Controlling Spyware and Adware

Click on an intriguing ad, and a barrage of pop-up windows floods your screen. Run what looks like a legitimate adware scan, and your browser never acts the same, redirecting you to all manner of unsavory Web sites. Install free software without reading the license agreement, and the next thing you know your computer slows to a crawl—possibly due to the cumbersome software now tracking your online movements. Welcome to the mystifying world of spyware and adware. Often annoying and sometimes hazardous, these security risks have become an all-too-common part of our online lives. And they’re only becoming more widespread.

So what exactly is spyware, and how is it different from adware? What sort of harm can these programs cause? Is there anything you can do to avoid them? These are all good questions. And despite the confusion often surrounding these technologies, each question has an equally good answer.

Is it spyware, adware, or simply unwelcome?

There is some debate—even among security experts—over the definition of spyware. However, most spyware programs share a few distinguishing characteristics. A kind of information gathering software, spyware may find its way onto your computer without your knowledge or permission. It ordinarily runs in the background, collecting information or monitoring activity, and it can relay that information to some other cyber-location. A lot of spyware harvests information related to your computer and how you use it. For example, it may monitor your Web browsing patterns or the kinds of software you’re running. More sophisticated forms of spyware have been known to capture and transmit highly personal information, from passwords and user names to credit card numbers and instant messages.

Adware is slightly different than spyware. Although it may also run without your consent or knowledge, adware programs are more intent on displaying advertising content on your computer. Often using pop-up windows, adware programs flash advertisements and links to other Web sites. Many of these ads tout legitimate products, and adware is more often an annoyance than a security risk. You may even find the information it presents useful. Some adware also monitors your browsing activities and then uses that information to deliver more focused advertising content. Again, this might be considered a positive thing. It all depends on how you perceive targeted marketing. Some people find it disturbing, or even an invasion of privacy.

In the end, the question becomes, what is the main purpose of the program. If the program installs itself on your computer so it can capture private information, it’s spyware. If the main purpose is presenting ads or routing you to a commercial site, it’s adware. Of course, what you call the software doesn’t really matter; the most important question is whether you want it on your computer. If it compromises privacy and security as you define it (or at a minimum, becomes an nuisance), then it falls squarely in the category of unwelcome software. And that means you need to learn how to deal with it.

How harmful can it be?

While a lot of spyware and adware programs are fairly harmless, some spyware puts your privacy, data, and identity at risk. These programs employ clever, highly sophisticated methods to get at your most private information. For example, some spyware uses a special kind of software to capture every keystroke you make. That means the content of your emails and instant messages, your log-in names and passwords, even your diary entries, are fair game. With these kinds of tools at their disposal, identity thieves and other online criminals have begun using spyware to perpetrate fairly elaborate frauds. Some have even gone so far as to use sham antispyware software to slip their own spyware onto unwitting users’ machines.

It’s clear some kinds of spyware are more than a nuisance. However, that’s not to say their more benign cousins aren’t also a serious problem. Programs that constantly launch pop-ups are maddening. And some spyware and adware, working busily in the background, can dominate your system’s resources, sometimes bringing down your entire system. While a slow machine is annoying for anyone, it’s especially hard on home office users—creating the kinds of performance issues a small business just can’t afford. So, whether they pose security risks or performance headaches, it’s imperative to keep these unwanted programs off your computer.

Where does it come from?

So, how does this unwelcome software find its way onto your computer? It can happen in a number of ways. Often it gets installed along with other programs you’ve loaded. Of course, there’s probably some sort of notification within the software’s licensing agreement. However, these agreements tend to be quite long, and most us don’t read them in their entirety. In a typical scenario, spyware or adware gets bundled with freeware you download from the Internet. While some see this as a fair tradeoff (you get free software; they get to observe your habits), others find it deceptive and invasive.

Meanwhile, a lot of unwelcome software makes its way onto your machine as you surf the Web. Often called drive-by downloads, unscrupulous adware and spyware programmers use pop-up windows, ActiveX® technology, and Web browser security holes to install information-gathering software without your knowledge or consent. In many cases, they get you to trigger a download by clicking on a pop-up window or fake dialog box. Some of them even design windows which contain an urgent or enticing message. It might offer a free gift or claim you need to download some software to see a Web page. The window often presents what appears to be a yes or no choice. In reality, if you click anywhere on the window, it will download spyware or adware to your computer. In general, downloading unwelcome software requires some action (or inaction) on your part. That’s good news, because it means you retain a fair amount of control.

How do you avoid spyware and adware?

A lot of unwelcome software ends up on your computer in part because of something you did or did not do. Knowing this, it’s important to take a careful approach to surfing and other online activities. The following practices can reduce the likelihood of inadvertently downloading unwanted spyware and adware:

Be selective about what you download to your computer. If you don’t have a reason to trust the company providing a piece of software, hold them to increased scrutiny. Visit their Web site to learn more about the people behind the technology, as well as the technology itself.

Read licensing agreements. Don’t just scroll to the bottom and click the “I accept” button when installing freeware. Instead, read each agreement carefully and look for language pertaining to information-gathering activity.

Watch out for antispyware scams. The Web is rife with “antispyware” tools that do little or nothing to prevent spyware. Some even make it worse. Purveyors of these tools often provide free scans, which almost invariably identify hundreds of spyware programs on your computer. They then immediately ask you to buy their bogus product.

Beware of programs—especially freeware—that flash clickable ads in the user interface. Their presence is a red flag, and it’s possible someone is watching how you respond to them.

Keep your Internet browser up to date. Because browser security holes are a common pathway for spyware and adware downloads, it’s important to apply any and all security patches when they become available for your browser.

Disable ActiveX unless you really need it. ActiveX is a common tool for installing spyware without your knowledge or consent, and you can always turn it back on should a trusted site require it.
These recommendations go a long way toward reducing the amount of unwelcome software on your computer. However, even the most vigilant users can’t stay on top of everything. That’s especially true as the methods of spyware distribution continue to evolve, taking on ever more sophisticated guises. Fortunately, despite the widespread existence of fly-by-night antispyware vendors, it’s possible to get effective spyware protection tools from trusted security experts.

When choosing an antispyware tool, it’s important to remember spyware and adware don’t operate in a vacuum. In fact, some of the most dangerous and sophisticated Internet security threats use other, more malicious tools in combination with spyware. These multi-dimensional threats require multi-dimensional defenses. That’s why Symantec has developed Norton Internet Security™ 2005 AntiSpyware Edition. While continuing to offer firewall security, virus protection, spam prevention, and privacy controls, it also automatically detects and removes spyware and adware known to be a security risk. When it detects less hazardous spyware or adware, it prompts you to make a decision. That way, you control what gets in, what stays out, and what remains on your computer.

In the end, that’s the only way to get a handle on unwanted, uninvited software: by taking control. Spyware and adware aren’t going away anytime soon, and you need to take charge of the situation, making informed decisions based on your preferences. Controlling spyware requires a new kind of savvy and a new set of tools. Fortunately, the tools are out there. The rest is up to you.

© 1995-2005 Symantec Corporation.
All rights reserved.