What Is Spyware
Pages: 1, 2, 3
How Spyware Spreads
There are many mechanisms for spreading spyware, employed by their creators. Let's look at a few common ways spyware can infect:
-
When installed by other spyware (unlike viruses and worms, spyware rarely treads alone; some machines analyzed by the anti-spyware vendors were found to have hundreds of spyware specimens)
-
When installed by malicious websites through flaws in Internet Explorer (so called "drive-by downloads")
-
When bundled with "free" or sponsored applications (unfortunately, with permission of the application creators)
Later we'll cover some of the things all computer users should do to lower the risk of "catching spyware."
Spyware's Impact on Your PC
Overall, what can spyware do on your system? For that, we will refer you to Microsoft's Ten Immutable Laws of Security. While it might be ironic that such laws are formulated by the makers of the most common spyware platform -- Windows -- they do provide vital insight into security. For example, Law 1 proclaims: "If a bad guy can persuade you to run his program on your computer, it's not your computer anymore." Thus, the above question becomes "what can spyware do on their system?" The answer to this one is really easy: everything that its creator wants. Common changes due to spyware include registry changes, browser configuration and settings modification, new program installation, as well as using your system for whatever else is needed. In other words, spyware, when installed and running, can do everything you can do on your system (and sometimes more).
Table 1 shows the direct damage you might suffer from spyware.
Loss |
Types of spyware |
Scenario |
Direct financial loss |
Keylogger |
Somebody steals your online banking passwords and transfers the money to his account abroad |
Slow system performance |
All |
A machine running dozens or more types of spyware will slow down to a crawl |
Display unwanted content |
Browser objects, other |
A website can install a malicious toolbar that will show popup ads and objectionable web content |
Loss of privacy |
Browser plug-ins |
All web personal history collected and potentially exposed |
Table 1. Types of loss caused by spyware
Protecting Yourself
Now that the evils of spyware are understood, let's use the well-known security mantra "prevention/detection/response" to focus on what you can do to:
- Prevent spyware from happening to you
- Detect that it might be sneaking by the defenses
- After it happens anyway, respond by cleaning your systems
First, will an antivirus solution will take care of all spyware problems? The answer is a resounding "no." Many anti-spyware products (both freeware and commercial) have features to block (prevention), scan for (detection), and remove the offending program (response), but PC Magazine's recent anti-spyware and antivirus software review, which compares stand-alone anti-spy defenses, indicates that antivirus solutions still do not do a good job of fending off hordes of spies.
