What are Spyware and Adware?
Spyware, adware and their variations are programs or applets that get installed on your computer by a download from the Internet. (You could also get them on a disk from somebody but that is less common.). There are basically three scenarios where problems arise:
- You knowingly download and install something but do not understand all the functions of the program.
- You download and install one thing but other things are installed along with it that you do not know about.
- Something is downloaded and installed without your knowledge.
There are many software downloads available on the Internet that call themselves freeware. Quite a few of these are, in fact, free and come without strings. In the end, however, the cost of any software has to paid for by somebody, somehow. One way to support the cost of software is through advertising that is downloaded and displayed on the user’s computer along with the software. Many useful and reputable programs are now distributed this way. Often they come both in a version that is “free” (but with ads) and in a version that has no ads but has to be paid for. As long as the user is told up-front about the ads and about any tracking that might be going on, this form of adware has a perfectly legitimate role. For example, I occasionally use an adware version of something I do not use very often and that I wouldn’t pay for it but I am willing to have small ads running when I do use it. In fact, on some adware, the ads are quite unobtrusive.
Note that I said that I was willing for ads to run while I was using the program. Less scrupulous software distributors may have pop-up windows showing ads whether you are using their program or not. Even worse offenders graduate to “spyware” and contain a component running all the time in the background to track your viewing habits on the Internet (and possibly other things). Your preferences are relayed to advertisers so that ads may be targeted specifically to what is perceived to be your interests. For example, if you visit a lot of sports sites on the Web, you may find ads for athletic equipment showing up on your computer.
Legitimate programs are straightforward in alerting you that advertising banners or pages will be downloaded to your computer and shown to you whenever you try to use that program. Others are less up front and bury the notice about ads and other actions in the EULA (End User License Agreement). Having seen this type of turgid legalese innumerable times when using Microsoft applications, most of us just click the “I agree” button without reading the stuff. If you do read the EULA thoroughly, you may find that you have signed away all your rights to privacy. How legally binding this really is, I am not competent to say, but personally I find the implications disconcerting. Still other software packages do not even bother with hiding details in the legalese but simply carry out surreptitious actions on your system without notifying you beforehand.
Drive-by Downloads or Foistware
Not content to entice you into using their spyware by providing some useful function, some firms download stuff to your computer whether you want it or not. Many Web sites have ads that contain download links. If you accidentally click on the ad, you may initiate a download. Some of these ads contain messages that your system “may” be infected with a virus or otherwise impaired in order to lure you into clicking on something. Depending on your browser security settings, you may then receive some unwanted software automatically or get the standard Windows pop-up message asking, “Do you accept this download?” If you click “Yes,” spyware is installed. Note that the presence of a security certificate is no guarantee that something is not spyware. An example of a download window for a well-known problem program is shown in the figure below.
Sometimes, just viewing a page is sufficient. Many of these downloads take advantage of ActiveX controls in Internet Explorer (IE). The settings for Internet security zones in IE can be configured to prevent this. Other browsers generally are not susceptible to ActiveX downloads but can be attacked with Javascript or certain other types of code.
Other Problems
One issue is to how much of your privacy is invaded by the ad tracking. To some degree, it is the nature of an individual’s personal psychology that decides what is private. Some people are unconcerned while others react violently to the notion of being tracked. Privacy is a large subject and beyond the scope of this article but several references are given in the sidebar.
However you may feel about the privacy issues, the practical matter is that spyware uses your computer resources and bandwidth and often causes sluggish behavior or even crashes. Some spyware like the once popular file-sharing program Kazaa may even use your idle CPU time for whatever computational purposes they see fit. Many PC users have suffered significant degradation or worse for their system from the presence of spyware.
The most severe cases where the spyware is actually malicious and either causes deliberate damage to your system or uses your system for some nefarious purpose is usually considered a Trojan horse and is considered on the previous page.
Defenses
Because of the proliferation of spyware, many programs are now available for detecting spyware and cleaning it out. Anti-virus programs do not detect most spyware because the programs do not have the characteristics of a virus. Thus a separate application is needed that specifically targets spyware. Commercial security suites contain anti-spyware as well as anti-virus applications. See this site for some recommended free anti-spyware programs. Unlike anti-virus programs, where installing more than one program is not recommended, it is a good idea to clean your system with consecutive application of two or more spyware removers.
Firewalls that monitor programs on your system that attempt to connect to the Internet will give you warning of the presence of spyware. The Windows firewalls are not generally configured to monitor outgoing traffic so you may wish to consider one from this feeware list . If another firewall is installed, turn off the Windows version.
It’s a good idea to check what programs run automatically at startup. There are a number of ways including the Windows utility MSConfig. The excellent utility WinPatrol is another very useful application. Unwanted programs can be detected and disabled. Any spyware can then be removed.
Avoiding spyware in the first place is the best defense. Use common sense in installing software. Check out any potential download with the spyware databases given in the references in the sidebar. Exercise caution when visiting strange Web sites.
Some references recommend disabling ActiveX and JavaScript entirely. While this will prevent many unwanted controls from installing, it will also break useful applications. A less drastic procedure is outlined on another page. Using the Firefox browser with the NoScript add-on is another recommendation for those who wish to avoid scripting problems.