How Spyware Works


Computer Security Image Gallery Spyware is malicious software that can hijack and cripple your computer. It has been known to masquerade as a prize-notification pop-up window, like the example above and is one method of online identity theft and virus spreading. See more computer security pictures.

Has your computer ever become so slow that you can fix yourself a snack in the time it takes your word processor to open? Perhaps spyware is to blame.

Spyware is a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your computer's processing power. They're designed to track your Internet habits, nag you with unwanted sales offers or generate traffic for their host Web site. According to some estimates, more than 80 percent of all personal computers are infected with some kind of spyware [source: FaceTime Communications]. But before you chuck your computer out the window and move to a desert island, you might want to read on. In this article we'll explain how spyware gets installed on your computer, what it does there and how you can get rid of it.

Some people mistake spyware for a computer virus. A computer virus is a piece of code designed to replicate itself as many times as possible, spreading from one host computer to any other computers connected to it. It usually has a payload that may damage your personal files or even your operating system.

­ Spyware, on the other hand, generally isn't designed to damage your computer. Spyware is defined broadly as any program that gets into your computer without your permission and hides in the background while it makes unwanted changes to your user experience. The damage it does is more a by-product of its main mission, which is to serve you targeted advertisements or make your browser display certain sites or search results.

At present, most spyware targets only the Windows operating system. Some of the more notorious spyware threats include Trymedia, Nuvens, Estalive, Hotbar and New.Net.Domain.Plugin [source: CA].

How Your Computer Gets Spyware

While it officially claims otherwise, Kazaa has been known to include spyware in its download package.
While it officially claims otherwise, Kazaa has been known to include spyware in its download package.
Courtesy © Sharman Networks 2002-2004 - All Rights Reserved.

Spyware usually ends up on your machine because of something you do, like clicking a button on a pop-up window, installing a software package or agreeing to add functionality to your Web browser. These applications often use trickery to get you to install them, from fake system alert messages to buttons that say "cancel" when they really install spyware.Here are some of the general ways in which spyware finds its way into your computer:

Internet Explorer security warning
Internet Explorer security warning
  • Drive-by download - This is when a Web site or pop-up window automatically tries to download and install spyware on your machine. The only warning you might get would be your browser's standard message telling you the name of the software and asking if it's okay to install it. If your security settings are set low enough, you won't even get the warning.
  • Piggybacked software installation - Some applications -- particularly peer-to-peer file-sharing clients -- will install spyware as a part of their standard installation procedure. If you don't read the installation list closely, you might not notice that you're getting more than the file-sharing application you want. This is especially true of the "free" versions that are advertised as alternatives to software you have to buy. As the old saying goes, there's no such thing as a free lunch.
  • Browser add-ons - These are pieces of software that add enhancements to your Web browser, like a toolbar, animated pal or additional search box. Sometimes, these really do what they say they'll do but also include elements of spyware as part of the deal. Or sometimes they are nothing more than thinly veiled spyware themselves. Particularly nasty add-ons are considered browser hijackers -- these embed themselves deeply in your machine and take quite a bit of work to get rid of.
  • Masquerading as anti-spyware -- This is one of the cruelest tricks in the book. This type of software convinces you that it's a tool to detect and remove spyware.

When you run the tool, it tells you your computer is clean while it installs additional spyware of its own.

What Spyware Can Do

Spyware can do any number of things once it's installed on your computer.

At a minimum, most spyware runs as an application in the background as soon as you start your computer up, hogging RAM and processor power. It can generate endless pop-up ads that make your Web browser so slow it becomes unusable. It can reset your browser's home page to display an ad every time you open it. Some spyware redirects your Web searches, controlling the results you see and making your search engine practically useless. It can also modify the dynamically linked libraries (DLLs) your computer uses to connect to the Internet, causing connectivity failures that are hard to diagnose. At its very worst, spyware can record the words you type, your Web browsing history, passwords and other private information.

Certain types of spyware can modify your Internet settings so that if you connect through dial-up service, your modem dials out to expensive, pay telephone numbers. Like a bad guest, some spyware changes your firewall settings, inviting in more unwanted pieces of software. There are even some forms that are smart enough to know when you try to remove them in the Windows registry and intercept your attempts to do so.

The point of all this from the spyware makers' perspective isn't always clear. One reason it's used is to pad advertisers' Web traffic statistics. If they can force your computer to show you tons of pop-up ads and fake search results, they can claim credit for displaying that ad to you over and over again. And each time you click the ad by accident, they can count that as someone expressing interest in the advertised product.

