know complain that their computer is running slowly.
the next thing they say is "Maybe it's got a virus". That's easily
for instance, on Symantec's online virus checking service: http://www.symantec.com/securitycheck/.
(For more or combating viruses
to this tutorial).
however, their computer checks-out virus-free. More likely,
being aware of it, their computer has somewhere between several and
spyware and adware programs running in the background, each taking a
of computer resources, resulting in the feeling that it's harder and
to get anything done on their computer. Late in 2004, Dell, for
example, noted that they're getting 70,000 calls a week about computer
performance and odd behaviour that is probably spyware related.
as the name suggests, the various spyware programs are
'calling home', reporting back personal information, at a minimum where
you've browsed on the Net).
known as "adware," this hidden software program transmits user
via the Internet to advertisers in exchange for free downloaded
ways, it's the intersection of our desire to get stuff for free
over the Internet, and many software publisher's desire to get paid
(Note that there remain many great programs and services available on
Net that are truly free-- no strings attached. But not everything that
claims to be free is actually a good deal). Many of the most-often
programs actually includes spyware.
programs display ads on screen. Some, like the popular
Opera browser or Eudora email program, give users the option to use a
ad-displaying version or to purchase an ad-free version. More
are programs that don't give potential users notice that they will be
ads with that program. As well, many ad-supported programs install
that run in the background, logging websites you visit, and reporting
back. This information may be used to tailor the ads you see to match
interests, as indicated by where you surf. Or this information may be
around for other demographic research purposes. At the same time, other
information about you or your computer may be sent out without your
installing your downloaded software, you will be asked to read
and agree to an End
Agreement (generally referred to as a Eula).
In most cases, you're notified that information will be collected and
deep in the legaleese of the Eula-- but few users actually take the
to read through these documents. However, because of this, software
are able to claim that you consented to the installation of their
can end up with spyware installed on your computer without
installing anything-- simply clicking on an online ad for Comet
Cursor or BonziBuddy
may install software on your system. BonziBuddy can be installed by ads
that pretend to be system error messages.
(bad) and adware (less bad). "Spyware, which may
on another downloaded program, often operates in the background,
information back to a remote site and displaying pop-up ads tailored to
the user's online habits, or harvesting e-mail addresses to sell to
Adware is similar but more benign, or at least better encased in
its defenders say that it is something that consumers consciously agree
to download. More insidious programs, perhaps better described as
redirect the computer's browser to pornographic Web sites, often to
up those sites' traffic figures or commandeer the machine's modem to
900 numbers at the computer owner's expense.... Yet the line between
consent and na´ve clicking can be thin. Although Gator
from users before it is downloaded, people often have no recollection
having agreed to its terms." (New York Times article: "Heart of
on a Desktop" September 4, 2003: http://www.nytimes.com/2003/09/04/technology/circuits/04lurk.html?ex=1064499244&ei=1&en=0066cf458f70567f
(free registration needed to view)). In October 2003, Gator filed suit
against PC Pitstop for calling Gator 'spyware'; in response, PC Pitstop
pulled a number of pages critical of Gator from its website (http://news.com.com/2100-1032-5095051.html?part=dht&tag=ntop)
companies labelled spyware filing suit against anti-spyware
software vendors is becoming increasing common. (See Robert Vamosi's
"Who You Callin' Spyware, Spyware? (March 15 2005): http://reviews.cnet.com/4520-3513_7-5759896-1.html?tag=nl.e501
a broadly-based industry group formulated a definition of
spyware, at least in part to help clarify proposed US legislation. The
Anti-Spyware Coalition said (http://www.wired.com/news/privacy/0,1848,68167,00.html):
"users' control over material changes that affect their
user experience, privacy or system security; use of their system
resources, including what programs are installed on their computers; or
collection, use and distribution of their personal or otherwise
common is spyware?
BBC report (http://news.bbc.co.uk/1/hi/technology/3633167.stm)
spyware was very prevalent amongst home PCs... according
to the report, the US Internet service provider Earthlink said it found
an average of 28 spyware programs on over one million PCs scanned in
early 2004(!) The 29+ million spyware programs found were mostly
ad-ware, but they also discovered some 300,000 system monitors and
Trojans, which could steal personal information from the infected
of 2004, AOL and the National
Cyber Security Alliance surveyed 329 Americans; on average they had
been online for over six years-- not Internet novices. Afterwards, they
had technicians check over their systems; 80% had some sort of spyware
infections. (Reported in PC Magazine: February 02, 2005: http://www.pcmag.com/article2/0,1759,1755221,00.asp
is spyware bad?
