and
forces the download and install of spyware. The spyware author would also have
some extensive knowledge of commercially-available anti-virus and firewall
software. This has become known as a "drive-by download", which leaves the user
a hapless bystander to the attack. Common browser exploits target security
vulnerabilities in Internet Explorer and in the Microsoft Java runtime.
The installation of spyware frequently involves Microsoft's Internet
Explorer. As the most popular Web browser, and with an unfortunate history of
security issues, it has become the largest target. Its deep integration with the
Windows environment and its scriptability make it an obvious point of attack
into Microsoft Windows operating systems. Internet Explorer also serves as a
point of attachment for spyware in the form of
browser helper objects, which modify the browser's behavior to add toolbars
or to redirect traffic.
In a few cases, a
worm or virus has delivered a payload of spyware. For instance, some attackers used
the W32.Spybot.Worm worm to install spyware that popped up pornographic ads on
the infected system's screen.
[6] By directing traffic to ads set up to
channel funds to the spyware authors, they can profit even by such clearly
illegal behavior.
Effects and behaviors
Many Internet Explorer add-on toolbars monitor the user's activity. When
installed and run without the user's consent, such add-ons count as spyware.
Here multiple toolbars (including both spyware and innocuous ones) overwhelm an
Internet Explorer session.
A piece of spyware rarely "lives" alone: an affected computer can rapidly
become infected with large numbers of spyware components. Users frequently
notice unwanted behavior and degradation of system performance. A spyware
infestation can create significant unwanted CPU activity, disk usage, and
network traffic—slowing down legitimate uses of these resources. Stability
issues—application or system crashes—are also common. Spyware which interferes
with the networking software commonly causes difficulty connecting to the
Internet.
When Microsoft Windows users seek
technical support—whether from computer manufacturers, Internet service
providers, or other sources—spyware infection emerges as the most common cause.
In many cases, the user has no awareness of spyware and assumes that the system
performance, stability, and/or connectivity issues relate to hardware, to
Microsoft Windows installation problems, or to a virus. Some owners of badly
infected systems resort to buying an entire new computer system because the
existing system "has become too slow". Badly infected systems may require a
clean reinstall of all their software in order to restore the system to working
order. This can become a time-consuming task, even for experienced users.
Only rarely does a single piece of software render a computer unusable.
Rather, a computer rarely has only one infection. As the 2004 AOL study noted,
if a computer has any spyware at all, it typically has dozens of different
pieces installed. The cumulative effect, and the interactions between spyware
components, typically cause the stereotypical symptoms reported by users: a
computer which slows to a crawl, overwhelmed by the many parasitic processes
running on it. Moreover, some types of spyware disable software firewalls and
anti-virus software, and/or reduce browser security settings, thus opening the
system to further opportunistic infections, much like an immune deficiency disease. Documented cases have also occurred where a spyware program disabled other spyware programs installed by its competitors.
Some other types of spyware (Targetsoft, for example) modify system files to
make themselves harder to remove. (Targetsoft modifies the "Winsock"
Windows Sockets files. The deletion of the spyware-infected file "inetadpt.dll"
will interrupt normal networking usage.) Unlike users of many other operating
systems, a typical Windows user has administrator-level privileges on the
system, mostly for the sake of convenience. Because of this, any program which
the user runs (intentionally or not) has unrestricted access to the system.
Spyware, along with other threats, has led some Windows users to move to other
platforms such as Linux or Apple Macintosh, which such malware targets far less frequently.
Advertisements
Many spyware programs reveal themselves visibly by displaying advertisements.
Some programs simply display
pop-up ads
on a regular basis—for instance, one every several minutes, or one when the user
opens a new browser window. Others display ads in response to specific sites
that the user visits. Spyware operators present this feature as desirable to
advertisers, who may buy ad placement in pop-ups displayed when the user visits
a particular site. It is also one of the purposes for which spyware programs
gather information on user behavior.
Pop-up advertisements lead to some of users' most common complaints about
spyware. A computer can become overwhelmed downloading or displaying ads. An
infected computer rarely has only one spyware component installed—they more
often number in the dozens
[3]—and so while a single program
might display ads only infrequently, the cumulative effect becomes overwhelming.
