Spyware. This sinister-sounding word conjures up an
assortment of images, from tiny CIA espionage cameras to those annoying pop-up
ads that infest computer systems. Techies adopted the term spyware as their own in 1999, using it to describe software that is
installed on a computer to record information about the computer user. In the
last four years, spyware, like viruses, has grown into a plague that affects almost
everyone who uses a computer. Regardless of how well you police against them,
spyware installations still manage to find their way onto computer systems. Let’s
look at the purpose of spyware, some examples of how these applications are propagated,
and how these programs work.

Defining spyware

Spyware describes software that is installed on a computer and
covertly gathers information through the user’s Internet connection without his
or her knowledge. Often benign in nature, spyware is most commonly used to
collect information for advertising purposes. As with viruses, many types of
spyware exist. These categories tend to overlap, and the terms that describe
them are often used interchangeably. The following list defines several types
of spyware and illustrates the differences between them.

  • Adware—Adware
    network applications are the most common type of spyware programs. An
    advertising company pays the makers of popular games, utilities, and other
    software programs a small fee to bundle its adware software with legitimate
    applications. The software vendor is paid whenever the adware application
    is downloaded with the legitimate program. Adware is designed to display
    advertising banners through pop-up windows or toolbars. Some adware
    applications also include code to track a person’s Internet usage and
    personal information, often passing this data to third parties without the
    user’s authorization or knowledge. The Claria Corporation (formerly the Gator
    Corporation) is one of the largest adware organizations; others include DoubleClick,
    WhenU.com, Radiate, and Web3000 Ad Network.
  • Stalking
    horses—This type of program enables adware networks to function on a
    user’s desktop to obtain the user’s demographic and personal information. Like
    adware, these applications are often bundled and installed with legitimate
    programs. Usually, stalking horses are described as a desirable add-on
    during the installation routine. These spyware applications are not always
    used to display pop-up ads, differentiating them from adware programs. The
    most common stalking horse programs are eZula’s TopText, Cydoor, OnFlow,
    and webHancer.
  • Trojan
    horses—These applications are bundled with popular Internet applications
    used for file sharing, such as KaZaa, Grokster, and Morpheus. They are
    similar to stalking horses, but their installation is not disclosed during
    the program setup.
  • Backdoor
    Santas—These programs have no obvious purpose other than to collect
    information about surfing or shopping habits. Unlike other spyware
    applications, Backdoor Santas do not work in conjunction with an adware
    network. A few examples of this type of application are Hotbar, CuteFTP,
    and the ever-popular BonziBUDDY.
  • Cookies—These
    spyware tools are not applications but rather small files that are stored
    on the user’s computer. They are used to build a user profile without
    notifying the user of the information being stored and are eventually
    forwarded to an organization. Although cookies are used for many purposes by
    most Web sites, they are also considered a form of spyware.
  • Malware—Malware
    is malicious software designed to disrupt a computer, often rendering the system
    unusable unless the application is removed. Many malware applications
    reinstall themselves when you try to remove them, making it extremely
    difficult to completely uninstall them. Malware includes not only spyware applications,
    but also viruses, worms, Trojans, and similar nefarious-minded code.

These definitions illustrate the variety of spyware
applications in existence today. Generally speaking, the majority of these programs
are used for advertising purposes, with malware being the glaring exception. All
of them collect demographic and usage information, frequently without the
user’s knowledge. Although all the software companies that publish spyware
applications claim that the programs are benign, most people object to their
personal information being collected and sent to an organization without their
consent, regardless of the purpose.

Most spyware, with the exception of malware, has a
legitimate purpose: to gather marketing data with the intent of providing you
with advertisements that appeal to your interests. The advertisers hope to
provide you with tantalizing offers that are tailored to your tastes instead of
having you see a random assortment of ads. Although somewhat annoying in this
form, the concept of demographic marketing has been used by advertisers for
decades in the print and broadcast media. But in this case, rather than display
regional ads intended for various markets, advertisers display ads based on the
user’s Web-surfing history.

