Spyware
This chapter wouldn't be complete without a mention of spyware. Spyware can be defined as any program that monitors or accesses your personal information without your permission and sends it back to the program's inventor. Spyware is usually some program you downloaded as shareware. It can be an MP3 player, a cool backgammon game, or anything else. Spyware can also come to you over a Web site that installs and runs programs on your computer that you really have no clue about. The next time you get a message from your Web browser asking whether you will allow the Web site to install and run software, think twice.
Here are several ways that a spyware program can operate:
The program can search your computer for stored information, such as your name, address, phone number, and IP address, and then secretly send this information out to someone on the Internet.
The spyware can monitor your every keystroke, storing every word you type in a file and sending the file out to someone on the Internet.
The spyware can monitor and log your Web surfing habits, logging which sites you frequently visit, what music you download, or what products you shop for, and then send this information to someone on the Internet.
The spyware can search your hard drive for all files containing the word “financial” and send them to someone on the Internet.
There really is no limit to just what a spyware program can do on your computer. Depending on the people who created the spyware, the functions and intentions are limitless.
Spyware usually gets installed by you. It does not typically just come along and install itself. There might be a shareware program you really want to test, in which case you download and install it. The next thing you know, the program is doing things you never expected it to do, such as accessing personal information on your computer and sending it back to the software company.
Spyware Cases in the News
In 2000 and 2001, several cases of spyware usage were revealed to the public. In fact, the realizations of just what type of spying the major software companies are doing has initiated legislative movements.
Recent real-world examples of spyware activities include
AOL and Netscape's SmartDownload utility
RealNetworks Real Download
NetZip Download Demon
Egames.com inclusion of “marketing-friendly” spyware in its demos
SmartDownload Utility
In July 2001, a federal judge ruled that the AOL/Netscape spyware case would move through the court system. Originally filed in July 2000, this lawsuit concerns how AOL's Netscape division used the SmartDownload utility as a form of spyware (see http://www.newsbytes.com/news/01/167714.html). The widely used software was used to assign a unique ID to each user and then monitor and log the files the user downloaded using the utility. What this information was used for is unclear. Specifically, the SmartDownload utility captured the following information and sent it back to AOL/Netscape computers:
The user's computer's name and IP address
The complete URL of the file downloaded (for example, http://www.somesite.com/somefile.zip)
The time and date of the transfer
Going one step further, if you were a registered user of the NetCenter portal, your personal information was also sent! Your personal NetCenter logon ID and personal e-mail address were also sent!
Since the initiation of this lawsuit, the spyware functions of SmartDownload have been removed.
These types of activities are becoming increasingly common in software distributed on the Internet. Many companies want to know exactly what people are doing online, be it for marketing reasons or other reasons. The SmartDownload case was similar to the RealNetworks Real Download utility and the NetZip Download Demon, which monitor and report user's downloading activities. Steve Gibson takes much credit for identifying these spyware activities and bringing them to public attention. You can read his reports and full details of his findings at http://grc.com/downloaders.htm.
Solutions for Spyware
The Gibson Research Center from Steve Gibson is responsible for creating one of the early spyware detection programs. Named OptOut, this program was available for download from http://grc.com/optout.htm. Although its development has been discontinued in the wake of Ad-aware, a spyware detection program from Germany, the Web site is still a valuable reference for spyware information.
Ad-aware (discussed next) is currently one of the best programs available for detecting spyware on your computer. More important than detection, however, is prevention. Prevention of spyware starts with you. By following the recommendations in this chapter and paying closer attention to your Web surfing habits, you can avoid a lot of the spyware that wants to find its way to your computer.
Similar programs for spyware detection can be found at the following sites:
http://www.spychecker.com— Offers a search engine for known spyware programs
http://www.spychecker.com/radiateremover.html— Offers the Aureate/Radiate DLL file remover
http://www.zonelabs.com/— Offers the ZoneAlarm personal firewall, which blocks all outgoing Internet connections by default
Ad-aware by Lavasoft
Available from http://www.lavasoftusa.com/, Ad-aware has gained much attention as the spyware-detection tool of choice. Designed by a German company, Ad-aware has support for many languages across the world. This program is completely free to users everywhere, but it can be registered for a small fee to enable even more options. The registration fee is a good gesture to ensure that Lavasoft keeps developing the Ad-aware program.
Download Ad-aware from http://www.lavasoftusa.com/aaw.html, and review the latest features and tutorials. After you have it installed, using it is a breeze. Just launch the program through its shortcut in your Start, Programs, Ad Aware Group, and you will see a screen similar to Figure 7.15.
Figure 7.15. The Ad-aware program interface is simple to use.
Ad-aware scans three components of your computer for the existence of spyware:
Memory
Registry
Hard drives
Ad-aware scans each of these with a click of the Scan Now button. You are notified which spyware is found at the end of all scanning. When notified, you have a few options, including removing the spyware from your computer. Ad-aware provides the option to back up before deleting spyware, in case you later realize that you really need the software even though it is spyware. Ad-aware updates its list of known spyware when you use the RefUpdate program; then, when scanning, it uses this list of spyware “signatures” to identify spyware on your computer.