Many users complain about irritating or offensive advertisements as well. As
with many
banner ads, many spyware advertisements use animation or flickering banners
designed to catch the eye—thus they become highly visually distracting. Pop-up
ads for
pornography often display indiscriminately, including when children use the
computer—possibly in violation of anti-pornography laws.
A further issue in the case of some spyware programs has to do with the
replacement of banner ads on viewed web sites. Spyware that acts as a web proxy
or a Browser Helper Object can replace references to a site's own advertisements
(which fund the site) with advertisements that instead fund the spyware
operator. This cuts into the margins of advertising-funded Web sites.
"Stealware" and affiliate fraud
A few spyware vendors, notably
WhenU and
180
Solutions, have written what the New York Times has dubbed "stealware",
and what spyware-researcher Ben Edelman terms affiliate fraud, also known
as click
fraud. These redirect the payment of affiliate marketing revenues from the
legitimate affiliate to the spyware vendor.
Affiliate marketing networks work by tracking users who follow an
advertisement from an "affiliate" and subsequently purchase something from the
advertised Web site.
Online merchants such as eBay and Dell
are among the larger companies which use affiliate marketing. In order for
affiliate marketing to work, the affiliate places a tag such as a cookie or a
session variable on the user's request, which the merchant associates with any
purchases made. The affiliate then receives a small commission.
Spyware which attacks
affiliate networks does so by placing the spyware operator's affiliate tag
on the user's activity—replacing any other tag, if there is one. This harms just
about everyone involved in the transaction other than the spyware operator. The
user is harmed by having their choices thwarted. A legitimate affiliate is
harmed by having their earned income redirected to the spyware operator.
Affiliate marketing networks are harmed by the degradation of their reputation.
Vendors are harmed by having to pay out affiliate revenues to an "affiliate" who
did not earn them according to contract.
[1]
Affiliate fraud is a violation of the
terms of service of most affiliate marketing networks. As a result, spyware
operators such as WhenU and 180 Solutions have been terminated from affiliate
networks including LinkShare and ShareSale.
Identity theft and fraud
One case has closely associated spyware with
identity theft.
[7] In August 2005, researchers from security software firm Sunbelt
Software believed that the makers of the common
CoolWebSearch spyware had used it to transmit "chat sessions, user names,
passwords, bank information, etc."
[2], but it turned out that "it actually is its own sophisticated criminal
little trojan that’s independent of CWS."
[3] This case is currently under investigation by the
FBI.
Spyware has pricipally become associated with identity theft in that keyloggers
get routinely packaged within spyware. John Bambenek, who researches information
security, estimates that identity-thieves have stolen over $24 billion US
dollars worth of account information in the United States alone
[4] .
Spyware-makers may perpetrate another sort of fraud with
dialer
program spyware: wire fraud. Dialers cause a computer with a modem to dial up a
long-distance telephone number instead of the usual ISP. Connecting to the
number in question involves long-distance or overseas charges, this can result
in massive telephone bills, which the user must either pay or contest with the
telephone company. Dialers are somewhat less effective today, now that fewer
Internet users use dialup modems.
Digital rights management
Some copy-protection schemes, while they do serve the purpose of attempting
to prevent piracy, also behave similarly to spyware programs. Some digital
rights management technologies (such as Sony's XCP) actually use trojan-horse tactics to verify a user as the rightful owner of the
media in question.
Spyware and cookies
Anti-spyware programs often report Web advertisers' HTTP
cookies as spyware. Web sites (including advertisers) set cookies — small
pieces of data rather than software—to track Web-browsing activity: for instance
to maintain a "shopping cart" for an online store or to maintain consistent user
settings on a search engine.
Only the Web site that sets a cookie can access it. In the case of cookies
associated with advertisements, the user generally does not intend to visit the
Web site which sets the cookies, but gets redirected to a cookie-setting
third-party site referenced by a
banner ad
image. Some Web browsers and privacy tools offer to reject cookies from sites
other than the one that the user requested.
Advertisers use cookies to track people's browsing among various sites
carrying ads from the same firm and thus to build up a marketing profile of the
person or family using the computer. For this reason many users object to such
cookies, and anti-spyware programs offer to remove them.
Typical examples of spyware
A few examples of common spyware programs may serve to illustrate the
diversity of behaviors found in these attacks.
