written by: Tom Olzak, CISSP•edited by: Lamar Stonecypher•updated: 2/11/2010
Have you ever wondered how spyware works? How does spyware get onto your computer? What happens if you get spyware? This article answers these questions and more.
slide 1 of 2
Paths to Your Computer
So how does spyware get onto your computer? Spyware, like viruses, gains access to your computer with your help--or with the help of your manager or the government. Commercial spyware distributors, often working for a client, rely on various methods to "encourage" your participation. The following are three of the most common ways spyware is installed so unsuspecting users provide information on their computing behavior:
Piggybacking. Very often, spyware is included with an application you intentionally download. Your permission, and therefore your willing participation in the spyware's installation, is usually hidden deep in a license agreement. And even if the distributor of the unwanted software seeks to avoid the ire of privacy advocates, placing information about the spyware in plain site, the wording of the agreement may use confusing legalese.
Monitoring. When in possession of a warrant (hopefully), law enforcement personnel may install monitoring software on your computer. This is usually done remotely and without your knowledge. Your employer has even more freedom when monitoring your use of business-owned computers. No warrant is necessary. Further, no consensus exists regarding privacy rights of employees while in the workplace. (For more information on workplace privacy issues, see Workplace privacy versus computer abuse prevention: Which prevails?)
Drive-by Downloads. When visiting certain sites, you may be asked to download software. Similar to piggybacking, it may be necessary to install software partnered with spyware in order to get access to full site functionality. In other cases, the site may just drop a data collection cookie on your computer. And even if you are asked first, your refusal to accept the software will have some consequence, even if it is only a repeating--and very annoying--request for permission to install the site's software.
slide 2 of 2
What Spyware Looks Like
What happens if you get spyware? Regardless of the purpose of a specific spyware application, its developers will have tried to accomplish three things:
Spyware will likely be invisible to the user. This doesn't mean that, like rootkits, they are not visible if you look closely. However, a normal user will not know where to look and therefore will not know the software is happily running "under the hood."
A single instance of spyware will have little or no impact on performance. Like number one above, the purpose of this spyware criterion is to ensure a user doesn't get frustrated and start looking for things making his or her computer, network connection, Internet response, etc. fall below acceptable levels. Spyware developers aren't always successful, so degraded performance is still a good way to identify spyware presence. It is the accumulation of spyware applications, due to user abandonment of due diligence, that results in the system problems associated with spyware.
If the spyware is visible, it will masquerade as a useful tool.
Let's look a little closer at number three.
The most common face shown by spyware is the ubiquitous browser add-on toolbar. Not all toolbars collect your data. However, the toolbar that doesn't is an exception. Be sure to read the license agreement before installing an interesting-looking toolbar--or any other browser add-on. If no license agreement exists, or it is indecipherable, proceed with extreme caution.
In the next article in this series, we look at ways to detect spyware.