Security

Cheat Sheet: Spyware

No, Mr Bond, I expect you to click...

OK, I've seen the Bond films, I know what spyware is. Pens that shoot deadly darts, cigarette lighters that explode, cufflinks that track supervillains... am I close?
You're a little way out. What we're talking about here are software applications that find their way onto users' machines for the purposes of, as the name suggests, spying on them.

"Find their way onto..." that sounds very covert.
It's not called spyware for nothing. Often these programmes do sneak in unnoticed, perhaps while a user is downloading a piece of free software.

And what are they doing?
We should approach this issue with caution. It's easy to get worked up about spyware, but there are a variety of reasons for it being there and a variety of roles it could be performing. At its mildest it is an irritant, exploited by almost all companies in one form or another for advertising.

How does that work?
Sometimes it's almost totally innocuous. Responsible sites that use it to track advertising are doing very little wrong, legally or morally, but others are being less scrupulous. You may wonder why you get pop-ups every time you visit certain sites, or why you get directed to certain web pages or search engines every now and again. It's likely such behaviour is a result of 'adware' - spyware's semi-legitimate cousin, if you want to think of it in such terms. These programmes will typically be placed on your machine when you download a piece of 'free' software. While the software is provided for free, the creator or distributor earns money by including a programme that directs you to advertisers' websites or content. Similarly it may even install a search bar or offer 'loyalty' points for online shopping with certain sites.

Is that all it does?
Not quite. The most contentious area is adware's ability to report back to its originator and share information about you with third parties.

And is this legal?
By and large, yes it is. There will most likely have been mention of these programmes somewhere in the terms and conditions - though you may have to scroll though hundreds of lines of small print to find them.

...and nobody bothers to do that?
Do you?

No.
Exactly, and that's what the people behind such programmes rely upon. I would advise caution whenever downloading free software. In general these days, software applications follow the 'lunch' rule, in that there's no such thing as a free one.

So that's it? Spyware is a marketing tool? Why all the fuss then? Nobody likes marketers, but is it really worth all the gnashing of teeth and the wailing?
Spyware has degrees of maliciousness. It doesn't all arrive on your machine through the grey areas of terms and conditions. It can be installed when you visit certain websites - often of an [ahem!] adult nature - unbeknownst to you and sometimes even unbeknownst to the site's owners. This type of software can also be passed covertly via peer-to-peer applications and email. There is growing concern that spammers and virus writers are finding ever more devious ways to install spyware on your machine.

Why? Well, spammers have a lot to gain from knowing more about you. Recent research revealed a growing trend whereby recipients of spam are getting apparently personalised emails, featuring home addresses, family members' names and even pet names in the 'from' and 'subject' fields. MessageLabs believes this is a result of spyware harvesting such information from users' machines.

And how would it do that?
Keystroke loggers installed on machines can keep track of commonly typed words and phrases.

What else can they record?
OK, be calm, but this is where fear can start setting in. Key loggers can record anything you type. This obviously includes user names and passwords and the spyware can report such details back to its originators, along with information about where and when they were used - raising concerns as to the safety of internet banking. A compromised machine can certainly report a lot of information about the user.

What can we do about this?
There are a vast number of applications available that will clean your system of spyware and adware.

And how do we get it?
Try visiting download.com - simply searching under 'spyware' should bring up hundreds of applications. A very popular one is Ad-aware and you'd certainly be surprised how much it finds on the hard drive of even the most cautious of web surfers.

How much does it cost? Good question. It's actually free - which I know raises a number of Catch 22-style questions about the statement I've already made regarding the downloading of free software, but there are plenty of packages out there. You may like to shop around, but it's worth noting that not all free software necessarily brings with it a host of spyware applications. Other spyware blockers and washers are free to try and a nominal fee to buy, but it is definitely worth having some defences in place.

Editor's Picks

Free Newsletters, In your Inbox