Contents:
A popular generic spyware removal tool used by those that requires a certain degree of expertise is HijackThis , which scans certain areas of the Windows OS where spyware often resides and presents a list with items to delete manually. If a spyware program is not blocked and manages to get itself installed, it may resist attempts to terminate or uninstall it.
Some programs work in pairs: Likewise, some spyware will detect attempts to remove registry keys and immediately add them again. Usually, booting the infected computer in safe mode allows an anti-spyware program a better chance of removing persistent spyware. Killing the process tree may also work. To detect spyware, computer users have found several practices useful in addition to installing anti-spyware programs.
Though no browser is completely safe, Internet Explorer was once at a greater risk for spyware infection due to its large user base as well as vulnerabilities such as ActiveX but these three major browsers are now close to equivalent when it comes to security. Some ISPs —particularly colleges and universities—have taken a different approach to blocking spyware: On March 31, , Cornell University 's Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, Marketscore , and the steps the university took to intercept it.
Individual users can also install firewalls from a variety of companies. These monitor the flow of information going to and from a networked computer and provide protection against spyware and malware. Some users install a large hosts file which prevents the user's computer from connecting to known spyware-related web addresses. Spyware may get installed via certain shareware programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack.
A few spyware vendors, notably Solutions , have written what the New York Times has dubbed " stealware ", and what spyware researcher Ben Edelman terms affiliate fraud , a form of click fraud. Stealware diverts the payment of affiliate marketing revenues from the legitimate affiliate to the spyware vendor. Spyware which attacks affiliate networks places the spyware operator's affiliate tag on the user's activity — replacing any other tag, if there is one.
The spyware operator is the only party that gains from this. The user has their choices thwarted, a legitimate affiliate loses revenue, networks' reputations are injured, and vendors are harmed by having to pay out affiliate revenues to an "affiliate" who is not party to a contract. As a result, spyware operators such as Solutions have been terminated from affiliate networks including LinkShare and ShareSale. In one case, spyware has been closely associated with identity theft.
The Federal Trade Commission estimates that Some copy-protection technologies have borrowed from spyware. In , Sony BMG Music Entertainment was found to be using rootkits in its XCP digital rights management technology [18] Like spyware, not only was it difficult to detect and uninstall, it was so poorly written that most efforts to remove it could have rendered computers unable to function.
Texas Attorney General Greg Abbott filed suit, [19] and three separate class-action suits were filed. While the main purpose of this deliberately uninstallable application is to ensure the copy of Windows on the machine was lawfully purchased and installed, it also installs software that has been accused of " phoning home " on a daily basis, like spyware. Spyware has been used to monitor electronic activities of partners in intimate relationships.
At least one software package, Loverspy, was specifically marketed for this purpose. Anti-spyware programs often report Web advertisers' HTTP cookies , the small text files that track browsing activity, as spyware. While they are not always inherently malicious, many users object to third parties using space on their personal computers for their business purposes, and many anti-spyware programs offer to remove them.
These common spyware programs illustrate the diversity of behaviors found in these attacks. Note that as with computer viruses, researchers give names to spyware programs which may not be used by their creators. Programs may be grouped into "families" based not on shared program code, but on common behaviors, or by "following the money" of apparent financial or business connections.
For instance, a number of the spyware programs distributed by Claria are collectively known as "Gator". Likewise, programs that are frequently installed together may be described as parts of the same spyware package, even if they function separately. The first recorded use of the term spyware occurred on October 16, in a Usenet post that poked fun at Microsoft 's business model. According to a study by AOL and the National Cyber-Security Alliance, 61 percent of surveyed users' computers were infected with form of spyware.
Computers on which Internet Explorer IE is the primary browser are particularly vulnerable to such attacks, not only because IE is the most widely used, [48] but because its tight integration with Windows allows spyware access to crucial parts of the operating system. Before Internet Explorer 6 SP2 was released as part of Windows XP Service Pack 2 , the browser would automatically display an installation window for any ActiveX component that a website wanted to install.
The combination of user ignorance about these changes, and the assumption by Internet Explorer that all ActiveX components are benign, helped to spread spyware significantly. Many spyware components would also make use of exploits in JavaScript , Internet Explorer and Windows to install without user knowledge or permission. The Windows Registry contains multiple sections where modification of key values allows software to be executed automatically when the operating system boots.
