Spyware
Spyware is any malware that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means. This behavior may be present in other malware and in legitimate software. Websites may engage in spyware behaviors like web tracking. Hardware devices may also be affected.
Spyware is frequently associated with advertising and involves many of the same issues. Because these behaviors are so common, and can have non-harmful uses, providing a precise definition of spyware is a difficult task.
History
As personal computers and broadband connections became more common, the use of the internet for e-commerce transactions rose. Early retailers included book dealer Amazon.com and CD retailer CDNOW.com, which both were founded in 1994. As competition over customers intensified, some e-commerce companies turned to questionable methods to entice customers into completing transactions with them.The first recorded use of the term spyware occurred on October 16, 1995, in a Usenet post that poked fun at Microsoft's business model. Spyware at first denoted software meant for espionage purposes. However, in early 2000 the founder of Zone Labs, Gregor Freund, used the term in a press release for the ZoneAlarm Personal Firewall.
In early 2000, Steve Gibson formulated the first description of spyware after realizing software that stole his personal information had been installed on his computer.
Later in 2000, a parent using ZoneAlarm was alerted to the fact that Reader Rabbit, educational software marketed to children by the Mattel toy company, was surreptitiously sending data back to Mattel. Since then, "spyware" has taken on its present sense.
According to a 2005 study by AOL and the National Cyber-Security Alliance, 61 percent of surveyed users' computers were infected with some form of spyware. 92 percent of surveyed users with spyware reported that they did not know of its presence, and 91 percent reported that they had not given permission for the installation of the spyware.
, spyware has become one of the preeminent security threats to computer systems running Microsoft Windows operating systems. Computers on which Internet Explorer was the primary browser are particularly vulnerable to such attacks, not only because IE was the most widely used, but also because its tight integration with Windows allows spyware access to crucial parts of the operating system.
Before Internet Explorer 6 SP2 was released as part of Windows XP Service Pack 2, the browser would automatically display an installation window for any ActiveX component that a website wanted to install. The combination of user ignorance about these changes, and the assumption by Internet Explorer that all ActiveX components are benign, helped to spread spyware significantly. Many spyware components would also make use of exploits in JavaScript, Internet Explorer and Windows to install without user knowledge or permission.
The Windows Registry contains multiple sections where modification of key values allows software to be executed automatically when the operating system boots. Spyware can exploit this design to circumvent attempts at removal. The spyware typically links itself to each location in the registry that allows execution. Once running, the spyware will periodically check if any of these links are removed. If so, they will be automatically restored. This ensures that the spyware will execute when the operating system is booted, even if some of the registry links are removed.
Targeted advertisement
In the search for more effective advertising strategies, companies soon discovered the potential in ads that were targeted towards user interests. Once targeted advertising began to appear online, advertisers began to develop software that became known as spyware that collected users' personal interests through their browsing habits. Spyware brought along reduced system performance and security. The information gathered by spyware was used for constructing user profiles detailing what users could be persuaded to buy. The introduction of online advertisements opened up a new way of funding software development by having the software display advertisements to its users; software developers could offer their software "free of charge", since they were paid by the advertising agency. However, there is a distinction between "free of charge" and a "free gift", differences arising in the fact that a free gift is given without any expectations of future compensation, while something provided free of charge expects something in return. When downloading software described as "free of charge", users had no reason to suspect that it would report their Internet usage so that presented advertisements could be targeted towards their interests.Problems arose due to users not being informed about neither the occurrence nor the extent of such monitoring, and were not given a chance to decide on whether to participate or not. As advertisements became targeted, the borders between adware and spyware started to dissolve, it started to both monitor users and deliver targeted ads.
The arms-race between spyware vendors
As the chase for faster financial gains intensified, several competing advertisers turned to more nefarious methods in an attempt to stay ahead of their competitors. As a result, this created a gray area between conventional ads that people chose to see, such as ads from subscription services, ads pushed on users through "pop-ups" and downloaded ads displayed in a program itself.This practice pushed online advertising closer to the dark side of spam and other types of invasive, privacy compromising advertising. During this development, users experienced infections from unsolicited software that crashed their computers by accident, changed application settings, harvested personal information, and deteriorated their computer experience. Over time, these problems led to the introduction of countermeasures in the form of anti-spyware tools.
Anti-spyware has become a new area of online vending with fierce competition. These tools purported to clean computers from spyware, adware, and any other type of shady software located in that same gray area. This type of software can lead to false positives as some types of legitimate software came to be branded by some users as "Spyware" These tools were designed similarly to anti-malware tools, such as antivirus software. Anti-spyware tools identify programs using signatures. The process only works on known programs, which can lead to the false positives mentioned earlier and leave previously unknown spyware undetected. To further aggravate the situation, some shady companies distributed fake anti-spyware tools in their search for a larger piece of the online advertising market. These fake tools claimed to remove spyware, but instead installed their own share of adware and spyware on unsuspecting users' computers. Sometimes, this software would also remove adware and spyware from competing vendors.
New spyware programs are constantly being released in what seems to be a never-ending stream, although the increase has leveled out somewhat over the last few years. According to developers of anti-spyware programs, the fight against spyware is more complicated than the fight against viruses, trojan horses, and worms. There is still no consensus on a definition or classification system of spyware, which negatively affects the accuracy of anti-spyware tools resulting in some spyware programs being able to remain undetected on users' computers.
Overview
Spyware is mostly classified into four types: adware, system monitors, tracking including web tracking, and trojans; examples of other notorious types include digital rights management capabilities that "phone home", keyloggers, rootkits, and web beacons. These four categories are not mutually exclusive and they have similar tactics in attacking networks and devices. The main goal is to install, hack into the network, avoid being detected, and safely remove themselves from the network.Spyware is mostly used for the stealing information and storing Internet users' movements on the Web and serving up pop-up ads to Internet users. Whenever spyware is used for malicious purposes, its presence is typically hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users.
While the term spyware suggests software that monitors a user's computer, the functions of spyware can extend beyond simple monitoring. Spyware can collect almost any type of data, including personal information like internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with a user's control of a computer by installing additional software or redirecting web browsers. Some spyware can change computer settings, which can result in slow Internet connection speeds, un-authorized changes in browser settings, or changes to software settings.
Sometimes, spyware is included along with genuine software, and may come from a malicious website or may have been added to the intentional functionality of genuine software. In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices, especially for computers running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer.
In German-speaking countries, spyware used or made by the government is called govware by computer experts. Govware is typically a trojan horse software used to intercept communications from the target computer. Some countries, like Switzerland and Germany, have a legal framework governing the use of such software. In the US, the term "policeware" has been used for similar purposes.
Use of the term "spyware" has eventually declined as the practice of tracking users has been pushed ever further into the mainstream by major websites and data mining companies; these generally break no known laws and compel users to be tracked, not by fraudulent practices per se, but by the default settings created for users and the language of terms-of-service agreements.
In one documented example, on CBS/CNet News reported, on March 7, 2011, an analysis in The Wall Street Journal revealed the practice of Facebook and other websites of tracking users' browsing activity, which is linked to their identity, far beyond users' visits and activity on the Facebook site itself. The report stated: "Here's how it works. You go to Facebook, you log in, you spend some time there, and then... you move on without logging out. Let's say the next site you go to is The New York Times. Those buttons, without you clicking on them, have just reported back to Facebook and Twitter that you went there and also your identity within those accounts. Let's say you moved on to something like a site about depression. This one also has a tweet button, a Google widget, and those, too, can report back who you are and that you went there." The Wall Street Journal analysis was researched by Brian Kennish, founder of Disconnect, Inc.