What is Spyware?

Definition

Spyware is designed specifically to invade your privacy. It is defined as any malicious code designed to collect information about how you use your computer, particularly what you do on the Internet. A spyware program can collect information such as websites visited, usernames, passwords, credit card details and bank account details.

It is installed without the user's knowledge or consent and, unlike most viruses, it's effects are not always obvious. As far as the computer user is concerned the computer is operating normally. A sophisiticated spyware program can run in the background undetected for a very long time regularly sending personal information about the user to an unknown third party.

Types of Spyware

Simple spyware is often inadvertantly installed when the user thinks they are doing something else - it might be concealed inside a free program from the internet, for example. Not all free programs are bad - some are very useful, but some are malicious and could contain spyware (One we recently discovered was masquerading as a Windows Registry cleaner!).

Sometimes there is a disclaimer in the small print of the End User Licence Agreement (EULA) of the program being installed informing the user that certain information may be sent to the vendor, or elsewhere. This is a licence to print money - by agreeing to this you are, effectively, giving permission for an unknown person to look over your shoulder while you are using your computer and take notes on everything you are doing.

Unfortunately a lot of people agree to this. Most people never read license agreements when installing software - be aware of the risks and read agreements before installing any software, particularly free programs downloaded from the Internet. Ironically, there are examples of free spyware scanners which install their own spyware on your computer!

More sophisticated spyware applications are now on the scene. From the hacker's point of view, spyware works! They are doing everything they can think of to come up with more effective programs that are more difficult to detect.

It is a multi-million dollar industry - aside from the obvious profits made by criminals stealing bank details there are other applications bordering on legitimate. Less scrupulour commercial organizations will pay a lot of money for statistics on Internet browsing and shopping habits as it allows them to target their marketing campaigns more effectively. As more of them catch on to this idea there is competition within the spyware industry to write more sophisticated applications that avoid detection.

Defence against Spyware

Most antivirus, or spyware detection, programs can clean the computer of simple spyware applications - things like changing Windows security settings and masquerading as other programs. The hottest - and most alarming- toolkit being used nowadays by the spyware authors is called the kernel mode rootkit. This enables them to replace key component of the Windows Operating system with their own code. Once any kernel-level malware is installed on a computer it is extremely difficult to detect and remove. It can take control of the file system and even prevent the Antivirus program working correctly.

The best form of defence against any type of kernel infection is prevention rather than cure. This is another reason to have an antivirus program that detects threats in real-time. If the computer becomes infected with kernel level malware, only a good antivirus program is going to be able to clean it properly. The freeware anti-spyware programs are probably not going to detect it and give the computer a clean bill of health. This is a security nightmare - a serious form of malware on your computer and a "security" application telling you that everything is OK!

Conclusion

As with viruses and other malware, prevention is far better than cure when it comes to spyware. Some protection is possible by being careful not to open email attachments and trying to adopt a common-sense approach to Internet use. These methods alone cannot offer 100% protection, so it is essential to install a good antivirus program and keep it up to date with the latest definitions. One that scans incoming emails and Internet traffic in real time is preferrable.

The greatest threat from any malware occurs just after a new application is launched, so not keeping your antivirus program up to date is as bad as not having any antivirus protection at all.

Several vendors offer antivirus programs and many of them also deal with spyware, adware, trojans and other malware. Not all programs are the same. A lot depends on how much time and effort the vendors put into research and monitoring, also how rapidly they respond to new threats. See the section on Antivirus Programs for reviews, comparisons and recommendations.