Detox-Comic

Spyware

Software today comes in mainly two flavours. First you have commercial releases which are available in nice colourful boxes with manuals. Secondly there is the freely distributable kind available from the public domain in the form of freeware/shareware. The latter tends not to make as much money as the former.

One way a programmer can make money from their hard work (other than relying on user registration) is to make a deal with an advertising company and to embed advertising software, 'Adware' into their software. This Adware is usually in the form of displaying of banner adverts within the software itself. Of course by registering your software with the programmer for a small fee you can get the adware-free or 'lite' version.

Most users are happy to put up with these annoying adverts in exchange for the free use of some useful software. Some adware is so simple that you can even remove it yourself by deleting a few files without affecting the main program in any way.

Software programmers can also make money embedding another type of software in their releases, Spyware. Whereas Adware is produced by advertising companies, media companies that would like to track users surfing habits produce Spyware.

What exactly is Spyware?

Spyware originally was stealth software developed by various companies to track user habits. This stealthware was sold to various companies for all sorts of uses from market research to employee monitoring. You would install your stealthware package as an administrator and configure it to monitor whatever was of interest to you. This could be anything from web sites visited (when, how often, and is it during their break/work time?), what software they are running on their computer (did they install it themselves?) or simple monitoring like key presses (are they working or being lazy? are they spending all day emailing?).

It's obvious that this type of software has many potential uses and not just for large companies that may wish to monitor their employees. Stealthware has also been developed for the home market. It's sold to parents to monitor what their children are up to. With all the paranoia in the media about how unsafe the internet is and the fact that a parent does not have the time to monitor their child's surfing activities 24/7, it is not surprising that sellers of stealthware are making lots of money. Their software allows the parent to log on to their computer and review the stealthware log to see just what junior has been up to. If he has been visiting Playboy.com then he is one grounded little boy.

Not all stealthware companies sell their software. Some sell the data that it gathers.

The data that these companies sell is pretty vast. Imagine being able to shoulder surf thousands of users across the globe. What information would you want to collect? Which sites they visit? How much they spend at each site and how often? Which methods of payment they use? What sort of computer are they using and what software is installed on it?

Now imagine that you are a company and you have a product to sell. You want to do market research but it can be expensive right? Why not pay someone a fee for the information?

Ok so Spyware is stealthware that is used by various companies to gather data from internet connected computers, covertly.

How does Spyware work?

Going back to the example of the freeware programmer needing to make some money from his software. He can be paid by an Adware company to embed their banner adverts in his software (if his software is popular of course) or he can be paid by a market research/user tracking company to embed their Spyware in his software.

You are probably thinking that you'd notice if Spyware were about to be installed on your computer because the installer for the software would tell you right? Wrong. The Spyware I have encountered came with software that did not even have a user agreement that requested you to click on 'Accept' before installing. Those that do have a user agreement either do not mention that they contain Spyware or say something like "this software contains a news notification client". What the hell does that mean?

Is it ok to just leave it on my computer?

Ok, so for some reason Spyware is on your computer. Is it ok to just leave it there? That's really up to you. From this article so far I've explained what Spyware is and does. Here is a summary:

  • It installs itself on your computer as part of another programs installation procedure, with little to no warning to you that it is doing so.
  • It usually has no seperate uninstall functionality and can be left behind when you uninstall its host software.
  • It is collecting data about you and your computer and how you are using it without your permission.
  • It is sending this data to a third party across the internet using your internet connection and bandwidth.
  • It is using your processor time to run and can reduce your computer performance.
  • Badly written Spyware can cause corruption to your system or software crashes.
  • It runs even if you are not using the software that it originally came with, even after that software has since been uninstalled.
  • It can be expensive if you are on a dial-up connection and software is downloading adverts and uploading data.

So do you want to leave it on your computer?

How to remove Spyware

Removing Spyware is no easy task. Not only are there files all over your hard drive, there are a lot of registry entries as well to remove. Instead of doing it manually I recommend using a good anti-spyware tool. Using a decent anti-spyware tool feels so much like using anti-virus software (a lot of people think Spyware should be classified as a type of virus) that you should have no trouble getting into the habit of running it once a week and updating your definition files.

Protecting yourself from Spyware and Adware

The following is a collection of tips aimed at protecting yourself from Spyware that I have found useful:

  • Scan your system weekly using a good anti-Spyware tool like Lavasoft's Ad-aware
  • Use a good firewall. They will not stop Spyware being installed on your computer but they will notify you if it tries to access the internet to transmit the data it has collected.
  • If you are not on a LAN that requires you to message other users with pop-ups (who is?) then you should really stop a process called Messenger Service on your PC. (Not related to Windows Messenger). To see if it is running on your machine, open up a command prompt window and type net send 127.0.0.1 Hello. Do you get a pop-up? If yes then Messenger Service is running. To stop it in XP go to your Control Panel and then Performance and Maintenance. Click on Administrative Tools then Services. Find Messenger Service and double-click it. Select stop and change Startup Type to Disabled. Type net send 127.0.0.1 Hello again in a command prompt window to check that it is no longer running.
  • Use software designed to stop pop-ups and prevent browser hijacks from occurring.
  • Use Windows Update once a week to patch any security holes in your operating system that have been recently identified as possible sources of intrusions by malicious software (malware).
  • Create restore points before you install new software so you can roll back if an attempt to remove the Spyware corrupts your system.
  • Run your anti-Spyware software after you have installed new software.
  • Edit your HOSTS file so that any attempts to access known Spyware/Adware sites are re-routed to nowhere. For example the entry 127.0.0.1 ad.server.com will send a program attempting to connect to ad.server.com to nothing. The HOSTS file is usually in C:\WINDOWS\system32\drivers\etc\hosts on XP machines.
  • Check your HOSTS file now and then to see if any software has modified it so that innocent requests are re-directed to another site instead.
  • Delete cookies and empty your cache after every surf session (CleanUp! is a great tool for doing this).
  • Make Internet Explorer more secure. Go to the 'Tools' menu and select 'Internet Options', 'Security' and then 'Internet Zone'. Select 'Custom Level' and set the following to 'Prompt'. 'Download Signed ActiveX controls', 'Run ActiveX controls and plug-ins' and 'Script ActiveX controls marked safe for scripting'. Set the following to 'Disable'. 'Download unsigned ActiveX controls', 'Initialise and Script ActiveX controls not marked as safe'.

Summary

Spyware is software that operates in stealth mode once installed on a users computer to monitor that users activities and to gather demographic data which it transmits to a third party using the users internet connection without the user being aware of it happening.

Further reading: Anti-Spyware Testing

If you have any feedback regarding this article, or you have a suggestion for a new article, or just want to say thanks for the info then feel free to drop me an email at dave@detoxcomic.com.

Article updated: 21-May-2006