Spyware is software that seeks to collect information about a person or organization without their knowledge, who may transmit such information to another entity without the consumer's consent, or assert control over the device without the consumer's knowledge.
"Spyware" is largely classified into four types: adware, system monitor, tracking cookies, and trojans; Other popular types of examples include digital rights management capabilities that are "home phones", keyloggers, rootkits, and web beacons.
Spyware is mostly used for the purpose of tracking and storing the movement of Internet users on the Web and serving pop-up ads to Internet users. Whenever spyware is used for malicious purposes, its presence is usually hidden from the user and can be difficult to detect. Some spyware, such as keyloggers, can be installed by a shared computer, company, or public owner intentionally to monitor users.
While the term spyware suggests software that monitors user computing, the function of spyware can go beyond simple monitoring. Spyware can collect virtually any type of data, including personal information such as internet surfing habits, user logins, and bank or credit account information. Spyware can also interfere with computer user control by installing additional software or directing a web browser. Some spyware can alter computer settings, which can result in slow Internet connection speeds, unauthorized changes in browser settings, or changes to software settings.
Sometimes, spyware is included alongside genuine software, and may come from a malicious website or may have been added to the deliberate functionality of the original software (see the paragraph about Facebook, below). In response to the emergence of spyware, small industries have sprung up dealing with anti-spyware software. Running anti-spyware software has become a widely recognized element of computer security practices, especially for computers running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which typically target any software that is secretly installed to control the user's computer.
In German-speaking countries, spyware used or created by governments is called govware by computer experts (in common language: Regierungstrojaner , literally "Government Trojan"). Govware is usually a Trojan horse software used to intercept communications from a target computer. Some countries, such as Switzerland and Germany, have a legal framework governing the use of such software. In the US, the term "policeware" has been used for similar purposes.
The use of the term "spyware" ultimately declines because user tracking practices have been pushed further into the mainstream by major websites and data mining companies; this generally does not violate known laws and forces users to be tracked, not by fraudulent practices per se , but by default settings created for users and language of service-terms agreement. In a documented example, on CBS/CNet News reported, on March 7, 2011, in a Wall Street Journal analysis revealing the practice of Facebook and other websites to track user search activity, related to their identities. , far beyond the visits and user activities within the Facebook site itself. The report states: "Here's how it works.You go to Facebook, log in, you spend time there, then... You continue without logging out. The buttons, without you clicking on them, have just reported back to Facebook and Twitter that you went there as well as your identity in the account.Set you move to something like a depression site, one also has a tweet button, a Google widget, and that too, can report back who you are and that you went there. "WSJ analysis was investigated by Brian Kennish, founder of Disconnect, Inc.
Video Spyware
Route of infection
Spyware does not always spread in the same way as a virus or worm because infected systems generally do not attempt to transmit or copy software to other computers. Instead, spyware installs itself on the system by tricking users or by exploiting software vulnerabilities.
Most spyware is installed without knowledge, or by using deceptive tactics. Spyware can try to deceive users by combining itself with the desired software. Another common tactic is using a Trojan horse, a spy device that looks like a normal device but turns out to be something else, like a USB keylogger. This device is actually connected to the device as a memory unit but is capable of recording any scratches made on the keyboard. Some spyware authors infect a system through security holes in Web browsers or in other software. When a user navigates to a Web page controlled by a spyware author, the page contains code that attacks the browser and forces the download and installation of spyware.
Spyware installations often involve Internet Explorer. The popularity and history of security issues has made it a frequent target. Deep integration with the Windows environment makes it vulnerable to attacks on the Windows operating system. Internet Explorer also serves as an attachment point for spyware in the form of Browser Helper Objects, which changes browser behavior.
Maps Spyware
Effects and behaviors
Spyware programs rarely operate alone on computers; the affected machine usually has many infections. Users often see undesirable behavior and system performance degradation. Spyware infections can create unwanted CPU activity, disk usage, and significant network traffic. Stability issues, such as application freezing, boot failure, and system-wide crashes are also common. Spyware, which interferes with network software usually causes difficulty connecting to the Internet.
In some infections, spyware is not even proven. Users assume in that situation that performance issues are related to incorrect hardware, Windows installation problems, or other malware infections. Some owners of poorly infected systems are forced to contact a technical support specialist, or even buy a new computer because the existing system "has become too slow". Poorly infected systems may require a clean reinstallation of all their software to return to full functionality.
