I. What Is Spyware, and How Does It Get Installed on My Computer?

Previous page
Table of content
Next page
 < Day Day Up > 

So, what exactly is spyware? And how can you recognize when it's been installed on your PC? Generally speaking, spyware refers to software that's been installed on your computer without your consent and that does things like collect your personal information without you being aware of it, change how your computer or web browser is configured, or bombard you with online advertisements. If a piece of spyware changes how your computer is configured, it will often lead to your computer becoming very slow or freezing, or even crashing with the dreaded "Blue Screen of Death." Spyware programs are notorious for being difficult to remove on your own, so even if you find an offending program and uninstall it, sometimes it will come right back whenever you reboot your computer.

The next obvious question is: how did these programs get installed on my computer to begin with? There are two common ways that you can find yourself infected with spyware. The first is that spyware can "hide" inside of other programs, even ones that you download from websites that might be otherwise trustworthy. Here's a good example: you download a game from one of your favorite websites. After you download the game and click on "CoolGameSetup.exe," the game installs just like you wanted. But you also end up with additional software installed that you didn't want: a tiny program that tracks the websites you visit gets installed in the background, and you weren't even aware of it. Spyware programs will often "piggyback" in this way on top of games, MP3 players, and other software utilities the manufacturer of the software will typically allow this spyware to be installed as a part of their product to drive more business to their website, for example.

A slightly less common (but much more dangerous) way for spyware to spread is through flaws in Microsoft Windows or your web browser. Even though Microsoft has been working for years to get all of the security "bugs" out of its products, it's still a really big task that isn't even close to completion. And every now and then, some hacker will find a way that he or she can install something on your PC just by using a software programming trick. This is especially dangerous because the hacker will be able to install software on your computer without even having physical access to it; all the hacker needs is for your computer to be connected to the Internet. This might be the most disturbing aspect of spyware because, in essence, this software has been installed on your computer without your permission, and you didn't do anything at all.

No matter how it gets installed on your computer, spyware can take on many forms that range from annoying to dangerous. Some of the more common spyware behaviors you'll see are listed here:

Adware

Adware is a term for spyware that opens up advertisements within Internet browser windows, called "pop-up ads" or simply "pop-ups" because your web browser opens (or "pops up") a new window on your screen containing an advertisement or an entirely new web page. You run into pop-up ads all over the Internet, even from legitimate websites belonging to your favorite sports teams and online retailers; they're the Internet equivalent of the postcard advertisements that get inserted into print magazines. So, it's important to understand that every time you see a pop-up advertisement, it doesn't necessarily mean that you've been hit with adware. If you go to the website of your favorite book seller and you see a pop-up ad offering you free shipping if you spend $75 on their site, chances are good that there's nothing wrong with your computer. You're just seeing a legitimate advertisement from the website that you're visiting.

You may also subscribe to an online service that lets you receive email or watch music videos for free, but you "pay" for this service by having pop-up ads appear before you can check your mail or watch the video. Most legitimate sites will spell this out for you loud and clear when you sign up for their service, so you can decide if it's worth putting up with a few pop-up ads to be able to use their site for free. Any piece of software that you download or web service that you use should come with an End User License Agreement, or EULA for short. This should explain exactly what the installer is doing and whether it's installing any additional software pieces (like spyware) along with it. Sometimes the makers of a piece of software will actually tell you that they're installing adware on your PC, but they'll stick the notice all the way at the end of the EULA in the hopes that you'll miss it.

If you've ever installed a piece of software on your PC, you've seen a EULA...or at least the first few lines of one. The EULA is the text that's listed on the screen that appears whenever you install a new piece of software, where you need to select "Yes, I agree to the terms of this software" and then click Next before you can continue the installation. Almost nobody reads the EULA; we just skip right past it and keep going. Less-than-scrupulous websites are counting on this fact so that they can install spyware on your machine and then say, "Well, we told you we were going to install it. It's not our fault you didn't read the EULA." There are even some software companies that are bringing lawsuits against some anti-spyware software companies, claiming that their products should not be considered spyware since the terms of service are spelled out right in the EULA.

If you're serious about stopping spyware on your home computer, it's worth taking the extra minute to read the EULA on each piece of software that you've downloaded, just to make sure that nothing is piggybacking on top of the thing that you're installing. If a piece of software doesn't have a EULA, you should leave that website immediately and find one of their competitors who cares a bit more about your security and privacy.


