A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Spyware

Software that sends information from your computer to a third party without your consent

Spyware is any software that sends personal information (e.g., Web sites you visit, email addresses, passwords) from your computer to a third party without telling you and without your consent. Spyware differs from malware in that it takes information from your computer, while malware damages your computer.

Many people include adware (software that displays advertising banners in your browser) under the heading of "spyware" because adware often has spyware included in it. This adware can sometimes slow down your machine, make pop-up ads appear on your desktop, or change the settings on your computer. Many of these programs do not clearly state what the application will do or whether spyware is included, and they can be very difficult to uninstall.

A collection of anti-spyware software companies, academics, and consumer groups have formed the Anti-Spyware Coalition  to clarify what exactly can be considered spyware. Their current definition includes any software that makes it difficult for you to control:

  • How you use your computer, including your privacy and security settings
  • What your computer is used for and what is installed on it
  • How your personal information is collected and used

There are a few different ways you can get spyware on your computer. Spyware is sometimes installed on your machine when you download free software, such as file-sharing applications and games. However, you don't even need to download anything to get spyware: some spyware is installed on your machine just by visiting certain Web sites. This is called a "drive-by" installation. Spyware can also be loaded onto your computer without your knowledge when you open certain email attachments.

One way spyware can get information about you is from cookies. Cookies are files saved on your computer that contain information that you give to Web sites while on the Internet. Web sites often use cookies to remember your preferences or login information for the site, which makes these sites easier to use. However, spyware can extract the information from these files and use it for marketing purposes, among other things.

You should be especially careful of spyware when engaging in e-commerce because it may be able to get to the personal and financial information that you send to e-commerce sites.

Protective Measures

Practices

  • Opt out of cookies when asked: On some sites, a pop-up window will appear asking if you will allow cookies for that site. If you do not want to be recognized by any third party providing adware/spyware to the site, do not allow these cookies.

  • Disable or manage cookies: Cookies are little files saved on your computer when you visit a Web site that contain information about your personal preferences for the site. Companies or malicious coders can extract the information in these files and use it for marketing or other purposes. Disabling or limiting cookies does not get rid of spyware, but it does leave less personal information on your hard drive for spyware to exploit. However, you will lose the advantages that cookies provide, namely making some Web sites easier to use.

  • Avoid purchasing items from dubious sites: When you shop at established online stores, such as Amazon or eBay , you can be sure that you will not contract spyware. However, if you decide to shop at less established Web sites, you might expose yourself to having spyware downloaded onto your machine.

  • Conduct regular spyware removal scans: You can scan your computer manually, or you can set commercial anti-spyware software to scan your computer periodically for you. If your software has this ability, set it to scan at least once every two weeks. To scan for spyware manually (using Spybot as an example):

    1. Open the Spybot application and look for the navigation bar on the left side of the program.
    2. Click on Spybot-S&D to go to the main page. You will see an empty list and a toolbar at the bottom.
    3. Click the first button in this toolbar labeled Check for problems. After the scan is finished, the list will be populated with threats.
    4. Select all the threats and click the button labeled Fix selected problems.

  • Conduct regular anti-virus scans: Be sure to scan all files that you have received from other people. All major anti-virus software can be set to automatically scan files when they are transferred, but it's a good idea to also scan your computer manually on a regular basis. You should do this at least once every two weeks, or when you suspect a problem.

Settings

  • Set your firewall to filter ports: Make sure your firewall is filtering the ports that correspond to your applications. For example, Internet Explorer uses port TCP-80, so you would set your firewall to only allow Internet Explorer to use that port. This way you keep any possible intruders from using that port to steal documents.

    Make sure that your firewall is not allowing unauthorized applications to send information from your laptop to the Internet without your consent. If you travel frequently, a firewall is very important for your safety. For information on how to configure your firewall, consult its documentation.

  • Set your anti-virus package for "Real-time Protection": Anti-virus software should provide the option of real-time protection, which means that it actively checks files that come into your system while you work. Although this might not be necessary for mobile devices, it does lower your chances of contracting a computer virus, so check if your brand supports this configuration. If it does, activate it.

Tools

  • Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista  include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .

    Firewalls may not prevent you from installing spyware applications, but they can be used to stop unauthorized information from leaving your machine.

  • Spyware removal applications: Anti-virus applications generally do not rid your machine of spyware, but there are many commercial and free spyware removal tools available. Some examples are Spybot - Search & Destroy , Ad-Aware , Pest Patrol , and Microsoft Windows Defender . Make sure that you find a legitimate spyware-removal application, since some products touted as anti-spyware applications are ineffective or actually install spyware and adware on your machine. Spyware Warrior  can point you to some good applications and tell you which applications to avoid.

Connect Safely from Different Places

Office

When engaging in e-commerce at the office, spyware may be able to gather sensitive company data from your computer.

Business computer networks are just as vulnerable to spyware as home computers. Until now, there hasn’t been much anti-spyware software made specifically for business users, but a few business-strength anti-spyware products are now available. Spy Sweeper Enterprise  is a version of the popular Spy Sweeper anti-spyware tool just for corporations. Another corporate product is Websense Enterprise . This software offers a solution to the spyware problem by limiting peer-to-peer (P2P) file sharing on corporate networks.

On the road

You should be especially careful of spyware when engaging in e-commerce away from your home or office network because it may be able to get to the personal and financial information that you send to e-commerce sites (e.g., payment information, buying profiles, etc.).

Ethical Issues

It is both unethical and illegal to include spyware in software without stating clearly in the license agreement that it is included. Therefore, you should read and understand all policies and end-user license agreements (EULAs) before doing any business at a Web site. Many policies and EULAs are purposefully ambiguous or misleading, and they can be difficult to interpret, so make sure that you read them carefully.

Some parents use spyware to eavesdrop on their children's online activities because they believe that this is a good way to protect their children from online predators and inappropriate content. Some people also use spyware to keep tabs on their spouses and other family members, but there are many who feel that using spyware on family members is not at all appropriate. They argue that such use is an invasion of people's privacy and therefore unethical.

Legal Issues

Some states, such as Utah , Washington , and California , are beginning to pass laws against spyware. Other states are expected to follow.

Privacy Issues

Spyware is a threat to your privacy because it attempts to capture your personal information. This can result in identity theft, especially if somebody gets a hold of your credit card number, social security number, or other personally identifiable information. As soon as you detect a spyware application on your machine, disconnect from the Internet and seek help in removing it.

Links

References

Filing a complaint

Obtain a credit report from one of these agencies:

My home page