The news about "spyware" and "adware" is that there's no good news. Certain kinds of spyware are invasive and distracting. Some kinds are nearly impossible to remove without entirely rebuilding your computer, but may be quietly insidious. Some species share all these characteristics.
"Spyware" is a common term, though difficult to define, for a computer program that "spies" on you, typically on behalf of some marketing outfit; it tracks where you travel on the Internet, and, if well designed, it is invisible to you. "Adware" spews advertisements most often in the form of "pop-up windows" in your web browser (such as Internet Explorer), though pop-up ads in themselves do not indicate that your computer is infected with adware, and they appear on many web sites as a matter of course.
There's little you can do to avoid these nuisances if you spend much time on the Internet.
For convenience I use the single term "spyware" to refer to various unsolicited computer programs in most of what follows. I will presently explain the distinction, to the extent that there is one, between "spyware" and "viruses."
Malicious Software
The broadest term is "malicious software": software on your computer that you didn't knowingly or willingly install, or else thoughtlessly installed, or were tricked into installing. This software often serves others' interests without your being aware of the fact. It sometimes affects the proper functioning of your computer and possibly your local computer network, as well as other computers around you.
In the case of spyware, you most often will have "signed" an "End User License Agreement" (EULA) that you didn't carefully read, in order to download and install a program that's "cute" or ostensibly useful. You may have just visited a web site. That's sometimes all it takes.
The distinction between viruses or worms, so-called, and spyware is largely artificial. The principal difference is that the former are usually contagious (i.e., they're built to be spread unwittingly by their carriers, usually Windows PCs these days), while the latter is usually, if not always, picked up during intentional encounters and held close.
It's not to be assumed these close encounters are of an illicit sort: The Internet is a jungle, to be sure, and it provides a home to lots of friendly animals. One may nonetheless pick up an instance of spyware merely by visiting a favorite web site.
At present spyware targets Windows PCs much more than Macintosh computers or machines running other operating systems such as Linux. Some spyware may prevent you from getting your work done, especially if you depend on a web browser like Internet Explorer to do your work. But no web browser is, in principle, immune.
And spyware is "legal" in most circumstances (so far), while the relevant authorities will try to hunt down and prosecute virus and worm authors. The game is constantly changing, though. Spyware providers may well eventually design their products to spread themselves as efficiently as certain viruses or worms. There may eventually be laws regulating spyware in a meaningful way.
What to Do about Spyware
An important defense against malicious software comes in the form of protective software. This defense is available freely to Stanford affiliates at http://ess.stanford.edu/. Stanford has paid to hire these sentries for you.
- Symantec AntiVirus for the PC and Norton AntiVirus for the Mac.
- SpySweeper for the PC. Other anti-spyware tools that are helpful in prevention and removal are also freely available on the Internet. See "Additional Reading and Resources" at the end of this article for several that are pretty good, and safe to use.
But you still have your own obligations, especially if you use a Windows PC. The best advice to protect yourself from spyware and adware annoyance and invasion is:
- Think twice before visiting web sites with free software that you can download, or web sites that you wouldn't want your children to visit, or web sites that you don't need to visit.
- Don't download and install too much free software - or even "shareware" - unless you're pretty sure you know what you're doing, or are following reliable advice. Install only the software you really need.
- Keep your preferred web browser current and up-to-date. At this time, Internet Explorer is of particular concern, and you may keep it updated using BigFix or the Windows Automatic Updates service, preferably both.
The old saying that an ounce of prevention is worth a pound of cure is apposite: If you can avoid your computer's becoming infected with spyware, then avoidance is the course to take, to the extent possible.
Please know that no one responsible for Stanford's networking infrastructure is paying attention to your computer, unless it's creating problems on the network. You simply have a job to do, and those who provide networking services only want you to get your job done. Just play it safe for your own sake, the sake of those who share your local network, and that of the technical people who support you.
What Spyware Can Do to You
Spyware can be very obtrusive - even destructive - in its behavior: most spectacularly in the case of "browser hijacking". "Browser hijacking" is analogous to your being taken to a vacation resort not of your choosing, but based on your transient visits to one or another Internet site. You no longer control where your web browser takes you and you may not be able to get your work done. But the story gets worse.
Certain spyware can even grab encrypted information from secure web sessions, including financial transactions. Be especially cautious when an online service offers a deal that seems too good to be true, such as "faster connections" using your existing Internet Service Provider, merely by virtue of installing some additional software. Such services may be snooping on your secure connections on behalf of their corporate clients. Please see "Additional Reading and Resources (Security Violations)" at the end of this article for more information.
HTTP Cookies
And finally, "HTTP Cookies," the same technique that allows Amazon.com to recognize you each time you visit, also may permit marketing agencies and their clients to track your web-browsing habits. You might or might not care that someone is trying to understand your browsing habits, but be aware that someone almost certainly is.
So I must quickly explain "cookies," which are not software applications, and are therefore not technically spyware. The name is strange, and it has a history; you'll find further reading in "Additional Reading and Resources" at the end of this article. Cookies are saved to a file on your computer, are generated by a web server, allow that web server (possibly along with other web servers) to identify you when you visit certain web sites, and more. Cookies aren't necessarily bad. That Amazon.com, among many other web sites, identifies you when you visit is convenient. Cookies can be handy when used as intended. But they can be used to "spy" on you as well, as can many other modern technologies.
Most anti-spyware programs look for certain kinds of HTTP cookies, and will offer to remove them. Removing them may sometimes cause problems, so pay attention when Spy Sweeper, for example, gives you the option to delete a cookie. And cookies, since they're not programs, can't do anything actively malicious on their own.
Where to Go for Help
If your web browser is misbehaving, your computer may well be infected with spyware. You can call 725-HELP , use HelpSU or call your local technical support staff for assistance. You're not alone. But please do what you can to avoid having to call for such help by following the advice I've offered.
Additional Reading and Resources
The following links offer additional reading and resources:
Free Anti-Spyware Utilities:
HijackThis (for more experienced computer users)
