Spyware: Definition, Prevention & Removal

DEFINITION

Spyware is sub-set of malware, and can be described as software designed to keep track of various user actions and report them back to an outside source. Although spyware does have some legitimate uses, most are not, and that earns it the designation of malware. The threat can come in the form of internet cookies; small text files which identify a computer to the website owner, track progress through the site, remember user names, passwords, and preference settings, etc. Cookies are an unavoidable part of the internet, and while most are innocuous some are not.

Spyware can also be present in the form of a tracker. This can be a script that resides in your browser cache or code piggybacked to another piece of software for the purposes of recording your internet usage and habits. Trackers are typically used to gain information useful to internet advertisers. The result can be unwanted pop-up ads, increased Spam email, or even redirecting your browser to unwanted websites. Tracker authors will often glean this information and then sell it to advertisers.

There are many other forms that spyware can take, but regardless, spyware by design does not replicate itself and spread to other machines. Rather, it is a dedicated attack meant to infect only the machine on which it resides. It must also have a carrier to get in, such as a downloadable freeware program, an ActiveX control, or a music file. Just like the trojan horse, some spyware attacks utilize fake emails to entice unsuspecting users into allowing the attack.

In recent years Microsoft's Internet Explorer has been a big target for spyware authors due to its widespread use and long history of security flaws. IE's “browser helper objects” are a means by which the browser's behavior can be changed, for example, by adding a third-party tool bar. These objects are often innocent looking but harbor spyware that tracks users and slows down browser performance. Occasionally a spyware program comes in as a payload from a worm or virus.

PREVENTION

Anyone who uses the internet will be a victim of spyware to one extent or another, so prevention requires that individual users first determine their tolerance level. One can go to the extreme of never allowing cookies, ActiveX controls, or Browser Helper Objects, but this won't be a viable option for most people since it is those things which make the browsing experience what it is.

For most users, prevention lies in the practice of being careful what websites you visit, what files you download, and what programs you install. File sharing sites and multi-media outlets are both havens for spyware material. Avoiding such sites will greatly reduce your risk of spyware attack. When considering whether or not to download and install a freeware or shareware product, do an internet search to see if there have been any spyware related problems posted.

As with any form of malware, prevention also includes being cautious with IRC and instant messaging services. You should never use these services to download or transfer files. Not only does this practice open up the user to spyware attacks, it also creates open communication channels for other more severe attacks. IRC and instant messaging should be used only to chat.

REMOVAL

Spyware authors work very hard to make sure their programs work in the background with little or no interference to the user. Most do not produce symptoms that are readily seen, if at all, making them very hard to detect without the aid of software tools. Anti-virus programs provide some protection from spyware, but not very much., so finding a program that specifically targets spyware and adware is the best option. A full system scan on a regular basis will reveal all the spyware on the system, allowing the user to quarantine or remove it.

Users should clear their browser cache and cookies on a regular basis as well. Email clients such as Thunderbird, Eudora, and Outlook Express should be cleared whenever possible. Unnecessary emails should be deleted; the more emails stored on your hard drive the higher the risk of attack. When deleting emails from the client, they are only deleted from view initially. The trash must be emptied and the folders compacted before the emails are fully deleted. As always, make sure your anti-virus software is up to date and running, and think about utilizing a firewall.