Another use of spyware is to steal affiliate credits. Major shopping sites like Amazon and eBay offer credit to a Web site that successfully directs traffic to their item pages. Certain spyware applications capture your requests to view sites like Amazon and eBay and then take the credit for sending you there.

Legality

­ So is it legal to install difficult-to-remove software without the user's permission? Not really. There's an increasing body of state legislation that explicitly bans spyware, including the Spyware Control Act in Utah and the Consumer Protection Against Computer Spyware Act in California. But even without these new state laws, federal law already prohibits spyware. The Computer Fraud and Abuse Act covers any unauthorized software installations. Deceptive trade practices of any kind also violate the Federal Trade Commission Act. Additionally, the Electronic Communications Privacy Act makes it unlawful for companies to violate the security of customers' personal information.

Just like anti-spam legislation, these spyware laws can be very difficult to enforce in practice, and the perpetrators know it. It can be tough to find hard evidence connecting individual companies to their spyware products, and, as with all Internet-related lawsuits, there are often battles over which court's jurisdiction applies to the case. Just because it's illegal doesn't mean it's easy to stop.

How can you protect yourself against spyware, and what can you do if you think you already have some on your computer? Here are a few suggestions.

Use a spyware scanner.

There are several applications you can turn to for trustworthy spyware detection and removal, including Ad-aware, Spybot and Microsoft AntiSpyware, which is currently in beta. All three are free for the personal edition. These work just like your anti-virus software and can provide active protection as well as detection. They will also detect Internet cookies and tell you which sites they refer back to.

Note - Once you know which spyware is on your computer, in some cases you'll need to seek specific instructions on how to remove it. Links to some of those instructions are listed in the "Spyware Help" box to the right, and more are included in the Lots More Information section at the end of this article. Here are a few more solutions:

Use a pop-up blocker.

Many of the current browsers, including Internet Explorer 6.0 and Mozilla Firefox 1.0, have the ability to block all Web sites from serving you pop-up windows. This function can be configured to be on all of the time or to alert you each time a site wants to pop up a new window. It can also tell you where the pop-up is coming from and selectively allow windows from trusted sources.

Disable Active-X.

Most browsers have security settings in their preferences which allow you to specify which actions Web sites are allowed to take on your machine. Since many spyware applications take advantage of a special code in Windows called Active-X, it's not a bad idea to simply disable Active-X on your browser. Note that if you do this, you will also disallow the legitimate uses for Active-X, which may interfere with the functionality of some Web sites.

Be suspicious of installing new software.

In general, it pays to be suspicious when a site asks to install something new on your computer. If it's not a plug-in you recognize, like Flash, QuickTime or the latest Java engine, the safest plan of action is to reject the installation of new components unless you have some specific reason to trust them. Today's Web sites are sophisticated enough that the vast majority of functionality happens inside your browser, requiring only a bare minimum of standard plug-ins. Besides, it never hurts to reject the installation first and see if you can get on without it. A trustworthy site will always give you the opportunity to go back and download a needed component later.

Use the "X" to close pop-up windows.

Get to know what your computer's system messages look like so that you can spot a fake. It's usually pretty easy to tell the difference once you get to know the standard look of your system alerts. Stay away from the "No thanks" buttons if you can help it, and instead close the window with the default "X" at the corner of the toolbar. For an even more reliable option, use the keystroke combination for "close window" built into your software. You can look in your browser's "File" menu to find it.

For more information on spyware, spyware removal and related topics, check out the links on the next page.

Related Articles

More Great Links

Sources

  • Spyware Guide http://www.spywareguide.com/
  • HowStuffWorks: How Computer Viruses Work
  • Forbes.com: Fighting Spyware For Profit http://www.forbes.com/technology/enterprisetech/2005/01/17/cx_ah_0117spysales.html
  • MercuryNews.com: When Spyware Hijacks Your PC http://www.mercurynews.com/mld/mercurynews/business/10664196.htm?1c
  • ZDNet.com: How to fix spyware http://news.zdnet.com/2100-1009_22-5535478.html
  • WindowsITPro: Spyware: An Evolving Threat http://www.winnetmag.net/SQLServer/Article/ArticleID/45091/45091.html
  • HeraldToday.com: Flaws plague spyware product http://www.bradenton.com/mld/bradenton/business/10650790.htm
  • PCWorld: First Look: Microsoft AntiSpyware http://www.pcworld.com/reviews/article/0,aid,119300,00.asp
  • InformationWeek: A Look At The Law: Can the government have an impact on spyware? http://www.informationweek.com/story/showArticle.jhtml?articleID=57701329