To make matters more confusing, there are many pieces of malware that merge characteristics of both spyware and adware. The distinction between the "wares" is important to businesses that make money distributing adware because they generally don't like to be associated with the "dark side." Some adware vendors are even suing anyone who calls their programs malware or spyware.
The distinguishing characteristic of spyware is that it makes undesirable changes to your computer as it collects data about your computing activities. Using that data, spyware can perform any number of tasks:
- Deliver targeted advertising
- Forward sensitive data such as user names, passwords and account numbers to the spyware operator
- Perform unauthorized financial transactions involving the user's bank, credit card or investment accounts
- If the computer has a modem connected to a telephone line, the spyware operator may connect with expensive pay-per-access numbers leaving the unsuspecting user with the charges
Some spyware operators are now adopting rootkit behavior to keep under the radar. They install themselves on the system as services, device drivers, Web browser plug-ins or in some other location where the operating system will execute it automatically upon system boot or user logon.
Be aware of adware
Adware is software that displays advertising such as pop-ups and banner ads. Some collect personal information so the ads can target and be customized for the user. Why would you want more advertising? Adware typically is installed in conjunction with some other free software that the user actually wants. When downloading or installing the free application, the user also agrees to allow the adware to run. Legitimate products let the user uninstall or disable the adware, but doing so typically disables the primary software. Kazaa (an example I have used previously in this series) is a free, file-sharing application that is financed by bundling adware such as Cydoor. But some people might consider Cydoor to be spyware because uninstalling it is not simple. Some other programs force the user to purchase a removal tool. How anyone could consider such a business model ethical is beyond me!
People who foist unwanted software onto other people's computers have started to sue anyone who describes them as adware or spyware. iDownload/iSearch is one example; they have threatened numerous Web sites and software vendors. Another plaintiff is New.net, which has sued Lavasoft for including their wares in the AdAware database but with little success (Click here for more information).
How do you get infected with spyware? The most common methods are:
- Tricking the user by displaying false or misleading dialog boxes or browser windows (for example, iDownload/iSearch, take a look at the screenshots here
- Bundling the malware with what appears to be legitimate software
- Attaching it to an e-mail message that the user views or executes
Each method requires the user to take action that leads to undesirable results. Sometimes, spyware can be installed with no user interaction at all -- it exploits insecurely configured systems or unpatched security vulnerabilities. Additionally, if an attacker has physical access to your system, they can install anything they want without your knowledge.
We will take an in-depth look at defending yourself from all the forms of malware discussed in this series in future tips.
In short, before you get infected you want to avoid the malware. After you've been hit, you want to detect and remove it. Avoidance requires multiple layers of defense including up-to-date patches, running current antivirus and antispyware software, network firewalls, system hardening, strong passwords, and doing all of your day-to-day activities using an unprivileged account.
Detection and removal requires running up-to-date antivirus and antispyware software. You can also use free tools such as Microsoft's Windows Malicious Software Removal Tool.
About the author: Kurt Dillard is a program manager with Microsoft Solutions for Security. He has collaborated on many solutions published by this team, including "Windows Server 2003 Security Guide" and "Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP". He has also co-authored two books on computer software and operating systems.
More information from SearchWindowsSecurity.com
This was first published in June 2005