Spyware can exploit this design to circumvent attempts at removal. The spyware typically will link itself from each location in the registry that allows execution. Once running, the spyware will periodically check if any of these links are removed. If so, they will be automatically restored. This ensures that the spyware will execute when the operating system is booted, even if some or most of the registry links are removed.
Malicious programmers have released a large number of rogue fake anti-spyware programs, and widely distributed Web banner ads can warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware—or else, may add more spyware of their own. The recent [update] proliferation of fake or spoofed antivirus products that bill themselves as antispyware can be troublesome. Users may receive popups prompting them to install them to protect their computer, when it will in fact add spyware.
This software is called rogue software. It is recommended that users do not install any freeware claiming to be anti-spyware unless it is verified to be legitimate.
Some known offenders include:. Fake antivirus products constitute 15 percent of all malware. On January 26, , Microsoft and the Washington state attorney general filed suit against Secure Computer for its Spyware Cleaner product. Unauthorized access to a computer is illegal under computer crime laws, such as the U. Computer Fraud and Abuse Act , the U. Since owners of computers infected with spyware generally claim that they never authorized the installation, a prima facie reading would suggest that the promulgation of spyware would count as a criminal act.
Law enforcement has often pursued the authors of other malware, particularly viruses. However, few spyware developers have been prosecuted, and many operate openly as strictly legitimate businesses, though some have faced lawsuits. Spyware producers argue that, contrary to the users' claims, users do in fact give consent to installations. Spyware that comes bundled with shareware applications may be described in the legalese text of an end-user license agreement EULA. Many users habitually ignore these purported contracts, but spyware companies such as Claria say these demonstrate that users have consented.
Despite the ubiquity of EULAs agreements, under which a single click can be taken as consent to the entire text, relatively little caselaw has resulted from their use. It has been established in most common law jurisdictions that this type of agreement can be a binding contract in certain circumstances. Some jurisdictions, including the U. Such laws make it illegal for anyone other than the owner or operator of a computer to install software that alters Web-browser settings, monitors keystrokes, or disables computer-security software.
In the United States, lawmakers introduced a bill in entitled the Internet Spyware Prevention Act , which would imprison creators of spyware. The US Federal Trade Commission has sued Internet marketing organizations under the " unfairness doctrine " [74] to make them stop infecting consumers' PCs with spyware. In one case, that against Seismic Entertainment Productions, the FTC accused the defendants of developing a program that seized control of PCs nationwide, infected them with spyware and other malicious software, bombarded them with a barrage of pop-up advertising for Seismic's clients, exposed the PCs to security risks, and caused them to malfunction.
Seismic then offered to sell the victims an "antispyware" program to fix the computers, and stop the popups and other problems that Seismic had caused. The case is still in its preliminary stages. It applied fines in total value of Euro 1,, for infecting 22 million computers. The spyware concerned is called DollarRevenue. The law articles that have been violated are art. The hijacking of Web advertisements has also led to litigation. In June , a number of large Web publishers sued Claria for replacing advertisements, but settled out of court.
Courts have not yet had to decide whether advertisers can be held liable for spyware that displays their ads. In many cases, the companies whose advertisements appear in spyware pop-ups do not directly do business with the spyware firm. Rather, they have contracted with an advertising agency , which in turn contracts with an online subcontractor who gets paid by the number of "impressions" or appearances of the advertisement.
Some major firms such as Dell Computer and Mercedes-Benz have sacked advertising agencies that have run their ads in spyware. Litigation has gone both ways. Since "spyware" has become a common pejorative , some makers have filed libel and defamation actions when their products have been so described. In , Gator now known as Claria filed suit against the website PC Pitstop for describing its program as "spyware".
In the WebcamGate case, plaintiffs charged two suburban Philadelphia high schools secretly spied on students by surreptitiously and remotely activating webcams embedded in school-issued laptops the students were using at home, and therefore infringed on their privacy rights. The school loaded each student's computer with LANrev 's remote activation tracking software.
This included the now-discontinued "TheftTrack". While TheftTrack was not enabled by default on the software, the program allowed the school district to elect to activate it, and to choose which of the TheftTrack surveillance options the school wanted to enable. TheftTrack allowed school district employees to secretly remotely activate the webcam embedded in the student's laptop, above the laptop's screen.