The inner workings of spyware

The most common indication that a spyware application is
installed on a computer is an increase in the number of pop-up ads that display
when a user is surfing the Internet. Many Web sites display pop-up ads as part
of their own normal activities, but users should not see pop-ups display every
time they view a Web page. In addition, many spyware applications display
multiple pop-up ads, sometimes opening three, four, or even five new windows at
a time. This is not only annoying, but it also consumes bandwidth and time, which
are in short supply for people still using a dial-up connection.

Spyware organizations use a number of methods to get their
software installed. Although some spyware, such as malware, is secretly
installed, most spyware applications are legally installed when the user
installs legitimate freeware, shareware, instant messaging, or file-sharing
software. For example, Google’s useful toolbar has an option to collect
demographic user data. Sometimes the user is presented with an option to
deselect the secondary program, as with the Google toolbar. A more commonly
used method is disclosing the spyware application in the licensing agreement.
Since few people read the end-user licensing agreement (EULA) when they install
software, they unwittingly authorize the installation of the spyware

Another common method of spyware distribution is through e-mail.
In this case, the spyware application is disguised as an e-mail attachment or a
Web page link. Again, the user may have a legitimate reason for opening the
attachment or link. However, when the user does this, the spyware installation
launches. Some popular methods of disguising spyware installers are e-mailed
greeting cards or links that claim to install anti-spyware programs.

Spyware applications gather their data using a variety of
methods. Many programs track a user’s Web-surfing habits by collecting the
history of pages he or she views. This information is then transmitted to the
adware network, which uses it to customize the advertisements the user views in
the pop-up windows that the spyware application opens. Other programs collect
demographic information using HTTP cookies. When the Web site opens the cookie,
the user’s information is transmitted back to the organization, which once
again uses it to customize the ads that the user views. Some of the more
invasive spyware applications are programmed to redirect the user’s Web browser
home page. In addition, some programs even go as far as redirecting the browser
from a requested page to a different organization’s home page, preventing the
user from viewing the competitor’s page. These types of applications can also
slow down computer systems, overload them with pop-up windows, and even cause
them to cease working altogether.

Malware applications can do much more damage than merely
transferring history data. For instance, some applications are designed to
capture the user’s keystrokes. This can result in the capture of confidential
information such as passwords, credit card numbers, Social Security numbers, and
other types of personal data. Spyware can also be used to scan files on users’
hard drives or access their applications. Some malware is designed to
read, write, and delete specific files on the user’s hard drive—or even
reformat it.

The growth of spyware

As most people can attest, spyware use is growing rapidly. A recent EarthLink survey discovered 83 million instances of
spyware installed on three million computers over a nine-month period. Many
industry experts suggest that spyware applications are installed on as many as
90 percent of computers that are connected to the Internet. The lucrative
nature of the business encourages organizations to have their applications
installed on as many computers as possible. For instance Claria, one of the
largest adware firms, had revenues of $90.5 million in 2003 and recently
announced plans for an initial public offering. With advertising revenue
constantly growing, it’s no surprise that spyware organizations are so

In an effort to control the amount of spyware being
deployed, the U.S. House of Representatives recently approved legislation
prohibiting an organization from taking control of a computer, modifying a Web
browser’s home page, or disabling antivirus software without the user’s
authorization. The Spy Act, as it is called, creates a complicated set of rules
to govern software that transmits user information across the Internet. This legislation
enables the Federal Trade Commission to monitor violators and levy fines of up
to $3 million. Although this legislation is not yet a law, representatives on
both sides of the aisle and in both houses support the bill. The 399-to-1 vote
illustrates the broad support for the Spy Act, which should easily pass through
the Senate and be signed into law in the near future.


In the last few years, spyware applications have become as
prevalent as viruses, if not more so. Although viruses are designed to damage
computer systems, spyware is meant to provide consumer advertising. However,
the aggressive nature of some spyware organizations and the multiple
installations of various spyware applications on a computer system can have the
same devastating effect on a computer system as a virus. Spyware is, for the
most part, legal. Even so, efforts are being made by the U.S. government
to curtail the pervasive ways that spyware companies distribute, install, and
use their applications and the collected demographic information.