Wednesday, May 16, 2007

A Short History of Spyware

One of the mild inconveniences associated with being an executive at a security software company is you find yourself doing a lot of trouble-shooting and question-answering for friends, family and neighbors. One of the questions I get asked most, apart from "what are computer viruses?" is "what is spyware?"

The term "spyware" denotes a class of computer programs that:

1. Install without permission (or on the basis of misleading info)
2. Maintain a presence on your PC on terms you never agreed to
3. Interface with a human (or machine) you have not requested a relationship with
4. Transmit data using a system you have no control over
5. Typically do not come with "uninstall" routines ;-)

In other words, spyware is something you never asked for from someone you don't know. It is a tool that transmits an unknown amount of your personal data to an unknown destination using systems you know nothing about. It is something designed so you won't know it is there, and won't be able to get rid of it once you find it.

Authentium is the world's leading licensee of antispyware technologies, and we maintain a useful database and pretty terrific scanner of our own as well. One thing I have noticed in all of the demonstrations I have witnessed on antispyware over the past few years is that a slowdown in computer performance is a usually-reliable sign that you may be infected.

If your machine is acting strangely, or performing slower than normal, it is time to run a spyware scan. Spyware is generally written in a hurry, and not optimized to utilize your memory in the most efficient manner.

Some people make the mistake of thinking "if I can see the program, then it isn't spyware." Be careful. Spyware is not necessarily invisible upon install: in fact, some of the most effective forms of mass-market spyware are known to masquerade as browser toolbars, antispyware applications (!), and video games - and conduct their nefarious activities in plain view of the target.

For more information, Wikipedia has an excellent overview of the origins of spyware, including a couple of data points that I was unaware of (such as the first use of the term back in 1995, on Usenet) - here's a snapshot of that info in bullet-point form:

* The first recorded use of the term spyware occurred on October 16, 1995 in a Usenet post that poked fun at Microsoft's business model.

* Spyware at first denoted hardware meant for espionage purposes.

* In early 2000 the founder of Zone Labs, Gregor Freund, used the term in a press release for the ZoneAlarm Personal Firewall. Since then, "spyware" has taken on its present sense.

* In early 2001, Steve Gibson of Gibson Research realized that advertising software had been installed on his system, and suspected it was stealing his personal information. After analysis, he determined that it was adware from the companies Aureate (later Radiate) and Conducent. Gibson developed and released the first anti-spyware program, OptOut.

* According to a 2005 study by AOL and the National Cyber-Security Alliance, 61% of surveyed users' computers had some form of spyware. 92% of surveyed users with spyware reported that they did not know of its presence, and 91% reported that they had not given permission for the installation of the spyware.

* As of 2006, spyware has become one of the preeminent security threats to computer systems running Microsoft Windows operating systems. In an estimate based on customer-sent scan logs, Webroot Software, makers of Spy Sweeper, said that 9 out of 10 computers connected to the Internet are infected.

* Computers where Internet Explorer (IE) is the primary browser are particularly vulnerable to such attacks not only because IE is the most widely-used, but because its tight integration with Windows allows spyware access to crucial parts of the operating system.

No comments: