Spyware: The ultimate uninvited guest

In recent years, IT pros have had their hands full dealing with worms and viruses, but spyware has meanwhile grown from pesky to problematic to pernicious. Defending against the rising spyware tide requires a good grasp of its many forms and behaviors.

Spyware. This sinister-sounding word conjures up an assortment of images, from tiny CIA espionage cameras to those annoying pop-up ads that infest computer systems. Techies adopted the term spyware as their own in 1999, using it to describe software that is installed on a computer to record information about the computer user. In the last four years, spyware, like viruses, has grown into a plague that affects almost everyone who uses a computer. Regardless of how well you police against them, spyware installations still manage to find their way onto computer systems. Let's look at the purpose of spyware, some examples of how these applications are propagated, and how these programs work.

Defining spyware

Spyware describes software that is installed on a computer and covertly gathers information through the user's Internet connection without his or her knowledge. Often benign in nature, spyware is most commonly used to collect information for advertising purposes. As with viruses, many types of spyware exist. These categories tend to overlap, and the terms that describe them are often used interchangeably. The following list defines several types of spyware and illustrates the differences between them.

  • Adware—Adware network applications are the most common type of spyware programs. An advertising company pays the makers of popular games, utilities, and other software programs a small fee to bundle its adware software with legitimate applications. The software vendor is paid whenever the adware application is downloaded with the legitimate program. Adware is designed to display advertising banners through pop-up windows or toolbars. Some adware applications also include code to track a person's Internet usage and personal information, often passing this data to third parties without the user's authorization or knowledge. The Claria Corporation (formerly the Gator Corporation) is one of the largest adware organizations; others include DoubleClick,, Radiate, and Web3000 Ad Network.
  • Stalking horses—This type of program enables adware networks to function on a user's desktop to obtain the user's demographic and personal information. Like adware, these applications are often bundled and installed with legitimate programs. Usually, stalking horses are described as a desirable add-on during the installation routine. These spyware applications are not always used to display pop-up ads, differentiating them from adware programs. The most common stalking horse programs are eZula's TopText, Cydoor, OnFlow, and webHancer.
  • Trojan horses—These applications are bundled with popular Internet applications used for file sharing, such as KaZaa, Grokster, and Morpheus. They are similar to stalking horses, but their installation is not disclosed during the program setup.
  • Backdoor Santas—These programs have no obvious purpose other than to collect information about surfing or shopping habits. Unlike other spyware applications, Backdoor Santas do not work in conjunction with an adware network. A few examples of this type of application are Hotbar, CuteFTP, and the ever-popular BonziBUDDY.
  • Cookies—These spyware tools are not applications but rather small files that are stored on the user's computer. They are used to build a user profile without notifying the user of the information being stored and are eventually forwarded to an organization. Although cookies are used for many purposes by most Web sites, they are also considered a form of spyware.
  • Malware—Malware is malicious software designed to disrupt a computer, often rendering the system unusable unless the application is removed. Many malware applications reinstall themselves when you try to remove them, making it extremely difficult to completely uninstall them. Malware includes not only spyware applications, but also viruses, worms, Trojans, and similar nefarious-minded code.

These definitions illustrate the variety of spyware applications in existence today. Generally speaking, the majority of these programs are used for advertising purposes, with malware being the glaring exception. All of them collect demographic and usage information, frequently without the user's knowledge. Although all the software companies that publish spyware applications claim that the programs are benign, most people object to their personal information being collected and sent to an organization without their consent, regardless of the purpose.

Most spyware, with the exception of malware, has a legitimate purpose: to gather marketing data with the intent of providing you with advertisements that appeal to your interests. The advertisers hope to provide you with tantalizing offers that are tailored to your tastes instead of having you see a random assortment of ads. Although somewhat annoying in this form, the concept of demographic marketing has been used by advertisers for decades in the print and broadcast media. But in this case, rather than display regional ads intended for various markets, advertisers display ads based on the user's Web-surfing history.

