Spyware v. Malware
Before answering the question, "What is the definition of spyware?," we need to understand what it isn't. Many people, including security professionals, tend to lump spyware, viruses, worms, keyloggers, etc. under the umbrella of malware. For example, according to wikipedia.org (2010):
Spyware is a type of malware that is installed on computers and collects information about users without their knowledge.
This is sort of true. Spyware does report user information to a central server. However, it doesn't do it for malicious purposes. So I don't like including it in the same drawer with software that does.
I prefer the following definition, which I created for the purpose of this article:
Spyware is any application which, either knowingly or unknowingly, collects information about a user's habits. It transmits this profile of user behavior to a central server where it is used for marketing and other types of analysis.
So the difference is whether the software is distributed with intended harm to users. Does its use comprise data theft? As we'll see next, this is a big point of contention with privacy advocates.
Finally, whatever the definition, spyware produces revenue- lot's of revenue- for the company distributing it.