Defining spyware

‘Recent studies show that spyware is the fastest-growing online threat facing today’s computer user. Privacy experts recommend that every computer connected to the Internet should have anti-spyware software installed’.

‘Recent studies show that spyware is the fastest-growing online threat facing today’s computer user. Privacy experts recommend that every computer connected to the Internet should have anti-spyware software installed’.

This quote, taken from a spyware vendor’s web site, is specially designed to have you reaching for the plastic, but if you think about it, it’s a fairly meaningless sentence.   Which studies are we talking about?  Who ran them?  When?  Which experts are we talking about?  

This pseudo-authoritative waffle says no more than ‘9 out of 10 cats prefer brand-x to other cat food’ or ‘you can’t tell brand-x from butter’ or other advertising half-truths. One thing that is true is that the advertising works – spyware is on the lips of your MD today, and he wants to know what you’re doing about it.  Now.

The emotive term, ‘spy’ indicates software spying on you and your company without your knowledge, stealing your secrets, exposing your little foibles, like having a camera in every room of your house, silently recording your every movement and broadcasting it to an unsuspecting world. Er, come to think of it, don’t they make TV shows that way, these days?

Spyware detectors do seem to be the new must-have utility for every PC. But what are you protecting yourself from?   Strangely, it is actually quite difficult to find an answer to a very simple question.

Some people originally defined spyware as keystroke loggers and other such utilities, capable of intercepting passwords you type when logging in to your PC, or your Internet bank, etc. I accept that such products do exist, and that they meet the term ‘spy’. Indeed some are sold ‘so you can keep track of your children’s use of the internet’ which I find ethically abhorrent. But this doesn’t seem to be what the market is about.       

When you download the anti-spyware program, it will happily tell you (as it did me) that you have 157 dangerous spyware programs on your PC and you need to pay your $29.95 to be rid of them. Wow! 157 entries! Really??   Guilty as charged, but I never even knew, honestly, your honour.

A lot of this ‘spyware’ wasn’t, in any real sense of the term ‘spyware’, but only ‘cookies’ left by web traffic.   Technically, a web site writer has the functionality to drop a marker into your PC and to look for it later. These can indicate that you are a returning customer (so perhaps you needn’t re-register, or perhaps you get counted as repeat business) and might contain things like your preference (i.e. for receiving pages in English or whatever), or data carried over from the previous screen. They’ve always been called cookies for some reason, and you probably have a library of them on your PC too. Some people mistrust cookies on principle, because they store something about you (like that you visited Amazon.com). You can, if you wish, block cookies already, and some people do.   However, there’s a minor problem that, without being able to use cookies to carry intermediate results during the process, some sites won’t even function, and with others your ‘browsing experience’ is rather shaky.

Cookies can, of course, become quite sophisticated as web authors learn to exploit the technology to greater effect, but most people see no real issue with this.   Even the advertising control mechanisms, which try to predict what advertising is most relevant to you, and which know what ads you’ve clicked on, what site you were on when you did, and what other sites carrying ‘their’ ads you have actually visited, seem not to get the average citizen worried.  You probably have several of these in your machine, from competing Internet advertising companies, and probably don’t notice. Actually if this is a concern, the Tesco Clubcard says more about you than most. 

As well as storing things on your PC, the web pages might actually send snippets of information back to the host, usually to ‘enhance your browsing experience’ by noting things like your choice of browser, or the type of PC you have.  

I do know that sometimes web sites will download applets, which pass limited information between your PC and the host, to aid the operation of their programs. Quite often software programs will install, as part of their load process, subsidiary programs, which under certain circumstances will send information back to a company server, containing error codes, or version numbers, or other information used by the process. 

However, in most cases this is innocuous, despite the allegations to the contrary. I guess you have to ask what they are likely to have access to, (which if you manage your machine correctly is ‘not much’), and whether anyone is likely to be interested (and even I find most of the content of my PC unremittingly dull!)

In the mind of many people (including me), the convenience of receiving automatic updates is worth the ‘risk’ of my PC telling Logitech that I have Windows XP and am running version 2.22.289 of their driver. I do accept, of course, that others do not think the same way. I met someone the other day who was proud of having turned off Microsoft’s auto-update feature on his home PC, because ‘he didn’t trust what Microsoft was putting into his PC’. Each to their own.

What annoys me personally, and much more than anything we’ve talked about, are things like like Amazon’s personalised ‘Welcome back’ and an assumption that having bought a Lord of the Rings DVD a month ago you are ripe to buy a shedload of tat associated with it, but this is not actually done by ‘spyware’ but by reference to your account details.

One vendor site seems to suggest that his ‘spyware’ program is hunting for manufacturers who put functionality like looking for updates into their systems without telling you, or giving you a chance to opt out. Hmm. However, spyware doesn’t seem to be the traditional Hostile Code, or Trojan Horse programs, which are quite common today, but are addressed by the virus or malicious code market.  Nor does it seem to be hostile diallers, again handled by the anti-virus vendor. I remain slightly puzzled by what ‘spyware’ actually is.  

I can see that somewhere someone just might actually create some commercial software that really spies on you – but the market place is vigilant, and it seems highly unlikely the privacy lobby will miss it. I too value my privacy, and won’t be easily persuaded that people should have unrestricted access (or even limited access) to my data. Any company that actually did anything unethical would be ruthlessly hounded into bankruptcy when they were caught.   Nobody wants to be spied on. However, here is a boundary between someone spying on you, and being attentive to your needs, and the latter must be encouraged, even if vigilance is required to stop that boundary creeping.  

Is ‘spyware’ actually spying on you? I feel very unconvinced.  

However, if you want a healthy body, you take care of your personal hygiene; wash your hands regularly, have a regular medical check up and have the injections against really nasty things that might kill you. If you want a healthy machine, you keep it up to date, give it a periodic check-up for everything including spyware, and have filters to ensure that any really obnoxious surveillance is prevented form ever getting there.

If you want service, the service provider must take a discreet interest in how things are working, and be proactive in dealing with you. A good waiter in an upmarket restaurant will never allow your glass to be empty, but will refill it when it reaches about a third full. He doesn’t stare, he doesn’t spy, he never seems to look at you, but he notices.   A good software product will detect the error, pass back the details to the company and offer you a solution if one exists (or the promise of one). 

And, if you really don’t want people to notice what you do, there’s always the option of becoming a hermit on a remote mountain top, I suspect.   Or in electronic terms, buying a spyware remover, of course.

Give us Your View

Do you agree with Les Fraser’s view on spyware? Or do you think there is a genuine threat from spyware, or adware that needs to be addressed?

Send us your feedback to CWInfoSecEditor@rbi.co.uk

 

Read more on Antivirus, firewall and IDS products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close