Caveat: As with computer viruses, researchers give names to spyware
programs which frequently do not relate to any names that the spyware-writers
use. Researchers may group programs into "families" based not on shared program
code, but on common behaviors, or by "following the money" or apparent financial
or business connections. For instance, a number of the spyware programs
distributed by Claria are collectively known as "Gator". Likewise, programs which are
frequently installed together may be described as parts of the same spyware
package, even if they function separately.
-
CoolWebSearch, a group of programs, installs through the
exploitation of Internet Explorer vulnerabilities. The programs direct
traffic to advertisements on Web sites including coolwebsearch.com.
To this end, they display pop-up ads, rewrite
search engine results, and alter the infected computer's hosts file to
direct DNS lookups to these sites.
[8]
-
Internet Optimizer, also known as DyFuCa, redirects Internet
Explorer error pages to advertising. When users follow a broken link or
enter an erroneous URL, they see a page of advertisements. However, because
password-protected Web sites (HTTP Basic authentication) use the same
mechanism as HTTP errors, Internet Optimizer makes it impossible for the
user to access password-protected sites.
[8]
-
180 Solutions transmits extensive information to advertisers about
the Web sites which users visit. It also alters HTTP requests for
affiliate advertisements linked from a Web site, so that the
advertisements make unearned profit for the 180 Solutions company. It opens
pop-up ads that cover over the Web sites of competing companies.
[5]
- HuntBar, aka WinTools or
Adware.Websearch, is a small family of spyware programs distributed
by
Traffic Syndicate.
[8] It is installed by ActiveX
drive-by download at affiliate Web sites, or by advertisements displayed by
other spyware programs—an example of how spyware can install more spyware.
These programs add toolbars to Internet Explorer, track Web browsing
behavior, redirect affiliate references, and display advertisements.
User consent and legality
Gaining unauthorized access to a computer is illegal, under
computer crime laws such as the United States Computer Fraud and Abuse Act. Since the owners of computers infected with spyware generally claim that they never authorized the installation, a
prima
facie reading would suggest that the promulgation of spyware would count
as a criminal act. Law enforcement has often pursued the authors of other
malware programs, such as viruses. Nonetheless, few prosecutions of writers of
spyware have occurred, and many such producers operate openly as aboveboard
businesses. Some have, however, faced lawsuits.
Spyware producers primarily argue in defense of the legality of their acts
that, contrary to the users' claims, users do in fact give consent to the
installation of their spyware. Spyware that comes bundled with shareware
applications may appear, for instance, described in the legalese text of an
end-user license agreement (EULA). Many users habitually ignore these
purported contracts, but spyware companies such as Claria claim that these
demonstrate that users have consented to the installation of their software.
Despite the ubiquity of EULAs and of
clickwrap
agreements, relatively little case law has resulted from their use. It has been
established in most
common law jurisdictions that a clickwrap agreements can be a binding contract
in certain circumstances. This does not however mean that every clickwrap
agreement is a contract or that every term in a clickwrap contract is enforceable. It seems
highly likely that many of the purported contract terms presented in clickwrap
agreements would be dismissed in most jurisdictions as being contrary to public
policy. Many spyware clickwrap agreements appear intentionally ambiguous and
excessive in length, with key contract terms made inconspicuous. These are all
grounds on which similar agreements have been rejected as contracts of adhesion.
Nor can a contract possibly exist in the case of spyware installed by
surreptitious means, such as in a drive-by download where the user receives no
opportunity to either agree to or refuse the contract terms.
Some jurisdictions, including the U.S. states of
Iowa
[6] and
Washington
[7], have passed laws criminalizing some forms of spyware. Such laws make it
illegal for anyone other than the owner or operator of a computer to install
software that alters Web-browser settings, monitors keystrokes, or disables
computer-security software.
New York Attorney General Eliot Spitzer has pursued spyware companies for
fraudulent installation of software. [9] In a suit brought in 2005 by Spitzer,
the California firm Intermix Media, Inc. ended up settling by agreeing to pay $7.5 million and
to stop distributing spyware. Intermix's spyware spread via drive-by download,
and deliberately installed itself in ways that made it difficult to remove.
[10]
Another spyware behavior has attracted lawsuits: the replacement of Web
advertisements. In June 2002, a number of large Web publishers sued
Claria for
replacing advertisements, but settled out of court. Other spyware apart from
Claria's also replaces advertisements, thus diverting revenue from the
ad-bearing Web site to the spyware author.
