Spyware
My magic bowl tells me that you might be a new visitor. If you are interested in security related tidbits, you may want to subscribe to my RSS feed. Thanks for visiting!
Sorry there was a little hickup earlier with this post. But here goes the real deal. Btw, sorry for the slow posting lately - been a bit busy.
So what is Spyware? This sub-category of the previously described term Malware is an artifical word consisting of the terms spying and software. It consists of programmes that have been installed on the user’s pc without his/her consent and knowledge and collects all kinds of information and then it might even send it to the author of the Spyware programme.
Spyware in itself can be broken down into several sub-categories, depending on what kind of data they collect / display. To name a few (all terms shall be described in a later post): Adware, Keylogger, Droneware, Backdoors and Trojan (horse).
The last two examples are of the nastier kind and are more dangerous. Whilst Adware is annoying (it is identified by popups, redirects of your search engines and the like), it is easier to remove than Backdoors or Trojans.
To be classified as Spyware, the software has to collect data without the user’s consent and knowledge and has to send the collected data to the hacker / author of the spyware.
One point that is being argued over, is the question of the extend of the definition. There are security experts out there that exclude software displaying a data protection guidline, or ask the user to read and accept an EULA. The arguing in regards to the latter is, that the user is not facing software installed without his / her consent, as s/he acknowledged and agreed to the EULA terms.
Crux of the matter is that there are dozens of examples with EULAs being more than 30 pages long, or are not written in a clear and concise manner. There are also examples, where the authors of these programmes have squeezed html files in 1024 x 768 resolution into windows that are made for an 800 x 600 resolution (resulting in having to scroll back and forth and up and down). This also uses methods of social engineering and the psychology involved with it.
Why does Malware / Spyware exist? Its a new source of income in today’s capitalism of the gloabal economy and the ever growing importance of the Internet. To be able to make use of the latest security holes / vulnerabilities, the Spyware authors create update abilities to make sure the code of the Spyware is always on top of the latest vulnerabilities and make use of them. Additionally, this gives the Spyware the possibility to include further routines that work against the detection of anti-spyware programmes and anti-virus tools.
If you wish to have a bit of further reading, here is a list of suggested readings:
Exploring Spyware Effects - M.Boldt, B. Carllson & A. Jacobsson
Wikipedia (en)
Google - Spyware (Link shortened by tinyurl service…)
Spyware - Know Your Enemy
to be continued…
September 29th, 2007 at 11:50
[…] July 2007 « Spyware […]