Spyware

Spring 2004 CSANews Issue 50  |  Posted date : May 05, 2007.Back to list

With all the things that are good with the Internet, there will always be some accompanying bad (I wanted to say crap, but I think it will be edited out) with which we have to deal in order to realize the best that it has to offer. We have all at one time or another been the recipients of viruses, worms or the more recent "spam" e-mail.

Well, hold onto your horses and welcome your current nemesis: spyware.

If is sounds elusive and mysterious a.k.a. "Bond, James Bond," it does have that quality. Spyware refers to programs that hide in your computer and secretly (à la "Bond," sans the beautiful babes) monitor your activities. As spyware continually runs in the background, it can also sap computing power, crash machines and/or bombard you with a myriad of unwanted ads. To make it more personal, it can capture passwords, credit card numbers and other information that you would consider to be private and confidential.

Spyware is Internet jargon for Advertising Supported software or, as I'm sure you've heard the expression, "adware." New business models continue to morph from Internet activity, and spyware is a perfect example. It is a concept that allows developers or authors of free software, or shareware, to make money from their product. The concept is to place banner ads in their products in exchange for a portion of the revenue which results from those banner sales. For the up-and-up companies, if you find the banners annoying, there is usually an option to remove them. For those companies which are only borderline ethical, this option is not available.

While the originators of this technology may have had the best of intentions, there are other companies that push the envelope of ethical business practices ­ the "bad apple" saying applies here. Now the bad part ­ when adware becomes spyware.

The adware developers took it upon themselves to include special tracking software on your system, which continually reports back to the "mothership" through your Internet connection. While company privacy policies state that no sensitive or identifying data are collected from your system, you still have a real-time server running on your PC, sending information about you and your surfing habits to a remote location.

The numbers below do not necessarily indicate the same number of PCs infected, but the apparent scale of the problem is disconcerting.

Not all adware programs are spyware, but the majority are. There is certainly a class of products that presents advertising which is not accompanied by any tracking mechanism. Spyware is not an illegal type of software, although its name suggests otherwise. Privacy-oriented individuals would certainly object and take issue with the tracking and transmission of statistics to a third party.

How would you feel if you uncovered the fact that someone watched your every move in your daily activities and reported the findings to a third party? Get the picture?

While legitimate adware companies will disclose in their privacy statement the nature of data which are collected and transmitted, there is almost no way for the user to actually control what data are being sent. The fact is that the technology is in theory capable of sending much more than just banner statistics ­ and this is why many people feel uncomfortable with the idea.

Every story has two sides and as such, there are millions of people using advertising-supported "spyware" products and who could not care less about the privacy hype...in fact, some "spyware" programs are among the most popular downloads from the Internet.

If you suspect that you have this freeware lurking in your computer, I will refer you to two sites, http://www.anti-spyware-review.toptenreviews.com/ for those of you who wish to pay to keep this intruder out. For those of you (me) who wish the less expensive route, visit http://www.spychecker.com/software/antispy.html where you have a choice of tools. I selected SPYBOT-S&D as it was both free and received a high rating. It was easy to install, easy to run and, to boot, it detected 17 statistics-gathering components and allowed me to delete them in a few simple clicks.

I have always found it interesting when problems are discovered and somehow, soon after, a product is released to fix the problem. It's the old chicken-and-egg thing ­ which came first? The perfect business model. Creating a need, then supplying a product to fill it.

Let's put some scale to this problem. Earthlink is one of the largest Internet Service Providers in the United States, and offers a free scan service to promote its Spyware Blocker software. After scanning one million PCs with its free SpyAudit service, Earthlink stated that it found:

184,559installations of "system monitor" software, such as keystroke loggers

184,919installations of Trojan programs

5,300,000instances of "adware" software which serves banner ads and sends data back to third parties without your permission

29,500,000 instances of adware, 23.8 million of which are attributed to "relatively benign" cookies used by advertising networks to track user behaviour

News Source: Computer Business Review