c

c
cccccccccccccccccccccccccccc
c c
c
cc
ú
úc person or organization without their
knowledge.
Spyware is computer software
that is installed surreptitiously on a While the term spyware suggests

personal computer to intercept or take software that secretly monitors the

partial control over the user's interaction user's behavior, the functions of

with the computer, without the user's spyware extend well beyond simple

informed consent. monitoring. Spyware programs can

collect various types of personal
Our paper explains what spyware information, such as Internet surfing
technology is? It shows the difference habits, sites that have been visited, but
between Adware, Spyware, Viruses and can also interfere with user control of
worms. It shows the routes of infection the computer in other ways, such as
and how the system is infected due to installing additional software, and
spyware, its effects and behavior. The redirecting Web browser activity.
goal is to prevent the spyware by some Spyware is known to change computer
anti-spyware programs and the settings, resulting in slow connection
remedies to protect the Windows speeds, different home pages, and/or
Computer and security practices. loss of Internet or functionality of other
programs. To increase the
E E c understanding of spyware, a more
formal classification of its included
Spyware is any technology that
software types is captured under the
aids in gathering information about a
term privacy-invasive software.
 unning anti-spyware software 
c   Inc. defines
has become a widely recognized Spyware as "[...] a program that
element of computer security best monitors and gathers user information
practices for Microsoft Windows desktop for different purposes.´
computers. A number of jurisdictions
ú

Inc. defines Spyware as

have passed anti-spyware laws, which
"Software that transmits personal
usually target any software that is
information to a third party without the
surreptitiously installed to control a
user's knowledge or consent."
user's computer. The US Federal Trade
Commission has placed on the Internet
 c
a page of advice to consumers about
how to lower the risk of spyware
Spyware, adware and trackingc
infection, including a list of "dos" and
"don'ts." ú
c c ú
c  c 


No, but the majority are. There are also
The first recorded use of the term
products that do display advertising but
spyware occurred on October 16, 1995
do not install any tracking mechanism
in a Usenet post that poked fun at
on your system. These products are not
Microsoft's business model. As of 2006,
indexed in our database. c
spyware has become one of the
preeminent security threats to computer The term 
frequently
systems running Microsoft Windows refers to any software which displays
operating systems. Computers where advertisements, whether or not the user
Internet Explorer (IE) is the primary has consented. Programs such as the
browser are particularly vulnerable to Eudora mail client display
such attacks not only because IE is the advertisements as an alternative to
most widely-used, but because its tight shareware registration fees. These
integration with Windows allows classify as "adware" in the sense of
spyware access to crucial parts of the advertising-supported software, but not
operating system. as spyware.
 Most adware is spyware in a groups have collectively published a
different sense than "
 series of documents including definition
 
c 
," for a different of spyware, risk model, and best
reason: it displays advertisements practices document.
related to what it finds from spying on
you. Claria Corporation's Gator Software

c cc c
and Exact Advertising's Bargain Buddy
Unlike viruses and worms,
are examples. The user receives many
spyware does not usually self-replicate.
pop-up advertisements.
Like many recent viruses; however,
Adware and spyware are similar spyware²by design²exploits infected
to viruses in that they can be malicious computers for commercial gain. Typical
in nature. However, people are now tactics furthering this goal include
profiting from these threats, making delivery of unsolicited pop-up
them more and more popular. advertisements; theft of personal
information (including financial
Similarly, software bundled with information such as credit card
free, advertising-supported programs numbers); monitoring of Web-browsing
such as P2P act as spyware, yet people activity for marketing purposes; or
are willing to download it. This presents routing of HTTP requests to advertising
a dilemma for proprietors of anti- sites.
spyware products whose removal tools
may inadvertently disable wanted 
cc

programs. For example, recent test
results show that bundled software
(WhenUSave) is ignored by popular
anti-spyware program Ad-Aware, (but
removed as spyware by most scanners)
because it is part of the popular
eDonkey client. To accomplish their
goal, this group of anti-spyware
companies, academics, and consumer

