Spyware/Malware

Update: 08/17/2004

A new and annoying spam problem is affecting Windows computers. This problem manifests itself as popup advertising messages that appear on your Windows desktop. Unlike the spyware/malware discussed below, these messages aren't coming from your computer, and don't necessarily mean that your computer has been compromised. This remote messaging feature is built into Windows networking. The best solution is to install personal firewall software, such as ZoneAlarm (free for personal use). You can also disable the Messenger service in Windows 2000, under Control Panel/Administrative Tools/Services/Messenger. Stop the service, then set the Startup type to "disabled". However, the firewall is a better solution.

Spyware is a growing problem in the online world. By reading this document and making use of the suggested strategies you can protect your on-line privacy and avoid inappropriate use of your computer's resources.

What is Spyware/Malware?

Spyware, also known as "malware", "scumware", and less-complimentary names, is most commonly software that monitors your computing activities and reports those activities back to a central server. Many spyware programs track your web-browsing activities for advertising purposes. For example, if you're looking at a lot of web pages from car companies, the spyware might feed you a pop-up ad from an auto dealer.

Besides the obvious privacy issues involved in tracking your web activities, spyware presents ethical problems from a business standpoint. A business which has invested time and money to create a web presence is not likely to appreciate a competitor's ad popping up every time a user views its site. Some spyware pastes its own banner ads over existing ads on a web page. Other spyware adds new hyperlinks to web pages. These links could be confused with legitimate links put in by the web page owner.

Spyware can harm a web site financially (through lost advertising revenue) and could potentially damage a site's reputation. It might appear that a page is linking to a questionable site when in fact the creator of the page has done no such thing.

Other forms of malware (not common at present, but under active development) steal processing time from your computer and use it to work on commercial activities. At a minimum, these programs will make your computer run slower, and may consume memory and disk space that would be better allocated to your own activities. Note that there are some legitimate programs that use spare resources for distributed computing. These programs (e.g., SETI@Home, Folding@Home) shouldn't be confused with malware. The difference is that legitimate distributed computation software makes it clear to you in advance that your computing resources will be used by a third party. Malware, on the other hand, tries to conceal this fact.

Where Does Spyware Come From?

Spyware rarely informs the user of its true nature when it is installed. The spyware companies know that few users would consent to having their web surfing monitored and reported back to an advertising company, so they resort to concealment.

Common strategies for spyware installation include:

• The EULA Strategy: Some programs (especially file-sharing programs) install spyware along with the application that the user intended to install. Though they do "notify" the user that third-party software is being installed, the notification is usually buried in the fine print of the End-User License Agreement (EULA). Users rarely read the dozens of screens of legalese in a typical EULA, so it's easy for a user to "consent" to the installation of the spyware without being aware that he or she is doing so.
• "Drive-by Downloads": Some web browsers (e.g., Internet Explorer for Windows) make it easy for a company to install software directly from a web page. This facility was designed for installing plug-ins to view multimedia files, Active-X controls for online games, fonts for international languages, and other legitimate uses. The spyware vendors misuse this functionality to install their applications on your machine. Again, the user receives a "notification" that the software will be installed, but this is often worded in a misleading fashion. When faced with a dialog box, many users reflexively click OK without reading the text in the box. As with the EULA strategy, this allows the spyware vendor to claim that the user has been "notified" that the software will be installed.

How Can I Detect and Remove Spyware/Malware?

Many anti-virus companies are adding spyware detection to their existing products, but for now the best strategy is to install a dedicated spyware scanning program. As with anti-virus software, it's important to run the software often and to update it regularly. New types of spyware are being developed all the time. The most popular anti-spyware program for Microsoft Windows is Lavasoft's Ad-Aware. The program is free and is constantly being updated. Another effective spyware remover is Spybot. This program is also free and can help prevent spyware from being downloaded. The university licensed VirusScan 7.1 program also helps detect and remove malware. VirusScan 7.1 can be downloaded from Software WebStore.

Mac users are fortunate; few spyware companies are currently targeting their platform. This could change at any time, so students running Macs need to stay on top of the spyware issue. CTER Technical Support will update this page with new information as it becomes available.

Document created by Tony Hursh, August 7, 2002
Updated by Doe-Hyung Kim, August 17, 2004
Questions or comments about this document should be directed to CTER Technical Support.