Pin Me

How to Detect Spyware

written by: Tom Olzak, CISSP•edited by: Lamar Stonecypher•updated: 2/15/2010

Detecting spyware is easy if there is a lot of it on your computer. If only one or two instances exist, it isn't so easy to realize someone is collecting your information. In this article, we examine ways to detect spyware on a computer, no matter how much you've downloaded and installed.

  • slide 1 of 2

    Spyware Symptoms

    Most people begin to realize there is a problem when their computer begins slowing down to the point at which processing and window displays take two to three times longer than normal. Another good indication of a problem is consistent, context-sensitive advertising displays, even for sites which pride themselves as being ad-free. These symptoms so frequently indicate the presence of spyware or adware, that our help desk automatically performs a spyware scan when a user complains about them.

    But what if you don't yet have enough spyware to make performance issues or ad displays unacceptable? Maybe you have already taken steps to keep these applications off your computer. The question is how to detect spyware on computers when it is still running "silently."

    In addition to performance and ad display issues, the following are two things to watch for:

    • Do your Web browser settings change by themselves, especially the browser's home page? One of the things spyware likes to do is change the initial page which displays when you load your browser. Even if you change it back to your preferred site, the spyware will eventually--usually immediately--change it back to its preferred site. This and any other browser options which seem to change by themselves, often visible by a change in browser behavior, are a good sign that you are infested with spyware or adware.
    • Does your Web browser display additional add-ons or do you receive error messages for things you don't remember installing? If the answer to either of these questions is yes, you probably have spyware, or something worse, running on your computer.

    So what do you do if these symptoms show up on your computer?

  • slide 2 of 2

    Quick Spyware Detection

    It's easy to detect spyware which may have found its way to your hard drive. You don't even have to load any software. There are many places on the Internet where you can use an online tool to quickly scan your computer. I used one such tool for this article: CA's Online Threat Scanner. (Note: Only IE 5 and above is supported.)

    Before we look at how this works, it’s important to understand that not all online or downloadable quick spyware checkers are safe. In fact, many spyware distributors get you to install their spyware by providing a spyware scanner to find other people's spyware. Even worse, cybercriminals may try to take over your machine by ostensibly offering a free scanner. So only use tools, whether online or not, from sources your trust.

    To run OTS, I had to accept a EULA (end-user license agreement). I also had to download signature files which help the scanner locate spyware and viruses. Even if you have an anti-virus program installed- if you don't you have bigger problems than spyware- it never hurts to get a second opinion.

    Figure 1: Spyware Scan Results Figure 1 shows the scan in progress. When it completed, it reported that my test system had over 200 low-level risk cookies installed. Like most online scanners, OTS did not provide a way to remove them. Instead, I was asked to purchase a product to complete the process.

    Fee-based and free spyware scanners, cookie management, and other preventive and removal methods are topics we examine in the next two articles.

Understanding Spyware

This series of articles explains what spyware is (and is not), how it works, and how to combat it.
  1. What is Spyware?
  2. How Does Spyware Work?
  3. How to Detect Spyware
  4. Free Anti-spyware Tools and Techniques
  5. Buying Spyware Protection