Definitions[]
Spyware is
“ | technologies deployed without appropriate user consent and/or implemented in ways that impair user control over (1) material changes that affect their user experience, privacy, or system security; (2) use of their system resources, including what programs are installed on their computers; and/or (3) collection, use, and distribution of their personal or other sensitive information.[1] | ” |
“ | includ[ing] "adware" and other programs that "secretly install on your computer without your permission or knowledge" and may cause "pop-ups," banner advertisements, and other extraneous ads, send "spam" e-mail messages, hijack search engine links or home pages, trace online activity, allow others to remotely access a computer, record private information or steal passwords. It also includes "adware, keyloggers, Trojans, hijackers, dialers, viruses, spam, and general ad serving."[2] | ” |
Overview[]
When the computer is connected to the Internet, the software periodically relays the information back to the software manufacturer or a marketing company. Some spyware traces a user’s Web activity and causes advertisements to suddenly appear on the user’s computer screen — called “pop-up ads” — in response. Typically, users have no knowledge that the software they obtained included spyware and that it is now resident on their computers.
Software that include spyware may be sold or available for free (“freeware”). They may be on a disk or other media, downloaded from the Internet, or downloaded when opening an attachment to an electronic mail (e-mail) message.
Spyware functionality often includes
- keylogging
- taking screenshots
- browser tracking
- packet capture
- data theft
Armed with spyware, bots can be used to steal valuable personal information and deliver it to attackers for use or sale.
Typically, users have no knowledge that spyware is on their computers. Because the spyware is resident on the computer’s hard drive, it can generate pop-up ads, for example, even when the computer is not connected to the Internet. One example of spyware is software products that include, as part of the software itself, a method by which information is collected about the use of the computer on which the software is installed, such as Web browsing habits.
Some of these products may collect personally identifiable information (PII). When the computer is connected to the Internet, the software periodically relays the information back to another party, such as the software manufacturer or a marketing company.
Another oft-cited example of spyware is “adware,” which may cause advertisements to suddenly appear on the user’s monitor — called pop-up ads. In some cases, the adware uses information that the software obtained by tracking a user’s Web browsing habits to determine shopping preferences, for example. Some adware companies, however, insist adware is not necessarily spyware, because the user may have permitted it to be downloaded onto the computer because it provides desirable benefits.
References[]
Source[]
See also[]
- Coordinating Virus and Spyware Defense
- FTC Spyware Workshop
- Recognizing and Avoiding Spyware
- State spyware laws
External links[]
- Center for Democracy and Technology (CDT), Spyware Enforcement (2007) (full-text).