|
|
|
|
In the early 2000, one Steve Gibson
detected an advertising software installed in his system that
was responsible in hacking his personal information. He was
successful in sueing the Ad companies Aureate and Conducent for
intruding his privacy. Later he invented a new anti-spyware
software called OptOut. Following his foot steps, lot many
softwares were brought into the market.
A study conducted by AOL and national Cyber-Security Alliance in
November 2004 revealed that almost 80% of the computer users are
infected by spyware. 89% users claimed that they were unaware of
its existence and 93% stated that the software was installed
without their permission. Spyware does not directly spread in
the manner of a computer virus or worm: generally, an infected
system does not attempt to transmit the infection to other
computers. Instead, spyware gets on a system through deception
of the user or through exploitation of software vulnerabilities.
|
|
The most direct route by which
spyware can infect a computer involves the user installing it.
However, users tend not to install software if they know that it
will disrupt their working environment and compromise their
privacy. So many spyware programs deceive the users, either by
piggybacking on a piece of desirable software such as Kazaa, or
by tricking the users to do something that installs the software
without them realising. Recently, spyware has come to include
"rogue anti-spyware" programs, which masquerade as security
software while actually doing damage.
Classically, a Trojan horse, by definition, smuggles in
something dangerous in the guise of something desirable. Some
spyware programs get spread in just this manner. The distributor
of spyware presents the program as a useful utility - for
instance as a "Web accelerator" or as a helpful software agent.
Users download and install the software without immediately
suspecting that it could cause harm. For example, Bonzi Buddy, a
spyware program targeted at children, claims that:
Anti-spyware programs often report
Web advertisers' HTTP cookies as spyware. Web sites (including
advertisers) set cookies - small pieces of data rather than
software—to track Web-browsing activity: for instance to
maintain a "shopping cart" for an online store or to maintain
consistent user settings on a search engine. |
|
Only the Web site that sets a cookie
can access it. In the case of cookies associated with
advertisements, the user generally does not intend to visit the
Web site which sets the cookies, but gets redirected to a
cookie-setting third-party site referenced by a banner ad image.
Some Web browsers and privacy tools offer to reject cookies from
sites other than the one that the user requested.
Advertisers use cookies to track people's browsing among various
sites carrying ads from the same firm and thus to build up a
marketing profile of the person or family using the computer.
For this reason many users object to such cookies, and
anti-spyware programs offer to remove them. Gaining unauthorised
access to a computer is illegal under computer crime laws in
several global territories, such as the United States Computer
Fraud and Abuse Act. Since the owners of computers infected with
spyware generally claim that they never authorised the
installation, a prima facie reading would suggest that the
promulgation of spyware would count as a criminal act. |
|
|
|
Law enforcement has often pursued the
authors of other malware programs, such as viruses. Nonetheless, few
prosecutions of writers of spyware have occurred, and many such
producers operate openly as aboveboard businesses. Some have,
however, faced lawsuits. Spyware producers primarily argue in
defense of the legality of their acts that, contrary to the users'
claims, users do in fact give consent to the installation of their
spyware. Spyware that comes bundled with shareware applications may
appear, for instance, described in the legalese text of an end-user
license agreement (EULA). Many users habitually ignore these
purported contracts, but spyware companies such as Claria claim that
these demonstrate that users have consented to the installation of
their software. Lavasoft's Ad-Aware, one of a few reliable freeware
anti-spyware programs, scans the hard drive of a clean Windows XP
system.
Many programmers and some commercial firms have released products
designed to remove or block spyware. Steve Gibson's OptOut,
mentioned above, pioneered a growing category. Programs such as
Lavasoft's Ad-Aware SE and Patrick Kolla's Spybot - Search & Destroy
rapidly gained popularity as effective tools to remove, and in some
cases intercept, spyware programs. More recently Microsoft acquired
the GIANT AntiSpyware software, rebadging it as Windows AntiSpyware
beta and releasing it as a free download for Windows XP, Windows
2000, and Windows 2003 users. In early spring, 2006, Microsoft
renamed the beta software to Windows Defender, currently "beta 2."
The renamed software for now exists as a time-limited beta test
product that will expire (beta 1 in July 2006, and beta 2 in
December, 2006). Microsoft has also announced that the product will
ship (for free) with Windows Vista. Other well-known anti-spyware
products include Webroot Spy Sweeper, PC Tools' Spyware Doctor,
ParetoLogic's XoftSpy, iS3's STOPzilla and Sunbelt's CounterSpy
(which uses a forked codebase from the GIANT Anti-Spyware product).
Major anti-virus firms such as Symantec, McAfee and Sophos have come
later to the table, adding anti-spyware features to their existing
anti-virus products. Early on, anti-virus firms expressed reluctance
to add anti-spyware functions, citing lawsuits brought by spyware
authors against the authors of web sites and programs which
described their products as "spyware". However, recent versions of
these major firms' home and business anti-virus products do include
anti-spyware functions, albeit treated differently from viruses.
Symantec Anti-Virus, for instance, categorizes spyware programs as
"extended threats" and now offers real-time protection from them (as
it does for viruses).
|
