Fairly
often,
people
I know complain that their computer is running slowly.
Typically, the next thing they say is "Maybe it's got a virus". That's
easily checked-- for instance, on Symantec's online virus checking
service: http://www.symantec.com/securitycheck/. (For
more
or
combating
viruses see my companion-piece to this tutorial).
More often than not, however, their computer checks-out virus-free. More likely, without being aware of it, their computer has somewhere between several and many spyware and adware programs running in the background, each taking a chunk of computer resources, resulting in the feeling that it's harder and harder to get anything done on their computer. Late in 2004, Dell, for example, noted that they're getting 70,000 calls a week about computer performance and odd behaviour that is probably spyware related.
(And
that's
not
all-- as the name suggests, the various spyware programs are
probably 'calling home', reporting back personal information, at a
minimum where you've browsed on the Net).
What is spyware?
According to ZDNet's Robert Vamosi, "Also known as "adware," this
hidden software program transmits user information via the Internet to
advertisers in exchange for free downloaded software." (http://www.zdnet.com/products/stories/reviews/0,4161,2612053,00.html)
In
many
ways, it's the intersection of our desire to get stuff for free
over the Internet, and many software publisher's desire to get paid
anyways. (Note that there remain many great programs and services
available on the Net that are truly free-- no strings attached. But not
everything that claims to be free is actually a good deal). Many of the
most-often downloaded programs actually includes spyware.
Like
commercial-TV,
some
downloaded programs display ads on screen. Some,
like the popular Opera browser or Eudora email program, give users the
option to use a free, ad-displaying version or to purchase an ad-free
version. More problematic are programs that don't give potential users
notice that they will be getting ads with that program. As well, many
ad-supported programs install modules that run in the background,
logging websites you visit, and reporting these back. This information
may be used to tailor the ads you see to match your interests, as
indicated by where you surf. Or this information may be spread around
for other demographic research purposes. At the same time, other
information about you or your computer may be sent out without your
knowledge or consent.
Generally,
when
you
are installing your downloaded software, you will be asked to
read and agree to an End User License
Agreement (generally referred to as a Eula). In most cases, you're
notified that information will be collected and sent deep in the
legaleese of the Eula-- but few users actually take the time to read
through these documents. However, because of this, software publishers
are able to claim that you consented to the installation of their
spyware.
In
some
cases,
you can end up with spyware installed on your computer
without knowingly installing anything-- simply clicking on an online ad
for Comet Cursor or BonziBuddy may install software on
your system. BonziBuddy can be installed by ads that pretend to be
system error messages.
Some
distinguish
between
spyware (bad) and adware (less bad). "Spyware,
which may piggyback on another downloaded program, often operates in
the background, sending information back to a remote site and
displaying pop-up ads tailored to the user's online habits, or
harvesting e-mail addresses to sell to spammers. Adware is similar but
more benign, or at least better encased in euphemism; its defenders say
that it is something that consumers consciously agree to download. More
insidious programs, perhaps better described as annoyware, redirect the
computer's browser to pornographic Web sites, often to pump up those
sites' traffic figures or commandeer the machine's modem to dial 900
numbers at the computer owner's expense.... Yet the line between
informed consent and naïve clicking can be thin. Although Gator
requires permission from users before it is downloaded, people often
have no recollection of having agreed to its terms." (New York Times
article: "Heart of Darkness, on a Desktop" September 4, 2003: http://www.nytimes.com/2003/09/04/technology/circuits/04lurk.html?ex=1064499244&ei=1&en=0066cf458f70567f
(free registration needed to view)).
In October 2003, Gator filed suit against PC Pitstop for calling Gator
'spyware'; in response, PC Pitstop pulled a number of pages critical of
Gator from its website (http://news.com.com/2100-1032-5095051.html?part=dht&tag=ntop).
This practice of companies labelled spyware filing suit against anti-spyware software vendors is becoming increasing common. (See Robert Vamosi's "Who You Callin' Spyware, Spyware? (March 15 2005): http://reviews.cnet.com/4520-3513_7-5759896-1.html?tag=nl.e501 )
In July 2005, a broadly-based industry group formulated a definition of spyware, at least in part to help clarify proposed US legislation. The Anti-Spyware Coalition said (http://www.wired.com/news/privacy/0,1848,68167,00.html): spyware impairs "users' control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information..."
How common is spyware?
Why is spyware bad?
