Bonzi the spyware buddy

Bonzi buddy, now effectively confined to spyware history, is a particularly good example of a spyware program targeted at children. What child could resist clicking on this 'lovable ape' and computer companion as the slick marketing text that accompanies him, promised:

He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE!


Click, you're infected

Spyware incorporates a broad range of potentially malicious software designed to intercept or to some extent control a computer's operation without the informed consent of the user. Spyware usually enters a computer through deception of the user or through exploitation of software vulnerabilities. Broadly speaking it is software that subverts the computer's operation for the commercial benefit of a third party. Unlike viruses, it does not usually self-replicate.

What is spyware?

Spyware is a surprisingly widespread problem. Even the definition 'spyware' encompasses many types of software from legally correct to damaging malware. In the first instance, there is legal adware where users consent to its presence in their computer through which advertising companies gather legitimate market data. In between is greyware where the program is tacitly accepted by the user but contains more inclusive and invasive monitoring of online activity. Spyware proper is better defined as software where the user is completely unaware of its presence and through its activities may, for instance become the victim of identity theft or more directly, financial loss.

Industry analysts suggest that up to 60 percent of computers may be infected with one type of adware, greyware or spyware meaning that the problem is particularly widespread. But how is this possible given the existence of antispyware programs? Stefan Lundstrom, anti-spyware researcher at F-Secure's data security laboratory explains that the majority of spyware exists as a direct failure of ordinary users to think critically when installing software.

"People are almost conditioned to click their mouse buttons without giving it a second thought. It's the same as channel hopping with a remote control but the difference is your computer can become infected with one wrong click, Lundstrom points out.

The most direct route by which spyware can get on a computer is thus the user him or herself installing it as terms of an agreement, usually in the small print when downloading shareware or similar. Other spyware programs deceive the user directly by piggybacking on another piece of software.

Spyware proper can also enter a computer by manipulating security features in the Web browser or in other software. When the user navigates to a web page controlled by the spyware author, the page contains code, which attacks the browser and forces the download and installation of spyware.

New developments

Recently, spyware has also come to include "rogue antispyware" programs, which masquerade as security software. In these instances, a trojan or website uses a false and misleading advertisement to trick a user into installing such a program. Typically, the program offers to scan the computer for free, but removal requires it to be purchased. Lundstrom warns that despite their appearances, such programs function rather poorly and have no company behind them. As a result, users are left vulnerable to other malware attacks and no future service is guaranteed.
 
Spyware can also come bundled with music CDs as was the case with the Sony rootkit case. In this manner, it is notable that spyware occupies a typically grey area where both criminal organisations and corporations alike are willing to use covert means to obtain the information they need.

In the case of the Sony rootkit installation, the original intent was legitimate i.e. attempting to prevent piracy, under the banner of digital rights management. However, the use of trojan-horse tactics to verify a user as the rightful owner of the media in question is highly questionable.  In the Sony case, the installation of a rootkit to hundreds of thousands of computers through legitimately purchased CDs undoubtedly crossed the line between protecting business and user privacy and also created a backdoor for malicious hackers to enter infected computers, as was proven subsequently.

What spyware causes in your computer

A spyware infestation in a computer can create significant unwanted CPU activity, disk usage, and network traffic effectively slowing down the computer and eating up resources. Stability issues meaning application or system crashes, are also common in such cases. Typical telltale signs of infestation include unsolicited pop-up advertisements or the routing of HTTP requests to advertising sites. Some types of spyware disable software firewalls and antivirus software, and reduce browser security settings.

For badly infected systems, a complete reinstall may be required to restore the system to working order. This is a time-consuming project even for experienced users and does not discount the possibility of lost data as well as accompanying financial and intellectual property theft.

Remedies and prevention

The obvious first line of defence against spyware are the broad range of programs designed to remove or to block spyware. Equally important are the various user practices, which help to reduce the chance of getting spyware on a system. Like most antivirus software, antispyware software requires a frequently updated database of threats. As new spyware programs emerge, antispyware developers intercept them and make signatures, which enable the software to detect and remove the offending programme.

As with any antivirus product, antispyware software is of limited usefulness without a regular source of updates.  In the case of F-Secure's products, the most frequent updates in the industry ensure that the average user enjoys a high level of coverage against the threats posed by spyware.

Lundstrom points out that a more complete problem is the combination of antispyware programmes and desktop firewalls plus gateway filtering. Such institutions as universities and larger corporations use network firewalls and web proxies to block access to web sites known to distribute spyware.



Security practices

In addition to installing anti-spyware software, Lundstrom recommends that average computer users avoid Internet Explorer, which offers an easy route for spyware to enter a computer. Apart from more obvious vulnerabilities, its deep integration with the Windows environment and its scriptability make it an obvious target. Internet Explorer is also a point of attachment for spyware in the form of browser helper objects, which modify the browser's behaviour to add toolbars, redirect traffic or monitor browser usage to display a targeted advertisement.

Installing a web browser other than Microsoft's Internet Explorer (IE), for instance, Opera, Firefox or Netscape is a good practise but, as Lundstrom points out, no browser available today, and there are many, is safe, because security is ultimately the responsibility of the person who uses the browser.

Author: Mark Woods, Corporate Communicator


Printable versionBegin Begin | Back Back