Spyware (and adware)

What is it?

In the broadest sense, spyware is any software that aims to extract information about you and your computer activities, or changes the functioning of your computer, generally without your knowledge or consent.  

Spyware includes annoying forms of "adware" -- advertising-related devices that track your Web surfing habits or generate targeted advertising content.  It also includes truly dangerous software that can alter how your computer functions, or monitor and record every aspect of your computer activity.

Like viruses and other malware, spyware is an inevitable plague of modern computing life for anyone who wants to use the Internet.  But the risks can be managed with anti-spyware tools, and many of these are available free.

If you're the sort of person who likes to learn about such things, read on.  If you just want to prevent problems, and can live happily without knowing more, go directly to our anti-virus and anti-spyware page for instructions on obtaining free software to protect your workplace or home computer.

How do computers get "infected"?

Basic forms of spyware can be picked up simply by visiting a Web page.  Spyware may also be acquired through e-mail.  You are particularly likely to be exposed to it by downloading software, in particular "freeware" and "shareware" offerings.  Use of peer-to-peer services for downloads is virtually certain to result in infection.

Many software downloads are "free," but within the end user license agreement (EULA) are provisions to use information from your computer or your email and other contact information.  You have to agree to the EULA to download or install, so you essentially agree to allowing someone else to use information about your computer or you.

That's why the definition of spyware is "generally without your knowledge or consent."  Often, you've consented.  You just don't realize it because you didn't read the fine print.  This is why the definition of spyware sometimes includes the lawyer-ism "potentially unwanted technologies."

What are the symptoms of infection?

Adware forms of spyware often operate silently, monitoring your Web surfing activities and reporting back what sites you have visited to a marketing organization.  Others display “pop-up” ads on your computer's desktop or in browser windows.

More aggressive spyware will reset your browser's home page (the page that appears when the browser starts up), change the service your browser uses for Web searches, or add new sites to your favorites list.  Or produce even more invasive advertisements. 

The most damaging spyware programs can actually install "trojans" -- computer programs which allow other people to remotely access an infected computer.  Such spyware programs can run silently "in the background," and are capable of doing anything that a typical computer program can do which does not require your intervention.

What could that include?  Installing even more invasive forms spyware on your system, or using your system to send spam and spyware to others, are a couple of possibilities.

Sometimes a spyware-infected computer will run more slowly due to all the activity going on in the background.  But just because your computer seems to be running at normal speed doesn't mean you are safe.  Neither does an absence of advertisements or any other common spyware symptom.

Can protective software help?

It's essential!  And it's free.  Unfortunately, there is currently no anti-spyware product that is really capable of removing all forms of spyware by itself.   The more types you use, and the more often you run them, the safer you will be.

For your work system, use Microsoft AntiSpyware.   For your personal system, any/all of these three are good choices if you are looking for something free.   A variety of commercial (not-free) products are also available. 

  • Lavasoft AdAware -- Lavasoft offers a basic version of its anti-spyware for free, downloadable via their Web site.  Only for Windows systems.
     
  • Microsoft AntiSpyware -- Microsoft's (currently) free software can be downloaded from their Web site.  Only for Windows systems.
     
  • Spybot Search & Destroy -- A highly-regarded private effort that can be downloaded at this Web site.  Only for Windows systems.

What will the protective software do?

Like anti-virus software, anti-spyware will scan all the files on your system, looking for suspicious objects.   As with anti-virus, it is critical to keep the software up to date with the latest "signatures" (the digital fingerprints of spyware), so that the newest versions of spyware can be detected.

After a scan, spyware reports back with what it has found.  You have the option to remove everything, or keep some selected objects.   In most cases you'll opt to remove it all.

Some anti-spyware will also monitor "actively" for suspicious activities.  (Turn on Microsoft AntiSpyware's "real time protection" to do this.)  Helpful as this is, you should still run periodic file scans.

Cookies, for good and ill

When you have run a scan, why would you ever let your anti-spyware leave anything behind?   Because some spyware can be, in a very limited number of cases, helpful.

You have probably heard the term "cookie" in the context of using the Internet, and you may even know that it refers to a computer file.  Specifically, it is a file that contains information about you and your Web browsing, to allow tracking of your activities.   This kind of spyware is sometimes called "trackware."  You will also see the term "persistent identification element."   (Yes, that's PIE and cookies.)

Are these a bad thing?  Not always.  Web sites regularly use cookies and "session variables" to keep track of where you have been on the site.  This can enhance your experience -- e.g., to remember the particular pages you've visited, so you can quickly return to them.   Not coincidentally, this also helps the site's designers figure out how to make it more attractive, which can help their business.  You'll have to decide if the cost in privacy is worth the convenience to you.

Cookies that sites use to do this are called "first-party cookies" -- because the company that produces the site generates and uses them.  In the spyware report, they will typically reveal their affiliation by including the name of the company in the file name.  Cookies that track your behavior across many sites, typically tracked by a marketing organization, are called "third-party cookies."   Most likely, you'll want to get rid of those.

You can set your browser to reject all cookies, but that will cause some Web sites to perform in a limited way and others will not perform at all.

(For the record, UM's public sites generally don't use cookies, and the information logged by them are the standard ones: your IP address, browser type, page requested, time of request, session id, etc.  For security purposes, some of our private, internal sites track usage more closely and use cookies and/or session variables to identify users.)

Beyond cookies -- backdoors, botnets et al

Tracking cookies may not be as innocent as their name, but they are innocent compared to the more malevolent forms of spyware that aim at extracting data from your computer, monitoring your behavior, or commandeering your system's resources for malign purposes.

Spyware programs such as botnets, droneware, key loggers and screen scrapers represent a true menace.   And it is menace not just to you and your privacy, but to the privacy and security of the organization for which you work, and the privacy of all the customers and employees of that organization. 

What else do I need to do?

Software can't do it all.  You need to control your own behavior if you really want to be safe.

First and foremost, don’t install any application unless you are certain of what it does or where it came from.  Computers on the Medical Center network should only install and operate approved, business-related applications.  DO NOT install other applications on School of Medicine computers, no matter how tempting.

If you think you’ve downloaded spyware inadvertently, you can try detecting it using one of the anti-spyware programs above, and remove it by following the instructions.  If this doesn’t work, please contact the Help Desk.

Spyware vs malware

So how is spyware different than malware like viruses, worms and trojans?   The distinction is less one of form than of function.  Spyware's central aim is extraction of information -- either by harvesting data stored on computers or by monitoring a user's computer activities. 

Malware sometimes extracts information as part of its mischief, but those beasts also aim at more diverse forms of mayhem: destroying files, using the infected computer as a "zombie host," and so on.

Learn more

Protecting your computer from spyware (Microsoft: Security At Home)
How computers get infected with spyware, symptoms of infection, and ways to prevent it.

Recognizing and Avoiding Spyware (US-CERT)
Common-sense tips for spyware avoidance and detection

Spyware Glossary (Anti-Spyware Coalition)
All the terms that refer to the family of beasts known as spyware (PDF format)