Many users have installed and used spyware-installing software, and
don't seem to find that a problem. After all, many of us have
supermarket club cards or air mileage cards, both of which promise us
benefits in exchange for passing on information about our shopping
habits. On one level, spyware reporting on our Web surfing habits isn't
much different.
But
aside
from
questions about whether I want my computer reporting on my
Web surfing, spyware can cause other problems. I've already mentioned
that each spyware program lurking in the background saps a bit of your
computer's resources-- using up some memory and CPU time. Uploading
information without your consent eats away at your Internet bandwidth,
which can be especially problematic for dialup subscribers. The DSSAgent program installed by Mattel
and Broderbund with some of their children's and educational titles
(some versions of the popular Where in the World is Carmen Sandiego,
for
instance) can cause serious network congestion with rapidly repeated
DNS
queries as it pulls down its ads.
Not
only
that,
poorly-designed spyware programs can cause operating system
and browser crashes! BonziBuddy spyware, which reports on browsing
habits has been implicated in system slowdowns and so-called blue
screen of death system crashes.
And
in
many
cases, uninstalling the downloaded free program may still leave
the spyware installed, still lurking in the background reporting on
you, even when the program it's designed to work with is long gone.
Computer
columnist
John
Dvorak suggested in December 2004 (http://www.pcmag.com/article2/0,1759,1744126,00.asp)
that
spyware
is installed for four primary uses: market research,
employee and spousal monitoring, identity and credit card theft, and to
turn your computer into a 'spambot', distributing spam to other users.
What are the names of often-installed
spyware?
Among the many spyware 'brands', you may find these installed
without your knowledge on your system. Click on the links for more
information, or search for their names on Google or other search engine:
What can you do?
Spyware removal software
There's an ongoing battle between spyware and spyware removers. At one
point, for example, one spyware program searched for popular spyware
remover AdAware (from http://www.lavasoft.de/), and if
found, removed it from users' systems. The next version of AdAware
resisted that tactic.
The
April
22,
2003 issue of PC Magazine reviewed 9 spyware removal
applications: http://www.pcmag.com/article2/0,4149,981135,00.asp
Their editor's choice, SpyBot Search
and Destroy is free (and spyware-free). The author, Patrick M.
Kolla, requests donations; if you find this program useful, consider
donating to him, to encourage him to continue developing it: http://security.kolla.de/
It
offers
an
easy mode and an advanced mode, scans your system for spyware
and adware, (including relatively harmless ad-related browser cookies),
provides a list of what it finds, offers further information about most
individual items, and allows you to remove all of them with one click,
or to pick and choose what to remove. It notes that removing the
spyware often makes the related application stop working, and that in
many cases, the best way to remove adware or spyware is to pay for
shareware programs.
(Note that if you search for Spybot Search and Destroy it may be difficult to locate; a number of less-effective but more expensive anti-spyware applications have been setting up their web pages so they show up in search engines as a result of searches for Spybot. Moreover, while Patrick Kolla, Spybot's developer, has registered the web address safer-networking.org, browsing by mistake to safer-networking.com will get you yet another anti-spyware program-- not Spybot. The software sold at safer-networking.com, Spykiller, is included in a list of 'Rogue/Suspect Anti-Spyware Products at http://www.spywarewarrior.com/rogue_anti-spyware.htm -- products they describe as of 'unkown, questionable, or dubious value'. These would include products advertised by web popups claiming your computer may be infected with spyware. Some even install their own spyware!).
The free AdAwarewas previously the spy-removal program of choice; as of the time of writing (early 2003), it had fallen behind SpyBot in its ability to detect and remove the current crop of spyware. However, it may be worth downloading and using along with SpyBot; each may find spyware missed by the other. In any case, keep both up to date by always using the latest version.(In fact, by early 2005, AdAware was much improved. I again recommend it).
In late 2004, Microsoft purchased spyware developer Giant; in early 2005 they released a free beta version of Microsoft AntiSpyware. It's well worth the download (http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en) and recently, MS announced that it will continue to be free beyond July 2005. (Windows 2000 and XP only).
The
Spyware
Guide
website (http://www.spywareguide.com/index.php)
has
a
free online spyware scanner.
The
March
2 2004
issue of PC Magazine updated their Spyware review (http://www.pcmag.com/article2/0,4149,1524223,00.asp).
This
year,
they most liked Spy
Sweeper (http://www.webroot.com/)
which
is
available in a paid version (US$30 per year) with automatic
downloading of spyware definitions, or a free version which lacks that
feature. They felt that the free Spybot Search and Destroy and the
spyware-removal component of McAfee Internet Security were also strong
contenders.