Many users have
software, and don't seem to find that a problem. After all, many of us
have supermarket club cards or air mileage cards, both of which promise
us benefits in exchange for passing on information about our shopping
On one level, spyware reporting on our Web surfing habits isn't much
about whether I want my computer reporting on my Web surfing,
spyware can cause other problems. I've already mentioned that each
program lurking in the background saps a bit of your computer's
using up some memory and CPU time. Uploading information without your
eats away at your Internet bandwidth, which can be especially
for dialup subscribers. The DSSAgent
program installed by Mattel and Broderbund with some of their
and educational titles (some versions of the popular Where in the World
is Carmen Sandiego, for instance) can cause serious network congestion
with rapidly repeated DNS queries as it pulls down its ads.
spyware programs can cause operating system and browser
crashes! BonziBuddy spyware, which reports on browsing habits has been
implicated in system slowdowns and so-called blue screen of death
uninstalling the downloaded free program may still leave the
installed, still lurking in the background reporting on you, even when
the program it's designed to work with is long gone.
Dvorak suggested in December 2004 (http://www.pcmag.com/article2/0,1759,1744126,00.asp)
is installed for four primary uses: market research,
employee and spousal monitoring, identity and credit card theft, and to
turn your computer into a 'spambot', distributing spam to other users.
are the names of often-installed spyware?
the many spyware
you may find these installed without your knowledge on your system.
on the links for more information, or search for their names on Google
or other search engine:
installed by many ad-supported programs. Monitors browsing habits. Can
remain even if the main application is uninstalled. Can cause
and crashes. http://www.accs-net.com/smallfish/radiate.htm
- Bonzi: most
often installed on its own by clicking a disguised web-ad; can slow
down or even cause crashes: http://www.accs-net.com/smallfish/bonzi.htm
installed with KaZaa; causes instability and crashes. Removing it
KaZaa to fail to work; install KaZaa Lite instead
- Comet Cursor:
installed by clicking on Web ads and links, included with some
- Cydoor is installed with KaZaa, among
serves ads within its
applications, and collects demographic information. http://www.accs-net.com/smallfish/cydoor.htm
- DSSAgent was
installed by Broderbund and Mattel in educational and children's
(typically sold on CD, not downloaded). It can cause network
names to watch
for include: Aveo/Help
Express, CommonName/CNBabe, DownloadWare/ClipGenie, eAcceleration,
eZula/TopText, Gator/GAIN, HotBar, Lop, Network Essentials, OnFlow,
SaveNow, SideStep, TimeSink/Conducent, TwistedHumor/Winad,
webHancer, Web3000, WurldMedia, and Xupiter Toolbar. Doubtless the list
will grow over time.
for up to date information on spyware applications (and anti-spyware
It listed 277 (!) different spyware programs when I checked in August
can you do?
and think about what
rights and information you may be asked to give away in exchange for a
so-called free program or service. Consider whether what you're going
get is worth the hidden cost. Assume that any application that displays
ads when you're not online is probably also sending information about
you are using
Internet Explorer, check
its options (click the Tools
menu, then Internet
Go to the Security
make sure it is set to Medium or above; the Low setting will allow
to be downloaded without your knowledge.
Consider using the paid-versions of programs like Eudora, Opera,
or Bearshare to avoid the ads and the reporting back. If you (or
or teens in your home) are users of the wildly-popular KaZaa
file-sharing application, replace it with the spyware-free KaZaa Lite Resurrection (http://www.versiontracker.com/dyn/moreinfo/win/34640.
popular peer-to-peer file-sharing programs (often used for
MP3 music files over the Net) are big sources of spyware. Along with
KaZaa Lite, Shareaza (http://www.shareaza.com) is another spyware free
aware, when using KaZaa K++ that you may get notification that 'A newer
version of KaZaa is available' each time the program starts. If you
to get the newer version, you will be replacing KaZaa Lite with the
Also note that the earlier KaZaa Lite installs a fake Cydoor.dll file
newer version doesn't do this...), which is not
spyware, but may be identified by some spyware removal programs. Don't
let such programs remove it!)