One legal issue not yet pursued involves whether courts can hold advertisers
responsible for spyware which displays their ads. In many cases, the companies
whose advertisements appear in spyware pop-ups do not directly do business with
the spyware firm. Rather, the advertised company contracts with an
advertising agency, which in turn contracts with an online subcontractor who
gets paid by the number of "impressions" or appearances of the advertisement.
Some major firms such as
Dell Computer and Mercedes-Benz have "fired" advertising agencies which have run their ads in spyware. [11]
In a sort of turnabout, a few spyware companies have threatened websites
which have posted descriptions of their products. In 2003, Gator (now known as
Claria) filed suit against the website
PC Pitstop for describing the Gator program as "spyware".
[12] PC
Pitstop settled, agreeing not to use the word "spyware", but continues to
publish descriptions of the harmful behavior of the Gator/Claria software.
[8]
Remedies and prevention
As the spyware threat has worsened, a number of techniques have emerged to
counteract it. These include programs designed to remove or to block spyware, as
well as various user practices which reduce the chance of getting spyware on a
system.
Nonetheless, spyware remains a costly problem. When a large number of pieces
of spyware have infected a Windows computer, the only remedy may involve backing
up user data, and fully reinstalling the operating system.
Anti-spyware programs
Lavasoft's
Ad-Aware, one of a few reliable commercial anti-spyware programs, scans the
hard drive of a clean Windows XP system.
Many programmers and some commercial firms have released products designed to
remove or block spyware. Steve Gibson's OptOut, mentioned above,
pioneered a growing category. Programs such as Lavasoft's
Ad-Aware
SE and Patrick Kolla's
Spybot - Search & Destroy rapidly gained popularity as effective tools
to remove, and in some cases intercept, spyware programs. More recently Microsoft
acquired the
GIANT Anti-Spyware software, rebadging it as
Windows AntiSpyware beta and releasing it as a free download for
Windows XP, Windows 2000, and Windows 2003 users. In early spring, 2006,
Microsoft renamed the beta software to as "Windows Defender", currently "beta
2." The renamed software for now exists as a time-limited beta test product that
will expire (beta 1 in July 2006, and beta 2 in December, 2006). Microsoft has
also announced that the product will ship (for free) with Windows Vista. Other
well-known anti-spyware products include Webroot Spy Sweeper, PC Tools' Spyware
Doctor, ParetoLogic's XoftSpy, and Sunbelt's CounterSpy (which uses a forked
codebase from the GIANT Anti-Spyware product).
Major anti-virus firms such as
Symantec, McAfee and Sophos have
come later to the table, adding anti-spyware features to their existing
anti-virus products. Early on, anti-virus firms expressed reluctance to add
anti-spyware functions, citing lawsuits brought by spyware authors against the
authors of web sites and programs which described their products as "spyware".
However, recent versions of these major firms' home and business anti-virus
products do include anti-spyware functions, albeit treated differently from
viruses. Symantec Anti-Virus, for instance, categorizes spyware programs as
"extended threats" and now offers real-time protection from them (as it does for
viruses).
Real-time protection blocks spyware in the process of installing itself. Here,
Windows AntiSpyware blocks an instance of the AlwaysUpdateNews spyware.
Anti-spyware programs can combat spyware in two ways:
- real-time protection, which prevents the installation of spyware
- detection and removal of spyware.
Writers of anti-spyware programs usually find detection and removal simpler,
and many more programs have become available which do so. Such programs inspect
the contents of the Windows registry, the operating system files, and installed
programs, and remove files and entries which match a list of known spyware
components. Real-time protection from spyware works identically to real-time
anti-virus protection: the software scans incoming network data and disk files
at download time, and blocks the activity of components known to represent
spyware. In some cases, it may also intercept attempts to install start-up items
or to modify browser settings.
Earlier versions of anti-spyware programs focused chiefly on detection and
removal. Javacool Software's SpywareBlaster, one of the first to offer real-time
protection, blocked the installation of ActiveX-based and other spyware programs. To date, other programs such as
Ad-Aware and Windows AntiSpyware now combine the two approaches, while
SpywareBlaster remains focused on real-time protection.