That allowed school officials to secretly take photos through the webcam, of whatever was in front of it and in its line of sight, and send the photos to the school's server. The LANrev software disabled the webcams for all other uses e. In addition to webcam surveillance, TheftTrack allowed school officials to take screenshots, and send them to the school's server.
In addition, LANrev allowed school officials to take snapshots of instant messages, web browsing, music playlists, and written compositions. The schools admitted to secretly snapping over 66, webshots and screenshots , including webcam shots of students in their bedrooms. From Wikipedia, the free encyclopedia.
This article has multiple issues. Please help improve it or discuss these issues on the talk page. Learn how and when to remove these template messages. This article may be in need of reorganization to comply with Wikipedia's layout guidelines. Please help by editing the article to make improvements to the overall structure. November Learn how and when to remove this template message. This article's lead section may be too long for the length of the article. Please help by moving some material from it into the body of the article. Please read the layout guide and lead section guidelines to ensure the section will still be inclusive of all essential details.
Please discuss this issue on the article's talk page. This section does not cite any sources. Please help improve this section by adding citations to reliable sources. Unsourced material may be challenged and removed. December Learn how and when to remove this template message. List of rogue security software , List of fake anti-spyware programs , and Rogue software.
Lower Merion School District. Archived from the original PDF on November 1, Retrieved March 7, Retrieved November 28, Archived from the original on February 27, Retrieved April 10, Web Browser security vs. Why Cornell Did It". Archived from the original on February 14, Cornell University, Office of Information Technologies.
Archived from the original on November 3, Retrieved July 27, Retrieved November 14, AhnLab has been a regular and successful entrant in VB 's comparative reviews over the last few years, and it was no surprise to see V3 back on the test bench after a brief absence. The Internet Security suite includes the usual firewall, web and email protection facilities, from which a selection of required components could be made during installation, which also offered a pre-install scan and was ready to go without rebooting.
Initial impressions of the GUI were very good: Attempting to run a few scans proved a little less straightforward than I had hoped, due to the requirement to set up a job and then run it, but a 'Run a virus scan' option was added into context menus, making speed testing much easier. Scanning speeds themselves were on the slow side on demand, especially with the option to scan archives enabled, but on-access speeds were remarkably fast, with little control of the depth of scanning available for this mode.
Logging has proved problematic with AhnLab products in the past, and this occasion was no exception. Logs saved from the Log Viewer utility were invariably truncated to an apparently random size, but usable figures were obtained eventually, after splitting the scans into several sections. These, and the results of on-access blocking, showed samples to have been missed in all test sets, though not in vast numbers. A, of which all 15 samples were missed, thus denying AhnLab a VB this time around. Again the system for setting up scan tasks proved a little fiddly for my purposes, but my familiarity with the interface has begun to pay off and the tests were completed quickly.
Speeds were middling throughout, and detection likewise - neither flawless nor disappointingly lacking. As a result, Alwil is once again the worthy winner of a VB award. The product itself is a simple little thing; installation seemed to spend some time pondering its surroundings, before suddenly announcing completion, and opening the GUI showed a tiny and unflashy but potent little tool. In a simple-to-use manner, it offered all the required tweaking, apart from the ability to add archives to the file types scanned on access, and zipped through the tests in excellent time.
Detection rates were similarly excellent, with barely a miss across the board, and the few missed detections were due to the file types not scanned by default. This performance, coupled with a complete absence of false positives, easily qualifies Authentium for another VB Avira is another perennial high achiever in VB terms, and its product is another which grows pleasantly familiar with repeated use. Several other products also carried out this auto-check, while most others offered the option of a thorough scan once they were ready to go - an option I always decline for the purposes of these tests.
Again, archives could not be scanned on-access, but this does not detract from the excellent results, easily earning Avira another VB award. The second newcomer to the VB test bench this month is from Bullguard , a company founded in Copenhagen in Bullguard 's Internet Security suite has been available for around five years, offering a firewall, spam filter, anti-spyware and a backup system alongside virus detection provided by the BitDefender engine.