If you have Kazaa installed,
might want to try Diet
removes the spyware from an existing installation of standard KaZaa. http://www.versiontracker.com/dyn/moreinfo/win/28492
to mention whether
listed programs use ad-supported spyware. Once again, read the
and decide how badly you want or need such applications.
firewall such as ZoneAlarm
which can block spyware from 'phoning home' without your knowledge.
won't remove the spyware, which will still be gobbling system
but it will stop the spying. More on firewalls in my
tutorial on that subject.
Software control panel, and check for unfamiliar
with names like the ones listed above). You'll find some spyware such
CometCursor this way.
downloadable StartUp Control
Panel, or Startup Cop Pro (see my Know
PC tutorial for more information), looking
being loaded at startup. You may, for instance, see the DSSAgent that
to scan your system
for spyware, and with your permission, remove spyware that it finds
below). Note that removing spyware often makes the related application
users of your PC from
installing the most popular 'file-sharing' applications such as Kazaa
the free File
and spyware removers. At one point, for example, one spyware program
for popular spyware remover AdAware (from
removed it from users' systems. The next version of AdAware
issue of PC Magazine reviewed 9 spyware removal applications: http://www.pcmag.com/article2/0,4149,981135,00.asp
Search and Destroy is free (and spyware-free). The author,
M. Kolla, requests donations; if you find this program useful, consider
donating to him, to encourage him to continue developing it: http://security.kolla.de/
mode and an advanced mode, scans your system for spyware and
(including relatively harmless ad-related browser cookies), provides a
list of what it finds, offers further information about most individual
items, and allows you to remove all of them with one click, or to pick
and choose what to remove. It notes that removing the spyware often
the related application stop working, and that in many cases, the best
way to remove adware or spyware is to pay for shareware programs.
(Note that if
you search for
Spybot Search and Destroy it may be difficult to locate; a number of
less-effective but more expensive anti-spyware applications have been
setting up their web pages so they show up in search engines as a
result of searches for Spybot. Moreover, while Patrick Kolla, Spybot's
developer, has registered the web address safer-networking.org,
mistake to safer-networking.com will get you yet another
anti-spyware program-- not
Spybot. The software sold at safer-networking.com, Spykiller, is
included in a list of 'Rogue/Suspect Anti-Spyware Products at http://www.spywarewarrior.com/rogue_anti-spyware.htm
-- products they describe as of 'unkown, questionable, or dubious
value'. These would include products advertised by web popups claiming
your computer may be infected with spyware. Some even install their own
was previously the spy-removal program of choice; as of the time of
(early 2003), it had fallen behind SpyBot in its ability to detect and
remove the current crop of spyware. However, it may be worth
and using along with SpyBot; each may find spyware missed by the other.
In any case, keep both up to date by always using the latest
version.(In fact, by early 2005, AdAware was much improved. I again
Microsoft purchased spyware developer Giant; in early 2005
they released a free beta version of Microsoft AntiSpyware. It's well
worth the download (http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en)
MS announced that it will continue to be
free beyond July 2005. (Windows 2000 and XP only).
free online spyware scanner.
issue of PC Magazine updated their Spyware review (http://www.pcmag.com/article2/0,4149,1524223,00.asp).
they most liked Spy
available in a paid version (US$30 per year) with automatic
of spyware definitions, or a free version which lacks that feature.
felt that the free Spybot Search and Destroy and the spyware-removal
of McAfee Internet Security were also strong contenders.
2004 issue, (http://www.pcworld.com/news/article/0,aid,118362,00.asp)
tested a number of commercial anti-spyware applications that
advertised themselves with online popup ads. Their conclusion: none
were as effective as the free SpyBot, and two of the applications
tested actually installed spyware! Their conclusion: avoid
or bogus Windows system messages that suggest your system may be
infected and offering to scan for spyware. The scans are often faked,
and the software their peddling is ineffective at best.
(November 8 2005) reviewed
three free antispyware programs: AdAware, Spybot, and Microsoft
Antispyware. Their conclusion: install all three but only configure
Microsoft's for real-time blocking.