In addition, some types of spyware disable the firewall software and antivirus software, and/or reduce the security settings of the browser, which opens the system for further opportunistic infections. Some spyware disables or even removes competing spyware programs, arguing that more spyware-related disorders increase the likelihood that users will take action to remove the program.
Keylogger is sometimes part of a malware package that is downloaded to a computer without the owner's knowledge. Some keylogger software is available for free on the internet, while others are commercial or personal applications. Most keyloggers not only allow keyboard keystrokes, but are also often able to take screenshots from a computer.
Windows users generally have administrative rights, especially for convenience. Therefore, any user-initiated program has unrestricted access to the system. As with any other operating system, Windows users can follow the most unusual principles and use non-administrator accounts. Alternatively, they can reduce the privilege of vulnerable vulnerable Internet processes, such as Internet Explorer.
Because Windows Vista, by default, is a computer administrator running everything under limited user rights, when a program requires administrative privileges, a User Account Control Pop-up will prompt the user to allow or deny the action. This improves the design used by earlier versions of Windows.
Remedies and prevention
When the threat of spyware deteriorates, a number of techniques appear to nullify it. This includes programs designed to remove or block spyware, as well as various user practices that reduce the chances of getting spyware on the system.
Nonetheless, spyware remains an expensive issue. When a large number of spyware has infected a Windows computer, the only solution can include backing up user data, and completely reinstalling the operating system. For example, some spyware can not be completely removed by Symantec, Microsoft, PC Tools.
Anti-spyware program
Many programmers and some commercial companies have released products dedicated to removing or blocking spyware. Programs like PC Tools' Spyware Doctor, Lavasoft Ad-Aware SE and Patrick Kolla Spybot - Search & amp; Destroy quickly gained popularity as a tool to remove, and in some cases intercept, spyware programs. On December 16, 2004, Microsoft acquired GIANT AntiSpyware software, renamed it to Windows AntiSpyware beta ââi> and released it as a free download for Genuine Windows XP and Windows users 2003. (In 2006 it renamed Windows Defender).
Big anti-virus companies like Symantec, PC Tools, McAfee and Sophos also added anti-spyware features to existing anti-virus products. Initially, anti-virus companies expressed unwillingness to add anti-spyware functionality, citing lawsuits filed by spyware makers against website authors and programs that describe their products as "spyware". However, recent versions of major home and business anti-virus product companies do include anti-spyware functionality, although treated differently from viruses. Symantec Anti-Virus, for example, categorizes spyware programs as "additional threats" and now offers real-time protection against these threats.
How anti-spyware software works
An anti-spyware program can combat spyware in two ways:
- They can provide real-time protection in a way similar to anti-virus protection: they scan all incoming network data for spyware and block any detected threats.
- An anti-spyware software program can only be used to detect and remove spyware software that has been installed to the computer. This kind of anti-spyware can often be set to scan on a regular schedule.
Such programs check the contents of Windows registry, operating system files, and installed programs, and delete files and entries that match the known spyware list. Real-time protection from spyware works identically with real-time anti-virus protection: the software scans disk files at download time, and blocks the activity of known components representing spyware. In some cases, this can also intercept attempts to install start-up items or modify browser settings. Earlier versions of anti-spyware programs focused mainly on detection and deletion. SpywareBlaster from Javacool Software, one of the first to offer real-time protection, blocking the installation of ActiveX-based spyware.
Like most anti-virus software, many anti-spyware/adware devices require a frequently updated database of threats. When a new spyware program is released, the anti-spyware developer finds and evaluates it, adding to the list of known spyware, which allows the software to detect and remove new spyware. As a result, anti-spyware software has limited usefulness without regular updates. Updates can be installed automatically or manually.
The popular generic spyware removal tool used by those in need of a particular skill is HijackThis, which scans certain areas of the Windows OS where spyware is often located and displays lists with items that will be removed manually. Since most items are legitimate windows files/registry entries it is advisable for those less knowledgeable about this to post HijackThis logs on various antispyware sites and let the experts decide what to delete.
If the spyware program is not blocked and successfully installed itself, it may deny attempts to terminate or delete it. Some programs work in pairs: when an anti-spyware scanner (or user) stops one running process, the other will stop the program being killed. Likewise, some spyware will detect an attempt to remove the registry key and immediately add it again. Typically, booting an infected computer in safe mode allows an anti-spyware program to have a better chance of removing persistent spyware. Killing the process tree can also work.
Security practices
To detect spyware, computer users have found some useful practices besides installing an anti-spyware program. Many users install a web browser other than Internet Explorer, such as Mozilla Firefox or Google Chrome. While no browser is completely secure, Internet Explorer has had a greater risk for spyware infections due to its large user base and vulnerabilities such as ActiveX but these three major browsers are now almost equivalent in terms of security.
Some ISPs - especially colleges and universities - have taken a different approach to blocking spyware: they use network firewalls and web proxies to block access to websites that are known to install spyware. On March 31, 2005, the Cornell University Information Technology department released a report detailing the behavior of a particular section of proxy-based spyware, Marketscore , and the steps the university took to intercept it. Many other educational institutions have taken similar steps.
Individual users can also install firewalls from various companies. It monitors the flow of information to and from computer networks and provides protection against spyware and malware. Some users install large host files that prevent users' computers from connecting to web addresses associated with known spyware. Spyware can be installed through certain shareware programs offered for download. Downloading programs only from trusted sources can provide protection from this source of attack.
Apps
"Stealware" and affiliate scams
Some spyware vendors, especially 180 Solutions, have written what the New York Times has dubbed "stealware", and what spyware researcher Ben Edelman
Spyware that attacks affiliate networks puts spyware operator affiliate tags on user activity - replacing other tags, if any. Spyware operators are the only ones who benefit from this. Users have their options foiled, legitimate affiliates lose revenue, reputation of injured networks, and disadvantaged vendors by having to pay affiliate revenue to "affiliates" who are not parties to the contract. Affiliate fraud is a violation of the terms of service of most affiliate marketing networks. As a result, spyware operators such as 180 Solutions have been discontinued from affiliate networks including LinkShare and ShareSale. Mobile devices can also be vulnerable to additional devices, which manipulate users into unauthorized mobile charges.
Theft and identity fraud
In one case, spyware is closely related to identity theft. In August 2005, researchers from Sunbelt Software security software company suspect that the creators of the popular CoolWebSearch spyware have used it to send "chat sessions, usernames, passwords, bank information, etc"; But apparently "it is actually a sophisticated, criminal small trojan that is independent of CWS." The case is currently under investigation by the FBI.
The Federal Trade Commission estimates that 27.3 million Americans have been the victims of identity theft, and that financial losses due to identity theft reach nearly $ 48 billion for businesses and financial institutions and at least $ 5 billion out-of-pocket outlays for individuals.
Digital rights management
Some copy-protection technologies have been borrowed from spyware. In 2005, Sony BMG Music Entertainment was found using rootkits in its XCP digital rights management technology Like spyware, it is not only difficult to detect and uninstall, it is also so poorly written that most attempts to remove it can make the computer unable to function. Texas Attorney General Greg Abbott filed a lawsuit, and three separate class-action lawsuits were filed. Sony BMG then provides a solution on its website to help users remove it.
Beginning April 25, 2006, Microsoft's Windows Genuine Advantage Notifications application is installed on most Windows PCs as "critical security updates". While the main purpose of this uninstalled app is to make sure a copy of Windows on the machine is purchased and installed legally, it also installs software that has been accused of "calling home" every day, such as spyware. This can be removed with the RemoveWGA tool.
Personal relationships
Spyware has been used to monitor partner electronic activity in intimate relationships. At least one software package, Loverspy, is specifically marketed for this purpose. Depending on local laws regarding communal property/marriage, observing partner online activities without their consent may be illegal; the author of Loverspy and some users of the product was indicted in California in 2005 over allegations of interception and various computer crimes.
Anti-spyware programs often report HTTP advertiser Web cookies, small text files that track browsing activity, as spyware. While not always harmful, many users object to third parties using space on their personal computers for their business purposes, and many anti-spyware programs offer to remove them.
Example
The first recorded usage of the term spyware occurred on October 16, 1995 in Usenet's post which ridiculed Microsoft's business model. Spyware was originally denoted software meant for espionage purposes. However, in early 2000 Zone Labs founder, Gregor Freund, used this term in a press release for ZoneAlarm Personal Firewall. Then in 2000, parents using ZoneAlarm were notified of the fact that "Rabbit Reader," educational software marketed to children by Mattel toy companies, secretly sent data back to Mattel. Since then, "spyware" has taken that sense now.
According to a 2005 study by AOL and the National Mayan Security Alliance, 61 percent of surveyed user computers were infected with a form of spyware. 92 percent of users surveyed with spyware reported that they did not know where it was, and 91 percent reported that they did not give permission for spyware installation. In 2006, spyware has become one of the leading security threats for computer systems running Microsoft Windows operating systems. Computers where Internet Explorer (IE) is the primary browser is particularly vulnerable to such attacks, not only because IE is the most widely used, but because of tight integration with Windows allows spyware access to important parts of the operating system.
Before Internet Explorer 6 SP2 was released as part of Windows XP Service Pack 2, the browser will automatically display the installation window for each ActiveX component that the website wants to install. The combination of users' ignorance about these changes, and the assumption by Internet Explorer that all benign ActiveX components, helps spyware spreading significantly. Many spyware components will also utilize exploits in JavaScript, Internet Explorer and Windows to install without the user's knowledge or permission.
The Windows registry contains several sections where modifying key values ââallows the software to be executed automatically when the operating system boots. Spyware can utilize this design to avoid removal attempts. Spyware will usually connect itself from any location in the registry that allows execution. Once executed, spyware will periodically check if these links are deleted. If so, they will be automatically restored. This ensures that spyware will run when the operating system is booted, even if some (or most) of the registry links are removed.
Program is distributed with spyware
- Kazaa
- Morpheus
- WeatherBug
- WildTangent
Programs previously distributed with spyware
- AOL Instant Messenger (AOL Instant Messenger is still packing Viewpoint Media Player, and WildTangent)
- DivX
- FlashGet
- magic
Rogue anti-spyware program
Malicious programmers have released a large number of fake (fake) anti-spyware programs, and widespread Webbanner ads can warn users that their computers have been infected with spyware, directing them to buy programs that do not actually remove spyware - or else, may add more many of their own spyware.
The latest proliferation of fake or fake antivirus products that charge themselves as antispyware can be inconvenient. Users can receive popups that ask them to install it to protect their computer, but it will actually add spyware. This software is called malware. It is recommended that users not install freeware that claims to be anti-spyware unless it is proven to be legitimate. Some known offenders include:
A fake antivirus product is 15 percent of all malware.
On January 26, 2006, Microsoft and the state prosecutors filed a lawsuit against Secure Computer for its Spyware Cleanup product.
Legal issues
Criminal Law
Unauthorized access to computers is illegal under computer crime laws, such as the U.S. Computer Abuse and Abuse Act. US, UK Computer Abuse Act, and similar laws in other countries. Because spyware-infected computer owners generally claim that they never authorized the installation, the prima facie readings will suggest that spyware deployment will be counted as a criminal offense. Law enforcement often pursues other malware writers, especially viruses. However, some spyware developers have been prosecuted, and many operate openly as very legitimate businesses, although some have faced lawsuits.
Spyware manufacturers argue that, contrary to user claims, the user actually gives permission for installation. Spyware bundled with shareware applications can be described in the legal text of the end user license agreement (EULA). Many users typically ignore these recognized contracts, but spyware companies like Claria say this indicates that the user has agreed.
Despite the EULA deal everywhere, where one click can be taken as approval for the entire text, relatively few caselaws have resulted from its use. It has been established in the most common legal jurisdiction that this type of agreement can be a binding contract under certain circumstances. However this does not mean that each agreement is a contract, or that any inner terms that can be enforced.
Some jurisdictions, including the US states in Iowa and Washington, have passed laws that criminalize some form of spyware. The law makes it illegal for anyone other than the owner or computer operator to install software that changes Web browser settings, monitors keystrokes, or disables computer security software.
In the United States, MPs introduced a bill in 2005 entitled the Internet Spyware Prevention Act, which would imprison spyware makers.
Administrative sanctions
US FTC action
The US Federal Trade Commission has sued the Internet marketing organization under the "doctrine of injustice" to make them stop infecting consumer PCs with spyware. In one case, that against Seismic Entertainment Productions, the FTC accused the defendant of developing a program that controls PCs across the country, infecting them with spyware and other malicious software, bombarding them with a barrage of pop-up ads for Seismic clients, exposed PCs to security risks, and cause them to fail to function. Seismic then offers to sell victims of the "antispyware" program to fix computers, and stop popups and other problems caused by Seismic. On November 21, 2006, the settlement was filed in federal court where a $ 1.75 million valuation was charged in one case and $ 1.86 million in the other, but the defendant went bankrupt
In the second case, filed against CyberSpy Software LLC, the FTC alleges that CyberSpy is marketing and selling RemoteSpy "keylogger" spyware to clients who would then secretly monitor unsuspecting consumer computers. According to the FTC, CyberSpy is touted as a "100% undetected" way of "Spy on Anyone. The FTC has obtained a temporary order prohibiting defendants from selling software and disconnecting from the Internet from their servers collecting, storing, or providing access to information that has been collected by this software. This case is still in its early stages. The complaint filed by the Electronic Privacy Information Center (EPIC) brings RemoteSpy software to the attention of the FTC.
Dutch OPTA
The administrative fine, the first of its kind in Europe, has been issued by the Postal Authority and Independent Telecommunication (OPTA) of the Netherlands. The fine was applied in the total amount of Euro 1,000,000 as it infected 22 million computers. Spyware is called DollarRevenue. Legal articles that have been violated are art. 4.1 Decisions concerning universal service providers and for the benefit of end users; Fines have been issued on the basis of art. 15.4 is taken together with art. 15.10 Dutch telecommunications law.
Civil Code â ⬠<â â¬
Former New York Attorney General and former New York Governor Eliot Spitzer has pursued a spyware company to install counterfeit software. In a lawsuit filed in 2005 by Spitzer, the California company Intermix Media, Inc. finally settled, agreeing to pay US $ 7.5 million and stop spyware from spreading.
Web ad hijacking also causes litigation. In June 2002, a number of major Web publishers sued Claria for replacing ads, but were settled out of court.
The court has not yet decided whether advertisers may be held accountable for spyware showing their ads. In many cases, companies whose ads appear in spyware pop-ups do not directly do business with spyware firms. Instead, they have been contracted with an advertising agency, which in turn contracts with online subcontractors who are paid based on the number of "impressions" or ad appearances. Some big companies like Dell Computer and Mercedes-Benz have fired advertising agencies that have run their ads on spyware.
Libel lawsuit by spyware developer
Litigation has been done in two ways. Since "spyware" has become a common denigration, some makers have filed defamation and pollution measures when their products have been described. In 2003, Gator (now known as Claria) filed a lawsuit against the PC Pitstop website to describe his program as "spyware". PC Pitstop solved, agreed not to use the word "spyware", but continued to describe the dangers caused by Gator/Claria software. As a result, other anti-spyware and anti-virus companies also use other terms such as "possibly unwanted programs" or greyware to show these products.
WebcamGate
In the case of WebcamGate 2010, plaintiffs alleged that two suburban schools in Washington were secretly spying on students quietly and remotely activating a webcam embedded in a laptop issued by the school used by students at home, and therefore violate their privacy rights. The school loads each student's computer with LANrev remote activation tracking software. These include "TheftTrack" which is now discontinued. While TheftTrack is not enabled by default in the software, it allows the school district to choose to enable it, and to select which TheftTrack monitoring option the school wants to enable.
TheftTrack allows school district employees to secretly activate a webcam embedded in the student's laptop, above the laptop screen. It allows school officials to secretly take photos via webcam, whatever is in front of it and in line of sight, and send photos to school servers. The LANrev software disables the webcam for all other uses ( for example. , students can not use Photo Booth or video chat), so most students mistakenly think that their webcam is not working at all. In addition to web camera surveillance, TheftTrack allows school officials to take screenshots, and send them to school servers. In addition, LANrev allows school officials to take snapshots of instant messages, web searches, music playlists, and written compositions. The schools claim to secretly capture more than 66,000 photos and screenshots, including photos of the students' webcam in their bedroom.
In popular culture
- Spyware used in cars, computers and mobile phones plays a major role in "Shut Up and Dance", series 3, episode 3 of the anthropologic TV series Black Mirror .
See also
- Cyber âââ ⬠<â â¬
- Employee monitoring software
- Industrial espionage
- Software
- Phishing
- Superfish
- Trojan: Win32/Meredrop
References
External links
- Home Computer Security - Carnegie Mellon Software Institute
- OnGuard Online.gov - How to Secure Your Computer
Category
Source of the article : Wikipedia