Malicious websites attempt to install
spyware on readers' computers.
Spyware does not directly spread
in the manner of a computer virus or
wormc generally, an infected system
does not attempt to transmit
infection to other computers. Instead,
spyware gets on a system through
deception of the user or through
exploitation of software vulnerabilities.
Most spyware is installed without
users' knowledge. Since they tend not to
install software if they know that it will
disrupt their working environment and
compromise their privacy, spyware
deceives users, either by piggybacking
on a piece of desirable software such as
Kazaa, or by tricking them into installing
it (the Trojan Horse method). Some
"rogue" anti-spyware programs
masquerade as security software.
A way of distributing spyware
involves tricking users by manipulating
security features designed to prevent
unwanted installations. Internet Explorer
prevents websites from initiating an
unwanted download. Instead, it requires
a user action, such as clicking on a link.
However, links can prove deceptive: for
instance, a pop-up ad may appear like a
standard Windows dialog box. The box
contains a message such as "Would you
like to optimize your Internet access?"
with links which look like buttons reading
Yes and No. No matter which "button"
the
the user presses, a download starts,
placing the spyware on the user's
system.
Some spyware authors infect a
system through security holes in the
Web browser or in other software. When
the user navigates to a Web page
controlled by the spyware author, the
page contains code which attacks the
browser and forces the download and
installation of spyware.
The installation of spyware
frequently involves Internet Explorer. Its
popularity and history of security issues
have made it the most frequent target.
Its deep integration with the Windows
environment and script ability make it an
obvious point of attack into Windows.
In a few cases, a worm or virus
has delivered a spyware payload. Some
attackers used the Spybot worm to
install spyware that put pornographic
pop-ups on the infected system's ather, a computer is likely to
screen. By directing traffic to ads set up have multiple infections. The cumulative
to channel funds to the spyware effect, and the interactions between
authors, they profit personally. spyware components, causes the
symptoms commonly reported by usersc
¡
cc!
" c a computer, which slows to a crawl,
overwhelmed by the many parasitic
A spyware program is rarely
processes running on it. Moreover,
alone on a computer: an affected
some types of spyware disable software
machine usually has multiple infections.
firewalls and anti-virus software, and/or
Users frequently notice unwanted
reduce browser security settings, thus
behavior and degradation of system
opening the system to further
performance. A spyware infestation can
opportunistic infections, much like an
create significant unwanted CPU
immune deficiency disease. Some
activity, disk usage, and network traffic.
spywares disable or even remove
Stability issues, such as applications
competing spyware programs, on the
freezing, failures to boot, and system-
grounds that more spyware-related
wide crashes, are also common.
annoyances make it even more likely

In some infections, the spyware that users will take action to remove the

is not even evident. Users assume in programs.

those situations that the issues relate to

¡ 
cc
c
hardware, Windows installation
problems, or a virus. Some owners of
› E

c #
, also known
badly infected systems resort to
as DyFuCa, redirects Internet
contacting technical support experts, or
Explorer error pages to
even buying a new computer because
advertising. When users follow a
the existing system "has become too
broken link or enter an erroneous
slow". Badly infected systems may
UL, they see a page of
require a clean reinstallation of all their
advertisements.
software in order to return to full
› M (formerly180 solutions)
functionality.
transmits detailed information to
 advertisers about the Web sites As the spyware threat has
which users visit. It also alters worsened, a number of techniques have
HTTP requests for affiliate emerged to counteract it. These include
advertisements linked from a programs designed to remove or to
Web site, so that the block spyware, as well as various user
advertisements make unearned practices which reduce the chance of
profit for the 180 Solutions getting spyware on a system.
Company. It opens pop-up ads
Nonetheless, spyware remains a
that cover over the Web sites of
costly problem. When a large number of
competing companies.
pieces of spyware have infected a
› ¬  : aka WinTools or Windows computer, the only remedy
Adware, Websearch, was may involve backing up user data, and
installed by an ActiveX drive-by fully reinstalling the operating system.
download at affiliate Web sites, or For instance, some versions of Vundo
by advertisements displayed by cannot be completely removed by
other spyware programs²an Symantec, Microsoft, PC Tools, and
example of how spyware can others because it infects Windows'
install more spyware. lsass.exe (Local Security Authority
Subsystem Service) with a randomly-file
› 
: also known as
named dll (dynamic link library).
Moviepass.tv and Popcorn.net, is
a movie download service that ú
c  c
has been the subject of
thousands of complaints to the
Federal Trade Commission
(FTC), the Washington State
Attorney General¶s Office, the
Better Business Bureau, and
other agencies.




cc

c
 of Zone Alarm firewall have also
Lavasoft's Ad-Aware 2008 released an anti-spyware program.

