A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Spyware

Software that sends information from your computer to a third party without your consent

Spyware is any software that sends personal information (e.g., Web sites you visit, email addresses, passwords) from your computer to a third party without telling you and without your consent. Spyware differs from malware in that it takes information from your computer, while malware damages your computer.

Many people include adware (software that displays advertising banners in your browser) under the heading of "spyware" because adware often has spyware included in it. This adware can sometimes slow down your machine, make pop-up ads appear on your desktop, or change the settings on your computer. Many of these programs do not clearly state what the application will do or whether spyware is included, and they can be very difficult to uninstall.

A collection of anti-spyware software companies, academics, and consumer groups have formed the Anti-Spyware Coalition  to clarify what exactly can be considered spyware. Their current definition includes any software that makes it difficult for you to control:

  • How you use your computer, including your privacy and security settings
  • What your computer is used for and what is installed on it
  • How your personal information is collected and used

There are a few different ways you can get spyware on your computer. Spyware is sometimes installed on your machine when you download free software, such as file-sharing applications and games. However, you don't even need to download anything to get spyware: some spyware is installed on your machine just by visiting certain Web sites. This is called a "drive-by" installation. Spyware can also be loaded onto your computer without your knowledge when you open certain email attachments.

Protective Measures

Practices

  • Only install software from trusted sources: While even reputable sources may include adware and spyware in their software, a trusted provider is more likely to respond to problems or questions you may have.

  • Be sure to scan all games that you have downloaded: Anything downloaded to your system could potentially contain a virus, so it is a good idea to scan downloaded game files for any malware. This may make downloading take longer, but it will keep your computer safe. If you are not able to scan during installation, then do a scan later with your anti-virus software.

  • Conduct regular spyware removal scans: You can scan your computer manually, or you can set commercial anti-spyware software to scan your computer periodically for you. If your software has this ability, set it to scan at least once every two weeks. To scan for spyware manually (using Spybot as an example):

    1. Open the Spybot application and look for the navigation bar on the left side of the program.
    2. Click on Spybot-S&D to go to the main page. You will see an empty list and a toolbar at the bottom.
    3. Click the first button in this toolbar labeled Check for problems. After the scan is finished, the list will be populated with threats.
    4. Select all the threats and click the button labeled Fix selected problems.

  • Read the License Agreement and Privacy Policy thoroughly before installing an application: These documents state whether the application will install additional software on your computer in order to show advertisements. These documents will also tell you if you have to install the spyware to use the application.

  • Do not open email attachments that you are not sure of: Opening attachments is one way of getting adware and spyware onto your computer. Keep in mind that you can’t always be sure who sent you a given email, and don’t open attachments on suspicious emails.

  • Do not host any games: When you host a game server that announces your address on the Internet, you make it easy for an attacker to find your IP address. Most popular games have many public servers that are hosting games. If you have no special requirements, you should play on one of these public servers, rather than hosting a game of your own.

Settings

  • Disable or manage cookies: Cookies are little files saved on your computer when you visit a Web site that contain information about your personal preferences for the site. Companies or malicious coders can extract the information in these files and use it for marketing or other purposes. Disabling or limiting cookies does not get rid of spyware, but it does leave less personal information on your hard drive for spyware to exploit. However, you will lose the advantages that cookies provide, namely making some Web sites easier to use.

Tools

  • Spyware removal applications: Anti-virus applications generally do not rid your machine of spyware, but there are many commercial and free spyware removal tools available. Some examples are Spybot - Search & Destroy , Ad-Aware , Pest Patrol , and Microsoft Windows Defender . Make sure that you find a legitimate spyware-removal application, since some products touted as anti-spyware applications are ineffective or actually install spyware and adware on your machine. Spyware Warrior  can point you to some good applications and tell you which applications to avoid.

Connect Safely from Different Places

Office

Spyware can get loaded onto your work computer when you play games, and this could have severe consequences. We recommend you check with your systems administrator or IT department and see if your company has any rules about gaming and appropriate spyware protections before you play online games at work.

Mobile

Many Web sites offer free gaming software for mobile devices. The developers of these applications usually rely on advertisement as their source of revenue; unfortunately, one of the most common marketing tools they use is spyware. Spyware is particularly dangerous on PDAs, which are often used to store sensitive personal information.

Don’t install applications from dubious sources: Mobile devices are usually more complicated than regular personal computers. By changing important settings or installing strange applications, you are compromising both the stability and security of your PDA or cell phone.

On the road

When you host a game, you let other people connect to your computer, and some users may try to upload spyware to your computer in order to get your personal information. Remember that when you host a game server on a public computer, you are exposing a computer that is not yours to spyware. We recommend you get permission from the system administrator of the public computer or the public network you are using before hosting any game.

If you are using a public computer, you should ask the system administrator about the gaming software installed and the settings on that computer before attempting to modify its configuration.

You may not be able to install spyware removal applications when you are using a public computer; however, you should ask the system administrator about this tool and make sure it is installed if possible.

Ethical Issues

It is both unethical and illegal to include spyware in software without stating clearly in the license agreement that it is included. Therefore, you should read and understand all policies and end-user license agreements (EULAs) before doing any business at a Web site. Many policies and EULAs are purposefully ambiguous or misleading, and they can be difficult to interpret, so make sure that you read them carefully.

Some parents use spyware to eavesdrop on their children's online activities because they believe that this is a good way to protect their children from online predators and inappropriate content. Some people also use spyware to keep tabs on their spouses and other family members, but there are many who feel that using spyware on family members is not at all appropriate. They argue that such use is an invasion of people's privacy and therefore unethical.

Legal Issues

Some states, such as Utah , Washington , and California , are beginning to pass laws against spyware. Other states are expected to follow.

Privacy Issues

Spyware is a threat to your privacy because it attempts to capture your personal information. This can result in identity theft, especially if somebody gets a hold of your credit card number, social security number, or other personally identifiable information. As soon as you detect a spyware application on your machine, disconnect from the Internet and seek help in removing it.

Related case studies

Links

References

Filing a complaint

My home page