Like most anti-virus software, many anti-spyware/adware tools require a
frequently-updated database of threats. As new spyware programs are released,
anti-spyware developers discover and evaluate them, making "signatures" or
"definitions" which allow the software to detect and remove the spyware. As a
result, anti-spyware software is of limited usefulness without a regular source
of updates. Some vendors provide a subscription-based update service, while
others provide updates gratis. Updates may be installed automatically on a
schedule or before doing a scan, or may be done manually. Not all programs rely
on updated definitions. Some programs rely partly (for instance Windows
Defender) or entirely (BillP's
WinPatrol, and certainly others) on historical observation. They watch
certain configuration parameters (such as the Windows registry or browser
configuration) and report any change to the user, without judgment or
recomendation. Their chief advantage is that they do not rely on updated
definitions. Even with a subscription, a "critical mass" of other users have to
have, and report a problem before the new definition is characterized and
propagated. The disadvantage is that they can offer no guidance. The user is
left to determine "what did I just do, and is this configuration change
appropriate?"
If a spyware program is not blocked and manages to get itself installed, it
may resist attempts to terminate or uninstall it. Some programs work in pairs:
when an anti-spyware scanner (or the user) terminates one running process, the
other one respawns the killed program. Likewise, some spyware will detect
attempts to remove registry keys and immediately add them again. Usually,
booting the infected computer in safe mode
allows an anti-spyware program a better chance of removing persistent spyware.
Malicious programmers have released a large number of fake anti-spyware
programs, and widely distributed Web
banner ads
now spuriously warn users that their computers have been infected with spyware,
directing them to purchase programs which do not actually remove spyware — or
worse, may add more spyware of their own.
[13]
[14]
The
recent proliferation of fake or spoofed antivirus products has occasioned
some concern. Such products often bill themselves as antispyware, antivirus, or
registry cleaners, and sometimes feature popups prompting users to install them.
Known offenders include:
On 2006-01-26, Microsoft
and the Washington state attorney general filed suit against Secure Computer for
its Spyware Cleaner product.
[9]
Virtual Machines
Using a
virtual machine (such as a pre-built Browser Appliance for VMWare Player)
can inhibit infection by spyware, malware, and viruses. Virtual machines provide
seperate environments, so if spyware enters the virtual environment, the host
computer remains unaffected. One can also use snapshots to remove one's private
information, transporting the snapshot of the VM.
This environment resembles a
sandbox. It has drawbacks in that it uses more memory (compared to a
standalone browser) and it uses a lot of disk space.
Security practices
To deter spyware, computer users have found a number of techniques useful in
addition to installing anti-spyware software.
Many system operators install a
web browser other than Microsoft's Internet Explorer (IE), such as Opera or
Mozilla Firefox - though such web browsers have also suffered from some
security vulnerabilities. Not a single browser ranks as safe, because in the
case of spyware the security comes with the person who uses the browser.
Some Internet Service Providers — particularly colleges and universities —
have taken a different approach to blocking spyware: they use their network
firewalls and web proxies to block access to Web sites known to install spyware.
On March 31, 2005, Cornell University's Information Technology department released a report
detailing the behavior of one particular piece of proxy-based spyware,
Marketscore, and the steps the university took to intercept it.
[15]
Many other educational institutions have taken similar steps against Marketscore
and other spyware. Spyware programs which redirect network traffic cause greater
technical-support problems than programs which merely display ads or monitor
users' behavior, and so may attract institutional attention more readily.
Spyware may get installed via certain shareware
programs offered for download. Downloading programs only from reputable sources
can provide some protection from this source of attack. One site,
CleanSoftware.org, founded as an alternative to other popular Windows
software sites, offers only software verified not to contain "nasties" such as
spyware. Recently,
C|Net revamped its download directory: it has stated that it will only keep
files that pass inspection by Ad-Aware and Spyware Doctor.
Notable programs distributed with spyware
- Bearshare
[16]
-
Bonzi Buddy
[17]
-
DAEMON Tools (only if you agree to install their "sponsor" program)
[18]
- DivX
(except for the paid version, and the "standard" version without the
encoder). DivX announced removal of GAIN software from version 5.2.
[19]
- Dope
Wars [20]
- ErrorGuard
[21]
- FlashGet (free version)
[22]
- Grokster
[23]
- Kazaa
[24]
- Morpheus
[25]
- RadLight
[26]
- WeatherBug
[27]
Sony's Extended Copy Protection involved the installation of spyware from
audio compact discs through autorun. This practice sparked considerable
controversy when it was discovered.