Many programmers and some

commercial firms have released
products dedicated to remove or block
spyware. More recently Microsoft
acquired the GIANT Anti-Spyware
software, rebranding it as Windows Anti-
Spyware beta and releasing it as a free
download for Genuine Windows XP and
Windows 2003 users. In 2006, Microsoft
renamed the beta software to Windows
Defender (free), and it was released as
a free download in October 2006 and is Microsoft Anti-Spyware, in real-time
included as standard with Windows protection blocks an instance of the
Vista. Major anti-virus firms such as AlwaysUpdateNews from being
Symantec, McAfee and Sophos have installed.
come later to the table, adding anti-
Anti-spyware programs can combat
spyware features to their existing anti-
spyware in two ways:
virus products. Symantec Anti-Virus, for
instance, categorizes spyware programs › 1. They can provide real time
as "extended threats" and now offers protection against the installation
real-time protection from them (as it of spyware software on your
does for viruses). computer. This type of spyware
protection works the same way
ecently, the anti-virus company
as that of anti-virus protection in
Grisoft, creator of AVG Anti-Virus,
that the anti-spyware software
acquired anti-spyware firm Ewido
scans all incoming network data
Networks, re-labeling their Ewido anti-
for spyware software and blocks
spyware program as AVG Anti-Spyware
any threats it comes across.
Professional Edition. Zone Labs, creator
 › 2. Anti-spyware software the activity of components known to
programs can be used solely for represent spyware.
detection and removal of spyware
Like most anti-virus software, many
software that has already been
anti-spyware/adware tools require a
installed onto your computer.
frequently-updated database of threats.
With this spyware protection
As new spyware programs are released,
software you can schedule
anti-spyware developers discover and
weekly, daily, or monthly scans of
evaluate them, making "Š
Š" or
your computer to detect and
"  
Š" which allow the software to
remove any spyware software
detect and remove the spyware. As a
that has been installed on your
result, anti-spyware software is of
computer. This type of anti-
limited usefulness without a regular
spyware software scans the
source of updates. Some vendors
contents of the windows registry,
provide a subscription-based update
operating system files, and
service, while others provide updates
installed programs on your
free. Updates may be installed
computer and will provide a list of
automatically on a schedule or before
any threats found, allowing you to
doing a scan, or may be done manually.
choose what you want to delete
and what you want to keep.
If a spyware program is not blocked
and manages to get itself installed, it
Such programs inspect the contents
may resist attempts to terminate or
of the Windows registry, the operating
uninstall it. Some programs work in
system files, and installed programs,
pairs when an anti-spyware scanner (or
and remove files and entries which
the user) terminates one running
match a list of known spyware
process, the other one respawns the
components. eal-time protection from
killed program. Killing the process tree
spyware works identically to real-time
may also work.
anti-virus protection: the software scans
disk files at download time, and blocks
Newer spyware programs also have
specific countermeasures against well
known anti-malware products and may approach to blocking spyware they use
prevent them from running or being their network firewalls and web proxies
installed, or even uninstall them. to block access to Web sites known to
install spyware.


 c 
c
Some users install a large hosts
¬c c Ec  
c c 
c file which prevents the user's computer
cc
c from connecting to known spyware-
Programs are available to remove or related web addresses. However, by
block spyware. Some anti-virus connecting to the numeric IP address,
programs also protect against spyware. rather than the domain name, spyware
Some of the most well-known programs may bypass this sort of protection.
are
Be sure to stay away from fake Spyware may get installed via

anti-spyware programs. These are certain shareware programs offered for

sometimes displayed in banner ads download. ecently, CNet revamped its

warning that your computer has been download directoryc it has stated that it

infected by spyware. These programs will only keep files that pass inspection

will not remove spyware and may by Ad-Aware and Spyware Doctor.

actually install spyware onto your

 $
E c
computer.

The first step to removing

Many system operators install a
spyware is to put a computer on
web browser other than IE, such as
"

". This can be done in various
Opera or Mozilla Firefox. Though no
ways, such as using anti-virus software
browser is completely safe, Internet
or simply disconnecting the computer
Explorer is at a greater risk for spyware
from the internet. The second step to
infections due to its large user base as
removing the spyware is to locate it and
well as vulnerabilities such as ActiveX.
remove it, manually or through use of
Some ISPs²particularly colleges credible anti-spyware software. During
and universities²have taken a different
and after lockdown, potentially
threatening websites should be avoided.





c

1. [http://www.onguardonline.gov/to
pics/spyware.aspx Spyware:
Quick Facts]
2. Vossen, oland (attributed);
October 21, 1995; Win 95 Source
code in c!! posted to
rec.games.programmer; retrieved
from groups.google.com.