Spyware is malware whose purpose is to gather information about a user or system. The type of information gathered by spyware includes:
- Keystrokes
- History of web sites visited
- Personal information
- Financial transactions
Generally speaking, spyware is software installed on a computer without the target user’s knowledge and meant to monitor the user’s conduct. Most of the time, in domestic practice, the target is email, instant messages, Internet activity, and chat rooms, but the software will record everything that the user does, including financial record keeping, the preparation in a word processing program of letters to counsel, or the keeping of business records. Some spyware is used to gather personally identifiable information like passwords, credit card numbers, and Social Security numbers, all useful for those interested in fraud and identity theft.8
Spyware is a growing threat. In the first half of 2007, spyware infections prompted 850,000 U.S. households to replace their computers.9 Since most of us keep sensitive information (like personal correspondence, professional records, and financial information) on our computers, and most of us use the Internet for sensitive transactions from our computers, the presence of spyware is particularly disconcerting.
In December 2013, spyware enabled hackers to steal millions of usernames and passwords:
Hackers have stolen usernames and passwords for nearly two million accounts at Facebook, Google, Twitter, Yahoo and others, according to a report released this week. The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers.10
Given the nature of spyware, all 2 million of those users had to have given their permission at some point for that spyware to be installed on their computers.
How does spyware get on my computer?
Like some other forms of malware, spyware typically gets onto our systems via downloaded software and Internet pop-up ads. A user clicks on a pop-up ad, giving a program permission to install. Spyware often accompanies adware (which we talk about a little later).
In some cases spyware may be deliberately installed on a home computer in order to track user behavior. For example, parents with a high-risk teenager may find it appropriate to install spyware in order to track their teen’s online behavior. Similarly, in cases where there is suspicion of illegal activity online, some individuals have chosen to install spyware on their home computers in order to determine whether a spouse is accessing illegal pornography or cheating within the relationship. I personally know of situations in which parental use of spyware has saved naïve teens that were descending into an online relationship with a predator, and other situations in which a spouse was detected accessing child pornography. These are both situations in which the use of spyware on a home computer feels justified. But the lines aren’t entirely clear at all times.
How do I protect my computer from spyware?
Just a few years ago, major antivirus vendors lagged woefully behind in dealing with spyware, requiring users to seek other solutions. Thankfully, the major antivirus vendors (Symantec and McAffee) have begun to catch up and anti-spyware functions are now standard in antivirus software packages.