Unmasking Spyware
##AUTHORSPLIT##<--->
It used to be that internet threats were aimed at disabling their targets. The most common payload of yesterday's viruses, worms and other malicious code either caused system instability or, perhaps, deleted certain files. In many cases, these threats announced their arrival by flashing messages on the computer screen or causing some other disturbance that was impossible for a user to ignore.
In contrast, today's Internet threats often arrive so quietly that they're undetectable. This is because they rely on "stealth" to accomplish their programmed task. Increasingly, the top priority of these threats is to expose and extract confidential information stored on or transmitted by the target computer. For these threats, silence truly is golden because it allows the malicious code more time to identify and extract additional sensitive information, including passwords, decryption keys and keystrokes.
According to the most recent "Symantec Internet Security Threat Report" (visit http://enterprisesecurity.symantec.com/content.cfm?articleid= 1539), there was a dramatic increase in such malicious code reported during the last half of 2003. The code entered personal and business systems through a variety of vehicles, including spyware.
Beware Spyware
Spyware is code that gathers information from a targeted computer and relays it to another party. Many spyware programs track users' Web surfing activities to deliver online advertisements that more closely match their interests. However, other spyware programs can hijack browser settings, monitor all keystrokes, scan files on a hard drive, look at other applications, and install their own programs. Spyware is often unknowingly downloaded from Web sites, typically through freeware such as utilities, games, media players or accounting software. Many of today's most popular peer-to-peer programs are also frequent sources of spyware.
One of the most serious aspects of spyware is its covert nature. When users download a free utility, for example, the end-user license agreement for that program rarely explicitly discloses that spyware will automatically download along with the free utility. In other cases, a license agreement for a utility might refer to spyware in such vague language that it is impossible for the user to understand. To further obfuscate the issue, users rarely read through end-user license agreements; instead, they simply click their consent to its terms. By doing so, users unwittingly give permission for the spyware to download and go to work.
Worse yet, once installed, spyware is very difficult to detect and eliminate without special spyware removal software. In fact, because spyware often g'es undetected, many computers are likely infested with several of these covert programs. In addition to introducing privacy concerns, these programs also consume computing capacity and bandwidth, and can lead to general system instability as they regularly transmit their gathered data back over the Internet to their creators. And removing this malicious code is yet another challenge. Often, when spyware is installed with a utility or game, the user must uninstall the entire utility or game in order to remove the spyware; even then, some stubborn spyware programs may remain intact.
Prevention and Control
While spyware is an increasingly serious threat to the confidentiality of business and personal information, users can minimize their risk of falling victim to this clandestine code by leveraging security technology together with best practices for more protected computing. To help prevent the unwanted downloading of spyware, or to control spyware that is already on a computer, the following steps are recommended:
- Update personal or business information security policies to allow only trusted software to download over the Internet. Before performing any online software installs, investigate the software by visiting the vendor's Web site and reading product reviews by known, reputable test sources. Many of today's most highly regarded technology publications also provide regular product comparisons and reviews conducted by known experts.
- Use anti-virus software with expanded threat detection capabilities. A growing number of leading anti-virus vendors provide technology that identifies spyware, adware, keystroke loggers and other malicious code.
- Read end-user license agreements carefully before agreeing to their terms. In addition, be aware that the agreements for some freeware and shareware programs may contain such unclear language that it is virtually impossible to discern whether the programs in question include some sort of spyware or adware.
- Keep track of and remove unwanted ActiveX controls (Microsoft's answer to Java applets) and cookies that have been installed on a PC. Some spyware and adware vendors use ActiveX controls to enable their software to be installed from partner Web sites. Spyware and adware programs also frequently use cookies to track users' Web surfing habits, capture user information and more. Deleting ActiveX controls and cookies will not uninstall a spyware program, but it will likely hamper the effectiveness of the malicious code.
Security Terms to Know
Spyware — Stand-alone programs that can secretly monitor system activity. These may detect passwords or other confidential information and transmit them to another computer.
Adware — Programs that secretly gather personal information through the Internet and relay it back to another computer, generally for advertising purposes. This is often accomplished by tracking information related to Internet browser usage or habits.
For more information on spyware, adware and other security threats, visit Symantec online at www.symantec.com.
This article originally appeared in the 08/01/2004 issue of THE Journal.