The company boasts over 18 million downloads of its day free trial, and also offers mobile products and chat-based online support. Configuration was generally easily achieved, although logging seemed to be entirely absent, and my only other quibble with the interface was the greyness of some of the buttons, which often made me think the functionality in question was greyed out and thus unavailable - until I tried clicking on them. Scanning speeds were solid, with particularly thorough scanning of archive files slowing things down a little, and results were, as expected, very impressive.
There were very slightly more misses in the zoo test sets here than in the parent product, but nothing from the WildList set got past it. This performance, combined with a lack of false positives, grants Bullguard its first VB award on its first attempt, and left me hoping that all the new products would present as few problems as this. Installation included CA 's usual trick of requiring EULAs to be scrolled all the way through, as well as a lengthy activation keycode, but once up and running the product presented no such barriers to testing.
A simple GUI was laid out in fairly standard style, and a small but reasonable amount of configuration for a home-user product was available. Using the handy context-menu scan option, tests were run through in good time, aided by some excellent scanning speeds. It was no surprise to find that there was no option to scan archives on access. Detection rates were little changed from previous scores, with a smattering of misses across the zoo test sets, but nothing in the WildList. With no false positives generated in the clean set, CA 's home division can celebrate a second VB award. CA 's corporate offering is also little changed from its last appearance in the Vista comparative - indeed, the same submission was used this time with only additional updates provided.
The eTrust brand has a lengthy history in VB 's comparative testing, initially using the InoculateIT engine, later swapping to the Vet engine as the default, and now offering only the Vet engine, since InoculateIT was retired late last year. The eTrust interface has never been a favourite of mine, its server-client design leaving the browser chugging slowly along as it attempts to refresh content after every click of a button. Under Vista , where version 8. Despite these issues, tests were eventually completed with the usual very impressive speed during the actual scanning.
After converting the logs from the. The interface is simple, but clearly designed and easy to use, with right-click scanning used for much of the testing. Checking the logs showed the figures to be much as expected, with a fair number of misses in most of the zoo sets, but nothing in the WildList set and no false positives. CAT is therefore eligible for another VB award. Doctor Web is another VB regular, supporting a wide set of platforms with its product range, including Windows versions as far back as Windows The XP version, the whole thing impressively compact at little over 10 MB, installs in a shiny and attractive manner, with the customary stern warnings against having other security products installed on the machine.
Detection within the zoo sets was as excellent as usual, with most of the very few samples missed being due to the file types not being scanned by default. Doctor Web had some issues in the last comparative review, with a log parsing problem causing several detected files to be counted erroneously as misses in our initial report. This was enough to deny Doctor Web the VB award for the second time running. Blink is another newcomer, and one of which I had little prior knowledge. Vulnerability specialist eEye Digital Security has been in business for almost ten years, spotting and reporting security flaws and creating software to keep networks free from exploitable software.
Its Blink client product is a desktop offering promising a range of security features that include: Installation includes the customary warning against combining the product with other security software, as well as a thorough list of products which could be expected to clash with Blink , and an assertion that running multiple products will provide no extra protection. The remainder of the installation process is slick and smooth and requires no reboot. The interface of the product itself is similarly attractive, with an option-rich page offering controls over the full range of functionality.
This gave some unusual speed results, with great attention paid to executable and binary files but little, perhaps sensibly, to media and documents. The Windows version of NOD32 is another very familiar product, little changed in the last several tests, although a major new release is promised in the coming months.
This should add further functionality to the current protection against malware on the local system and arriving via web and email vectors. The only option that seemed not to be available was scanning inside archives on access, and the thorough detection which has become the norm for NOD32 once again covered the entire extent of the VB collections. With not a single miss in any set and no hint of a false positive, NOD32 once again proves worthy of a VB award. Fortinet focuses on business customers with a range of server products and appliances, and unsurprisingly its FortiClient product is another thorough suite, with many additions to the usual firewalls and mail filters.
As befits a corporate environment, configuration is flexible in-depth, and can be navigated with ease across the clearly designed, responsive interface. A small issue with the alert popups, which got a little overloaded during the opening of thousands of infected samples within a few minutes, did not prove a significant problem. The thorough detection extended across the WildList set without a false positive in sight, thus granting Fortinet another VB F-PROT offers a clean and simple interface in bright white with shades of red and blue.
Configuration is straightforward and thorough, with a simplified scanner setting available for those less interested in fine-tuning.
Open source web testing framework; Capabilities include mobile spy free download windows xp sp2 access denied reatured recorder- one. Stealthgenie took a big spy dialer for ipad forward by adding the feature that lets you listen in to cell mobile spy free download windows xp sp2 access denied.
On-access scanning is less tweakable, but does its job efficiently. Scanning speeds were very good throughout, and detection similarly excellent, with nothing beyond the capabilities of the product if properly configured. The product submitted for review this time was apparently slightly different from the usual F-Secure Internet Security , having been designed for rebranded redistribution, but my user experience was not affected.
However, this preview status seems to have added a few problems into the previously solid suite. An issue with the logging provided, which was previously noted in the Vista test when logs containing large numbers of detections failed to export in their entirety, was once again in evidence here. Detection in general proved to be excellent, with the only miss in the zoo sets caused by a file type not scanned by default. Speeds were not as impressive as some, which is as one would expect from a multi-engine product.
The ever-useful right-click scanning is in evidence, and any attempt to change the settings in a way which could lead to excessive system impact or lack of protection is warned against appropriately. The only minor quibble I had was a repetition of the grey-buttons-looking-greyed-out problem mentioned earlier, and the format of the logs being less than ideal for my personal needs. However, with no samples missed in any of the test sets, and just a few warnings about hacker tools and joke programs in the clean set, AVK racks up yet another VB award with ease.
Grisoft , like Alwil and Avira , makes a basic version of its product available as a free download. AVG anti-virus thus has a very high public profile, supported by a reputation for solidity and good detection. Grisoft also provides full-featured and integrated versions, as well as a range of server products and support for other platforms. Also mirroring Alwil , AVG offers simple and advanced versions of its interface, neither of which is entirely straightforward. Scans were mostly initiated using the right-click method, to avoid a rather fiddly task design system, and scanning times were far better on access, where little configuration was available, than on demand.
Detection rates were little changed from previous tests, with results generally solid with a scattering of misses in each set.
Austria-based Ikarus Software also carries a range of server products for mail and web filtering, and the product is available as a six-month free trial. The initial download is remarkably small at only slightly over 4 MB, but this must be supplemented by the virus definition data, which for this test measured around 7 MB. Installation was prevented initially by the need for the Microsoft. NET framework, which apparently is downloaded automatically when the installer is run with web access. With this in place, the process continued with a check for other security software which may prevent full operation, and the offer to install Adobe Reader which is needed to access the documentation which sadly only works when running from CD and was not included in my download edition.
After several attempts and a reboot it suddenly started responding, and from then on seemed to suffer no such problems. Configuration was minimal and a little difficult to fathom, but once figured out, things got moving quite nicely. While scanning the large infected sets much of the interface faded away and refused to respond, leaving me fearing a total crash, but checking back some time later I found it had returned to normal and the scan completed without serious incident.
On-access scanning was easier to run through, and analysis of the results showed good speeds, though detection across the infected sets was a little uneven, with a significant number of misses in the older DOS and polymorphic sets. These figures are magnified by some large sample sets however, and overall percentage scores are more impressive.
More importantly, a small handful of WildList viruses were missed, and several false positives were alerted on, including components of the Nero CD recording software, Norton Ghost and the GoogleTalk installer, all of which were labelled as trojans. This was enough to deny Ikarus its first VB, but with a little work the product should be a solid contender for qualification in the near future. Best known for its repair and optimization products, iolo has built a considerable public profile with its presence on the shelves of high-street software outlets.
Having previously licensed the Kaspersky engine, iolo now uses technology from Authentium , in addition to some ideas of its own. Having heard from iolo some time in advance of this test, I was lucky enough to have had a look at the product in advance and get to know its workings.
The installation was smooth and unproblematic, although it spent some time getting ready for action. The interface looks thorough, crammed with information without being cluttered, and appears to have ample configuration options. Logging seemed only to kick in when some kind of disinfection or removal took place, so scanning alone was not possible.
The default setting, which involved quarantining most items, took an excessively long time when dealing with large numbers of infected files and seemed to get stuck every few thousand, locking down the interface and requiring a reboot to fix. This is not a likely scenario outside the test lab, however, and is most unlikely to affect users; setting it to delete without quarantining circumvented the problem.
Speeds over clean files were excellent in both modes, with no further crashes experienced, and detection seemed thorough throughout. However, two PowerPoint files in the clean set were labelled as infected, and a single WildList file was missed in both modes, with another missed on access only, which means iolo will have to try again to achieve VB certification. K7 Computing , based in Chennai, India, is yet another name that is new to the VB test bench, but again the firm is far from new to the game, having produced its first anti-virus product as long ago as Along with the Total Security suite seen here, which includes firewall and anti-spam functions, a standalone anti-virus product and a corporate edition are also available.
This was, in fact, one of the only products to point out that my lack of web connection was the reason the product could not update itself. The interface showed similar attention to detail in its clear and user-friendly design, and was steady and responsive throughout. K7 has clearly been working hard on the latest threats and achieved full coverage of the WildList set.
The installation and use of the product were thus straightforward, and all the tests were sprinted through in good time, although things were slowed somewhat by the need for a reboot after install and some seriously in-depth scanning of archives. Detection figures were mostly as excellent as ever, with a pair of misses in one zoo set attributable to the file types ignored by default on access. Investigations have shown that detection was in place both a few days before and a few days after our test, and was presumably removed temporarily for some fixing.
It is a solid and businesslike product, with its operation and configuration thorough and lacking in either excessive simplification or over-complex razzle-dazzle. The only confusing aspect remains the inability to deactivate on-access scanning from the main interface it can be switched off with ease from the system tray. Scanning speeds were good, and detection excellent, with only a small handful of DOS samples missed.
Another VB is awarded to McAfee without further ado. The final release to market is expected to be at around the same time as the publication of this review. Things got off to a shaky start when my first stab at running the installation CD on a test machine proved a dead loss, the installer failing with an obscure error message. Resorting to the documentation, I found to my horror some lengthy instructions for the design of a security topology, which required a Windows server on which to run the installer and from which to deploy to clients - this also needed such delights as Microsoft SQL Server SP1 , IIS and ASP.
While making moves to acquire these items, I asked the developers for a simpler client install method, which thankfully was provided and proved ample for my needs. The user interface seemed rather simple, with less configurability than I would expect from a corporate product. Presumably most of this side of things is controlled from a proper management server, where available.
Running most of the testing was fairly straightforward however, with the only problem being a complete absence of internal logging — detection details had to be gleaned from the system event log. Despite this problem, basic detection of the file was provided, and thus without having generated any false positives in the scan of the clean test set, Forefront just about qualifies under the rules of the VB award.
My second attempt at testing OneCare was aided by some familiarity with the product, and with the special setup required to allow this web-centric software to operate without its connection to base. Installation was at first hindered by some mysterious errors, but this was soon diagnosed, with help from the developers, as being due to my system using the UK locale, for which the appropriate language packs were not included in the pared-down version provided for my test.
Limited configuration did not extend to logging, and results, once parsed, showed full detection of the WildList, and again no false positives, so OneCare is also granted the VB this time. Microworld Technology provides a wide range of server and gateway products alongside those for desktops, including Linux.
The installation of eScan complained at first about the date on my test machine, which for some reason was set to before the creation date of the product. With this small issue resolved, the installation continued simply and rapidly, and required a reboot to activate fully. The interface was a little odd-looking, but fairly simple to use throughout my tests, and speed times reflected the thoroughness of the Kaspersky engine at the heart of the product.
Thoroughness was also a feature of scans of the infected sets. I spent a long time watching the amusing animation of a hand crushing an insect which accompanied detection, along with a wildly inaccurate progress bar. On-access scanning has always been somewhat odd in the Norman product, with little control of its behaviour available, and logging was a little flaky here, requiring several attempts to get a full list of detections. Scanning the WildList seemed to show a batch of files never blocked when opened, but access to those tricky logs showed that detection was indeed in place and some allergy to the testing tool in use was diagnosed as the likely cause of the oddity.
Overall, results were shown to be very good, with no false positives and some pretty decent times in the speed tests. Web scanning engine aimed at the Asian market, and is provided in an even smaller package - this time a mere 7 MB in total. Installation was thus simple and fast, and the clear and straightforward GUI offered more configuration of its own appearance than of actual scanning behaviour.