Adware distributors have
started lobbying antispyware applications (and in some cases taking
them to court) complaining when their applications are labelled
'malware'. In some cases, they have been successful in getting some
antispyware applications to downgrade their recommendations. See for
instance, Wired Magazine's Dec 2005 article "And Don't Call It Spyware"
Another disturbing trend:
'Rogue Antispyware' -- products of unknown or dubious value being
marketed for spyware protection. (See: http://blogs.zdnet.com/Spyware/index.php?p=727&tag=nl.e539)
about any antispyware product you see being marketed
online, particularly through web page popups. Google the product name
(along with the word 'review') to see what is being said about it
before buying. In fact, be cautious before download and installing,
even if it's apparently free... some apparent antispyware applications
have even installed spyware! Spyware Warrior's Rogue/Suspect Spyware
over 240 products.
In late 2005, spyware
researcher Mark Russinovich reported on a number of so-called
anti-spyware products that not only do a poor job of spyware removal
but may actually be hazardous. (See: http://arstechnica.com/news.ars/post/20060103-5887.html)
a 10-worst list of would-be anti-spyware products was
10. Spyware Bomber
8. WinAntiVirus and its companion WinAntiSpyware 2005
7. SpywareNo and its clone SpyDemolisher
5. Spy Trooper
(Dis)Honorable mention goes
to VirtualBouncer aka AdDestoyer.
not install unknown anti-spyware applications. At this time, I
recommend Ad-Aware , Spybot Search and Destroy, Webroot Spy Sweeper,
Microsoft Anti-Spyware, and the anti-spyware component of the Zone
Alarm Internet Security Suite.
Loggers and Trojan Horses
April 22 2003 PC
story on spyware (Spyware:
on your machine:http://www.pcmag.com/article2/0,4149,978170,00.asp)
such as NetObserve and WinWhatWhere and Trojans
as BackOriface or NetBus as spyware, because they can be used to report
out about your computer without your knowledge and consent. While a
problem, I don't group them in with adware/spyware. Typically
are installed on your computer by employers or family members who want
to know how the computer is being used. Trojans like NetBus are
spread about by teens over instant messaging or chat networks, getting
unsuspecting peers to install these programs that let them take remote
control over your computer.
pick up the trojans when scanning your system for viruses.
and trojan horses set themselves to startup automatically,
useful utility can be a Startup Monitor-- a program that lets you know
when something has added itself to your computer and set itself to
automatically. If it's something you meant to do, you can allow it--
if it's happening without your permission, you can block it. Check out
the free StartUp
are pop-up (or pop-under) ads when you are browsing the Net. Several
browsers, including Opera (ad-ware or paid versions), Netscape, and the
free open-source Mozilla and Mozilla Firebird include options to turn
pop-up windows. This is not
currently a feature in the most-often-used Internet Explorer. A number
of downloadable programs are available for IE users, to control pop-up
ads. My favourite is the free (not adware!) PopUpManager
you actually want a popup window-- some are not ads. If you click on a
link and nothing happens, PopUpManager lets you right-click on its
bar (which turns from green to red when it stops a popup window) and
getting pop up ads when you're not using your browser... they may be
coming in through MSN Messenger. (They say "Messenger Service in the
title bar). You can defend yourself against them using the
or Shoot the
the result of the sorts of spyware discussed above. Removing
the spyware should eliminate these popups.
Programs control panel
and either MSCONFIG or the Startup Control Panel, looking for names
appear in this tutorial's spyware list. If you find any, click the
for more information, or enter the name in a Google search to find out
more about them. Decide whether you want to remove each (or uncheck
in MSCONFIG, etc).
KaZaa is installed
your computer, remove
it (using the Add-Remove control panel) and download and install the
KaZaa Lite Resurrection.
you are running any
programs, think whether you really want them (enough to allow them to
ads and spy on you!), and consider paying for an ad-free version.
SpyBot Search and Destroy,
Let it scan your system. Do not let it simply remove all spyware found
unless you are prepared for some installed applications to stop
decide for yourself whether or not to let the program remove each item
the older spyware-free KaZaa Lite, don't remove the fake Cydoor.dll
CyberSafety course includes the following modules:
and wireless issues
Or cut to the chase with 7 Steps to Internet Security!
(Last updated 3 January 2006)