Notable programs formerly distributed with spyware
-
AOL Instant Messenger
[28] (AOL Instant Messenger
still packages Viewpoint Media Player)
- EDonkey2000
[25]
- LimeWire (all free Windows versions up to 3.9.3)
[25]
- WildTangent
[28]
See also
References
- ↑ a b
Wienbar, Sharon. "The
Spyware Inferno". News.com. August 13, 2004.
- ↑ "Spyware
Certification". International Charter. Retrieved July 10, 2005.
- ↑ a b
"AOL/NCSA
Online Safety Study". America Online & The National Cyber
Security Alliance. October 2004.
- ↑ Bonzi.com.
http://www.bonzi.com/bonzibuddy/bonzimail.asp. Retrieved July 10, 2005.
- ↑ Edelman, Ben (2005). "WhenU
Violates Own Privacy Policy", Retrieved July 14, 2005.
- ↑ "Security
Response: W32.Spybot.Worm". Symantec.com. Retrieved July 10,
2005.
- ↑ Ecker, Clint (2005).
Massive spyware-based identity theft ring uncovered. August 5, 2005.
- ↑ a b c
"Parasite
information database". Doxdesk.com. Retrieved July 10, 2005.
- ↑ "State
Sues Major "Spyware" Distributor". Office of New York State Attorney
General. April 28, 2005.
- ↑ Gormley, Michael. "Intermix
Media Inc. says it is settling spyware lawsuit with N.Y. attorney general".
Yahoo!
News. June 15, 2005.
- ↑ Gormley, Michael. "Major
advertisers caught in spyware net".
Business Week. June 24, 2005.
- ↑ Festa, Paul. "See
you later, anti-Gators?". News.com. October 22, 2003.
- ↑ Roberts, Paul F. "Spyware-Removal
Program Tagged as a Trap".
eWeek.
May 26, 2005.
- ↑ Howes, Eric L. "The
Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites".
Retrieved July 10, 2005.
- ↑ Schuster, Steve. "Blocking
Marketscore: Why Cornell Did It". Cornell University, Office of
Information Technologies. March 31, 2005.
- ↑ "WhenU
Awareness, One Year Later". PC Pitstop. Retrieved July 27, 2005.
- ↑ "Symantec
Security Response - Adware.Bonzi". Symantec. Retrieved July 27,
2005.
- ↑ "WhenU
Daemon Tools SearchBar License Agreement". WhenU.com, Inc.
Retrieved February 27, 2006.
- ↑ "How
Did I Get Gator?". PC Pitstop. Retrieved July 27, 2005.
- ↑ Edelman, Ben (2005).
"Claria's
Misleading Installation Methods - Dope Wars". Retrieved July 27, 2005
- ↑ "eTrust
Spyware Encyclopedia - ErrorGuard". Computer Associates.
Retrieved July 27, 2005.
- ↑ "eTrust
Spyware Encyclopedia - FlashGet". Computer Associates. Retrieved
July 27, 2005
- ↑ Edelman, Ben (2004).
"Grokster
and Claria Take Licenses to New Lows, and Congress Lets Them Do It".
Retrieved July 27, 2005
- ↑ Edelman, Ben (2004).
"Claria
License Agreement Is Fifty Six Pages Long". Retrieved July 27, 2005.
- ↑ a b c
Edelman, Ben (2005). "Comparison
of Unwanted Software Installed by P2P Programs". Retrieved July 27,
2005.
- ↑ "eTrust
Spyware Encyclopedia - Radlight 3 PRO". Computer Associates.
Retrieved July 27, 2005
- ↑ "doxdesk.com:
database: WeatherBug". Doxdesk.com. Retrieved July 27, 2005.
- ↑
a b
"WildTangent".
Sunbelt Software. Retrieved July 27, 2005.
External links
Guides
Prevention
Organizations
-
Anti-Spyware Coalition — A group developing formal definitions and
best-practices
-
StopBadware.org - A non-profit group (sponsored by Google, Lenovo, and
Sun) that aims to provide "reliable, objective information about
downloadable applications".
Software
Home | Advertising | Search engine optimization | Spam | Spyware | Adware | Online marketing | Affiliate marketing | e-Mail marketing | Telemarketing | License
Online Advertising, made by MultiMedia | Free content and software
This guide is licensed under the GNU
Free Documentation License. It uses material from the Wikipedia.
| |