The inner workings of spyware

The most common indication that a spyware application is installed on a computer is an increase in the number of pop-up ads that display when a user is surfing the Internet. Many Web sites display pop-up ads as part of their own normal activities, but users should not see pop-ups display every time they view a Web page. In addition, many spyware applications display multiple pop-up ads, sometimes opening three, four, or even five new windows at a time. This is not only annoying, but it also consumes bandwidth and time, which are in short supply for people still using a dial-up connection.

Spyware organizations use a number of methods to get their software installed. Although some spyware, such as malware, is secretly installed, most spyware applications are legally installed when the user installs legitimate freeware, shareware, instant messaging, or file-sharing software. For example, Google's useful toolbar has an option to collect demographic user data. Sometimes the user is presented with an option to deselect the secondary program, as with the Google toolbar. A more commonly used method is disclosing the spyware application in the licensing agreement. Since few people read the end-user licensing agreement (EULA) when they install software, they unwittingly authorize the installation of the spyware application.

Another common method of spyware distribution is through e-mail. In this case, the spyware application is disguised as an e-mail attachment or a Web page link. Again, the user may have a legitimate reason for opening the attachment or link. However, when the user does this, the spyware installation launches. Some popular methods of disguising spyware installers are e-mailed greeting cards or links that claim to install anti-spyware programs.

Spyware applications gather their data using a variety of methods. Many programs track a user's Web-surfing habits by collecting the history of pages he or she views. This information is then transmitted to the adware network, which uses it to customize the advertisements the user views in the pop-up windows that the spyware application opens. Other programs collect demographic information using HTTP cookies. When the Web site opens the cookie, the user's information is transmitted back to the organization, which once again uses it to customize the ads that the user views. Some of the more invasive spyware applications are programmed to redirect the user's Web browser home page. In addition, some programs even go as far as redirecting the browser from a requested page to a different organization's home page, preventing the user from viewing the competitor's page. These types of applications can also slow down computer systems, overload them with pop-up windows, and even cause them to cease working altogether.

Malware applications can do much more damage than merely transferring history data. For instance, some applications are designed to capture the user's keystrokes. This can result in the capture of confidential information such as passwords, credit card numbers, Social Security numbers, and other types of personal data. Spyware can also be used to scan files on users' hard drives or access their applications. Some malware is designed to read, write, and delete specific files on the user's hard drive—or even reformat it.

The growth of spyware

As most people can attest, spyware use is growing rapidly. A recent EarthLink survey discovered 83 million instances of spyware installed on three million computers over a nine-month period. Many industry experts suggest that spyware applications are installed on as many as 90 percent of computers that are connected to the Internet. The lucrative nature of the business encourages organizations to have their applications installed on as many computers as possible. For instance Claria, one of the largest adware firms, had revenues of $90.5 million in 2003 and recently announced plans for an initial public offering. With advertising revenue constantly growing, it's no surprise that spyware organizations are so numerous.

In an effort to control the amount of spyware being deployed, the U.S. House of Representatives recently approved legislation prohibiting an organization from taking control of a computer, modifying a Web browser's home page, or disabling antivirus software without the user's authorization. The Spy Act, as it is called, creates a complicated set of rules to govern software that transmits user information across the Internet. This legislation enables the Federal Trade Commission to monitor violators and levy fines of up to $3 million. Although this legislation is not yet a law, representatives on both sides of the aisle and in both houses support the bill. The 399-to-1 vote illustrates the broad support for the Spy Act, which should easily pass through the Senate and be signed into law in the near future.


In the last few years, spyware applications have become as prevalent as viruses, if not more so. Although viruses are designed to damage computer systems, spyware is meant to provide consumer advertising. However, the aggressive nature of some spyware organizations and the multiple installations of various spyware applications on a computer system can have the same devastating effect on a computer system as a virus. Spyware is, for the most part, legal. Even so, efforts are being made by the U.S. government to curtail the pervasive ways that spyware companies distribute, install, and use their applications and the collected demographic information.

Editor's Picks

Free Newsletters, In your Inbox