In its December 2004 issue, (http://www.pcworld.com/news/article/0,aid,118362,00.asp) PC World tested a number of commercial anti-spyware applications that advertised themselves with online popup ads. Their conclusion: none were as effective as the free SpyBot, and two of the applications tested actually installed spyware! Their conclusion: avoid popups or bogus Windows system messages that suggest your system may be infected and offering to scan for spyware. The scans are often faked, and the software their peddling is ineffective at best.
PC
Magazine
(November 8 2005) reviewed
three free antispyware programs: AdAware, Spybot, and Microsoft
Antispyware. Their conclusion: install all three but only configure
Microsoft's for real-time blocking.
http://www.pcmag.com/article2/0,1895,1865515,00.asp
Adware distributors have started lobbying antispyware applications (and in some cases taking them to court) complaining when their applications are labelled 'malware'. In some cases, they have been successful in getting some antispyware applications to downgrade their recommendations. See for instance, Wired Magazine's Dec 2005 article "And Don't Call It Spyware" http://www.wired.com/wired/archive/13.12/spyware.html
In late 2005, spyware researcher Mark Russinovich reported on a number of so-called anti-spyware products that not only do a poor job of spyware removal but may actually be hazardous. (See: http://arstechnica.com/news.ars/post/20060103-5887.html) Elsewhere, a 10-worst list of would-be anti-spyware products was compiled, listing:
10. Spyware Bomber
9. SlimShield
8. WinAntiVirus and its companion WinAntiSpyware 2005
7. SpywareNo and its clone SpyDemolisher
6. Razespyware
5. Spy Trooper
4. WorldAntiSpy
3. PSGuard
2. SpySheriff
1. SpyAxe
(Dis)Honorable mention goes to VirtualBouncer aka AdDestoyer.
(http://blogs.zdnet.com/Spyware/?p=727)
Do not install unknown anti-spyware applications. At this time, I recommend Ad-Aware , Spybot Search and Destroy, Webroot Spy Sweeper, Microsoft Anti-Spyware, and the anti-spyware component of the Zone Alarm Internet Security Suite.
Key Loggers and Trojan Horses
The April 22 2003 PC Magazine cover story on spyware (Spyware: It's lurking on your machine: http://www.pcmag.com/article2/0,4149,978170,00.asp)
includes
keyloggers
such as NetObserve and WinWhatWhere and Trojans
such as BackOriface or NetBus as spyware, because they can be used to
report out about your computer without your knowledge and consent.
While
a potential problem, I don't group them in with adware/spyware.
Typically keyloggers are installed on your computer by employers or
family members who want to know how the computer is being used. Trojans
like NetBus are frequently spread about by teens over instant messaging
or chat networks, getting unsuspecting peers to install these programs
that let them take remote control over your computer.
Some
antivirus
software
will pick up the trojans when scanning your system
for viruses.
Since most spyware, keyloggers and trojan horses set themselves to startup automatically, another useful utility can be a Startup Monitor-- a program that lets you know when something has added itself to your computer and set itself to startup automatically. If it's something you meant to do, you can allow it-- but if it's happening without your permission, you can block it. Check out the free StartUp Monitor: http://www.mlin.net/StartupMonitor.shtml
Pop-up web ads
Not spyware, but frequently annoying are pop-up (or pop-under)
ads when you are browsing the Net. Several alternative browsers,
including Opera (ad-ware or paid versions), Netscape, and the free
open-source Mozilla and Mozilla Firebird include options to turn off
pop-up windows. This is not
currently a feature in the most-often-used Internet Explorer. A number
of downloadable programs are available for IE users, to control pop-up
ads. My favourite is the free (not adware!) PopUpManager from http://www.endpopups.com.
Sometimes, you actually want a popup window-- some are not ads. If you
click on a link and nothing happens, PopUpManager lets you right-click
on its little bar (which turns from green to red when it stops a popup
window) and allow the popup.
You
may
also
be getting pop up ads when you're not using your browser...
they may be coming in through MSN Messenger. (They say "Messenger
Service in the window's title bar). You can defend yourself against
them using the free Messenger Utility:http://www.heavy-horse.com/products/messenger/messenger.html
or Shoot the Messenger: (http://grc.com/stm/ShootTheMessenger.htm)
Other annoying popups are the result of
the sorts of spyware discussed above. Removing the spyware should
eliminate these popups.
Homework: