How Spyware Works

Has your computer ever become so slow that you can fix yourself a snack in the time it takes your word processor to open? Spyware may be to blame.

Spyware is a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your computer's processing power. They are designed to track your Internet habits, nag you with unwanted sales offers or generate traffic for their host Web site. According to recent estimates, more than two-thirds of all personal computers are infected with some kind of spyware [ref]. But before you chuck your computer out the window and move to a desert island, you might want to read on. In this article we'll explain how spyware gets on your computer, what it does there and how to get rid of it. Some people mistake spyware for a computer virus. A computer virus is a piece of code designed to replicate itself as many times as possible, spreading from one host computer to any other computers connected to it. It usually has a payload that may damage your personal files or even your operating system.

Spyware, on the other hand, is generally not designed to damage your computer. Spyware is broadly defined as any program that gets into your computer without permission and hides in the background while it makes unwanted changes to your user experience. The damage it does is more a by-product of its main mission, which is to serve you targeted advertisements or make your browser display certain sites or search results.

At present, most spyware targets only the Windows operating system. Some of the more notorious spyware companies include Gator, Bonzi Buddy, 180 Solutions, DirectRevenue, Cydoor, CoolWebSearch, Xupiter, XXXDial and Euniverse.

How You Get Spyware

Spyware usually gets onto your machine because of something you do, like clicking a button on a pop-up window, installing a software package or agreeing to add functionality to your Web browser. These applications often use trickery to get you to install them, from fake system alert messages to buttons that say "cancel" when they really do the opposite.Here are some of the general ways in which Spyware finds its way into your computer:

Piggybacked software installation - Some applications -- particularly peer-to-peer file-sharing clients -- will install spyware as a part of their standard install. If you don't read the installation list closely, you might not notice that you're getting more than the file-sharing application you want. This is especially true of the "free" versions that are advertised as an alternative to software you have to buy. There's no such thing as a free lunch.

Drive-by download - This is when a Web site or pop-up window automatically tries to download and install spyware on your machine. The only warning you might get would be your browser's standard message telling you the name of the software and asking if it's okay to install it.

If your security settings are set low enough, you won't even get the warning.

Browser add-ons - These are pieces of software that add enhancements to your Web browser, like a toolbar, animated pal or additional search box. Sometimes, these really do what they say they do but also include elements of spyware as part of the deal. Or sometimes they are nothing more than thinly veiled spyware themselves. Particularly nasty add-ons are considered browser hijackers -- these embed themselves deeply in your machine and take quite a bit of work to get rid of.

Masquerading as anti-spyware - This is one of the cruelest tricks in the book. This type of software convinces you that it's a tool to detect and remove spyware.

When you run the tool, it tells you your computer is clean while it installs additional spyware of its own.

What Spyware Can Do

Spyware can do any number of things once it is installed on your computer.

At a minimum, most spyware runs as an application in the background as soon as you start your computer up, hogging RAM and processor power. It can generate endless pop-up ads that make your Web browser so slow it becomes unusable. It can reset your browser's home page to display an ad every time you open it. Some spyware redirects your Web searches, controlling the results you see and making your search engine practically useless. It can also modify the DLLs (dynamically linked libraries) your computer uses to connect to the Internet, causing connectivity failures that are hard to diagnose.

Certain types of spyware can modify your Internet settings so that if you connect through dial-up service, your modem dials out to expensive, pay telephone numbers. Like a bad guest, some spyware changes your firewall settings, inviting in more unwanted pieces of software. There are even some forms that are smart enough to know when you try to remove them in the Windows registry and intercept your attempts to do so.

The point of all this from the spyware makers' perspective is not always clear. One reason it's used is to pad advertisers' Web traffic statistics. If they can force your computer to show you tons of pop-up ads and fake search results, they can claim credit for displaying that ad to you over and over again. And each time you click the ad by accident, they can count that as someone expressing interest in the advertised product.

Another use of spyware is to steal affiliate credits. Major shopping sites like Amazon and eBay offer credit to a Web site that successfully directs traffic to their item pages. Certain spyware applications capture your requests to view sites like Amazon and eBay and then take the credit for sending you there.

Legality

So is it legal to install difficult-to-remove software without the user's permission? Not really. There's an increasing body of state legislation that explicitly bans spyware, including the Spyware Control Act in Utah and the Consumer Protection Against Computer Spyware Act in California. But even without these new state laws, federal law already prohibits spyware. The Computer Fraud and Abuse Act covers any unauthorized software installations. Deceptive trade practices of any kind also violate the Federal Trade Commission Act. Additionally, the Electronic Communications Privacy Act makes it unlawful for companies to violate the security of customers' personal information.

Just like anti-spam legislation, these spyware laws can be very difficult to enforce in practice, and the perpetrators know it. It can be tough to find hard evidence connecting individual companies to their spyware products, and, as with all Internet-related lawsuits, there are often battles over which court's jurisdiction applies to the case. Just because it's illegal doesn't mean it's easy to stop. How can you protect yourself against spyware, and what can you do if you think you already have some on your computer? Here are a few suggestions.

Call Intrepid Computing.

Use a spyware scanner.
There are several applications you can turn to for trustworthy spyware detection and removal, including Ad-aware, Spybot and Microsoft AntiSpyware, which is currently in beta. All three are free for the personal edition. These work just like your anti-virus software and can provide active protection as well as detection. They will also detect Internet cookies and tell you which sites they refer back to.

Note - Once you know which spyware is on your computer, in some cases you'll need to seek specific instructions on how to remove it. Links to some of those instructions are listed in the "Spyware Help" box to the right, and more are included in the Lots More Information section at the end of this article. Here are a few more solutions:

Use a pop-up blocker.
Many of the current browsers, including Internet Explorer 6.0 and Mozilla Firefox 1.0, have the ability to block all Web sites from serving you pop-up windows. This function can be configured to be on all of the time or to alert you each time a site wants to pop up a new window. It can also tell you where the pop-up is coming from and selectively allow windows from trusted sources.

Disable Active-X.
Most browsers have security settings in their preferences which allow you to specify which actions Web sites are allowed to take on your machine. Since many spyware applications take advantage of a special code in Windows called Active-X, it's not a bad idea to simply disable Active-X on your browser. Note that if you do this, you will also disallow the legitimate uses for Active-X, which may interfere with the functionality of some Web sites.

Be suspicious of installing new software.
In general, it pays to be suspicious when a site asks to install something new on your computer. If it's not a plug-in you recognize, like Flash, QuickTime or the latest Java engine, the safest plan of action is to reject the installation of new components unless you have some specific reason to trust them. Today's Web sites are sophisticated enough that the vast majority of functionality happens inside your browser, requiring only a bare minimum of standard plug-ins. Besides, it never hurts to reject the installation first and see if you can get on without it. A trustworthy site will always give you the opportunity to go back and download a needed component later.

Use the "X" to close pop-up windows.
Get to know what your computer's system messages look like so that you can spot a fake. It's usually pretty easy to tell the difference once you get to know the standard look of your system alerts. Stay away from the "No thanks" buttons if you can help it, and instead close the window with the default "X" at the corner of the toolbar. For an even more reliable option, use the keystroke combination for "close window" built into your software. You can look in your browser's "File" menu to find it.