So, how do you know if something is amiss? How do you know that the pop-up ads you're seeing are not legitimate pop-ups from "normal" websites, but rather ones that indicate that something more insidious is going on? A good indication is that all of a sudden you find that you're drowning in pop-up ads, even when you're not surfing the web:

  • You're working on a word processor document or a spreadsheet program and Internet advertisements start popping up out of nowhere.

  • You receive pop-up ads while you're browsing the web that have nothing to do with the site you're visiting. These can often contain adult content or be objectionable in nature.

  • Advertisements pop up as soon as you turn on your computer.

If you're seeing any of these behaviors, chances are pretty good that you've got some type of adware installed on your system that's causing this to happen. And it's at this point that pop-up ads can go from "irritating" to "unsafe": unscrupulous website designers can include other types of malicious software in a web page so that what started as a simple pop-up ad can then install another piece of spyware onto your system.

Even beyond generating pop-up ads, spyware can create other, more serious issues with your home PC and your personal information, which we'll discuss next.

Hijackers

You open up your web browser, expecting to see www.yahoo.com, www.cnn.com, or whatever you've set your home page to be. Instead, you're sent to a site you've never seen before, usually one that fires 10 or 15 pop-up ads at you. You change your homepage back to where you want it to be, but the next time you open your browser, you're back at that annoying page again. Or maybe there's a new toolbar on your browser that you don't remember installing, and you can't figure out how to get rid of it. This is a form of spyware called hijacking. Like pop-up ads, this is usually more obnoxious than harmful, but you're still running the risk of getting one of those pop-up windows that has some of that nasty software embedded in it.

Keystroke Loggers

Maybe up until now, you've been reading my description of adware and hijackers, and you aren't quite sold on the extent to which spyware can threaten your privacy. And in some respects, this is a perfectly fair assessment: some forms of spyware only consist of annoying (but otherwise benign) pop-up ads that are trying to entice you to purchase a new product or website membership. But in many cases, the risks caused by spyware are much greater than simply forcing you to swat away a few pop-up ads: some forms of spyware will keep a record of every website you visit and every single thing you type on your keyboard and then transmit that information to a website or another web server that belongs to the hacker.

So, you open up your web browser, close the three or four pop-up ads that appear whenever you connect to the Internet, and log onto your online banking site. Now, you think you're secure at this point because the URL begins with "https://" , signifying that it's a secure site. You're further assured of your security because you can see the little padlock in the lower-right corner of your browser, which also indicates that you're using a website that is securing and encrypting any information that you send to it. (If you don't know how to look for these, we'll be discussing web browser security in a later section.) But even a secure web connection isn't going to help you if a hacker can grab your username and password as you're typing them in and then can log onto your bank's website pretending to be you. Just think about all the things that you type at your keyboard when you're on the Internet. This seedy individual could snatch up:

  • Your credit card number as you're typing it in to buy a CD from Amazon

  • Personal information like your home address and telephone number, or even your Social Security number

  • Usernames, passwords, and account numbers to online banking or brokerage sites

This kind of threat is often how identity theft happens: just as you're careful about shredding paper documents that contain your personal information, you need to protect your computer from spyware to be just as careful about your online data. Some keystroke loggers will even record everything you type into a text file and then email it to a hacker at a later time. This means that you don't even have to be connected to the Internet for keystroke loggers to work. Keystroke loggers are particularly insidious because they're sometimes marketed as legitimate programs. Maybe you downloaded a piece of software to help keep track of your child's online activity, but the maker of the "nanny" program turns out to be just as bad as the people you were trying to protect yourself from.

This is not to say that the makers of all such "nanny" software programs are out to steal your credit card numbers: there are a number of perfectly reputable options in this area. It's all a matter of being careful about where you're downloading software from, which we'll be talking about later as well.


     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Stopping Spyware
    Stopping Spyware
    ISBN: 1463585381
    EAN: N/A
    Year: 2006
    Pages: 31
    BUY ON AMAZON
    ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
    Inside Network Security Assessment: Guarding Your IT Infrastructure
    Software Configuration Management
    WebLogic: The Definitive Guide
    C++ How to Program (5th Edition)
    Ruby Cookbook (Cookbooks (OReilly))
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy