By Will Sturgeon, 29 July 2004 14:40
OK, I've seen the Bond films, I know what spyware is. Pens that shoot deadly darts, cigarette lighters that explode, cufflinks that track supervillains... am I close?
You're a little way out. What we're talking about here are software applications that find their way onto users' machines for the purposes of, as the name suggests, spying on them.
"Find their way onto..." that sounds very covert.
It's not called spyware for nothing. Often these programmes do sneak in unnoticed, perhaps while a user is downloading a piece of free software.
And what are they doing?
We should approach this issue with caution. It's easy to get worked up about spyware, but there are a variety of reasons for it being there and a variety of roles it could be performing. At its mildest it is an irritant, exploited by almost all companies in one form or another for advertising.
How does that work?
Sometimes it's almost totally innocuous. Responsible sites that use it to track advertising are doing very little wrong, legally or morally, but others are being less scrupulous. You may wonder why you get pop-ups every time you visit certain sites, or why you get directed to certain web pages or search engines every now and again. It's likely such behaviour is a result of 'adware' - spyware's semi-legitimate cousin, if you want to think of it in such terms. These programmes will typically be placed on your machine when you download a piece of 'free' software. While the software is provided for free, the creator or distributor earns money by including a programme that directs you to advertisers' websites or content. Similarly it may even install a search bar or offer 'loyalty' points for online shopping with certain sites.
Is that all it does?
Not quite. The most contentious area is adware's ability to report back to its originator and share information about you with third parties.
And is this legal?
By and large, yes it is. There will most likely have been mention of these programmes somewhere in the terms and conditions - though you may have to scroll though hundreds of lines of small print to find them.
...and nobody bothers to do that?
Do you?
No.
Exactly, and that's what the people behind such programmes rely upon. I would advise caution whenever downloading free software. In general these days, software applications follow the 'lunch' rule, in that there's no such thing as a free one.
So that's it? Spyware is a marketing tool? Why all the fuss then? Nobody likes marketers, but is it really worth all the gnashing of teeth and the wailing?
Spyware has degrees of maliciousness. It doesn't all arrive on your machine through the grey areas of terms and conditions. It can be installed when you visit certain websites - often of an [ahem!] adult nature - unbeknownst to you and sometimes even unbeknownst to the site's owners. This type of software can also be passed covertly via peer-to-peer applications and email. There is growing concern that spammers and virus writers are finding ever more devious ways to install spyware on your machine.
Why? Well, spammers have a lot to gain from knowing more about you. Recent research revealed a growing trend whereby recipients of spam are getting apparently personalised emails, featuring home addresses, family members' names and even pet names in the 'from' and 'subject' fields. MessageLabs believes this is a result of spyware harvesting such information from users' machines.
And how would it do that?
Keystroke loggers installed on machines can keep track of commonly typed words and phrases.
What else can they record?
OK, be calm, but this is where fear can start setting in. Key loggers can record anything you type. This obviously includes user names and passwords and the spyware can report such details back to its originators, along with information about where and when they were used - raising concerns as to the safety of internet banking. A compromised machine can certainly report a lot of information about the user.
What can we do about this?
There are a vast number of applications available that will clean your system of spyware and adware.
And how do we get it?
Try visiting download.com - simply searching under 'spyware' should bring up hundreds of applications. A very popular one is Ad-aware and you'd certainly be surprised how much it finds on the hard drive of even the most cautious of web surfers.
How much does it cost? Good question. It's actually free - which I know raises a number of Catch 22-style questions about the statement I've already made regarding the downloading of free software, but there are plenty of packages out there. You may like to shop around, but it's worth noting that not all free software necessarily brings with it a host of spyware applications. Other spyware blockers and washers are free to try and a nominal fee to buy, but it is definitely worth having some defences in place.
Comments
There are 8 comments. Join the discussion
1. Robin Monks
This article dosn't mention that using an alternate browser like Firefox (www.getfirefox.com) can help with spyware by preventing some methods of installition (namely ActiveX and VisualBasic).
2. M Sperrin
Nice. Point people to a place where spyware authors pay download.com to make their fake spyware removing application sponsored links...
Don't get me wrong some of them are genuine but it’s a common tactic that’s been used now.
3. John Taylor
Spyware is an issue, particularly for corporates where the "freeware" options are not the best solution as they look for long-term development and support. Working with a number of software authors in the USA Tolerant Systems will shortly announce a centrally managed solution for corporates that is backed by a large and accomplished support and research organisation.
We expect to raise a press release within a week or so. www.tolerant.com
4. anonymous
Having read this article i checked for spyware etc on my PC and removed it all. Cleared out all temp folders then looked at this page again. checked for spyware again and found a Data Miner cookie.
Hmm
5. anonymous
It is ironic that you publish this article - yet your own website uses this technique!
(Ed note. There's no irony at all. We fully anticipated a number of readers highlighting this fact, but suggest you read the piece again, paying particular attention to the line:
"Sometimes it's almost totally innocuous. Responsible sites that use it to track advertising are doing very little wrong, legally or morally."
We would say we fall into the bracket of responsible sites doing nothing wrong legally or morally.)
6. Gary Smith
Interesting that free software is held out as the culprit here. I use nothing but free (GPL) software and I have never had a problem with Spyware.
(Ed note. Why not read the full article? If you had you'd have noticed it explained: "...it's worth noting that not all free software necessarily brings with it a host of spyware applications".)
7. Graham Dunne
Often Spyware/AV/Pop-up blocking tools offered via the web are spyware/malware themselves think Purity Scan etc. You could also have mentioned that Spy-Bot, Ad-Aware etc are free but donations help these guys continue to fight the good fight. All in all the article provided a very nice highlight of an overlooked issue given the current spam obsession and some answers on what the hell to do.
8. anonymous
a perfect, easy to understand article which points the way to further investigation if one so chooses. I like it. i will be forwarding this to a few people.
thanks