Quick Links: SpywareGuide Greynets Blog | SpywareGuide Product Database | SpywareGuide Company Database | SpywareGuide Categories
Search SpywareGuide Database & Site
Security Email Alerts & Updates
SpywareGuide powered by FaceTime Security Labs

The Ten Truth's About Spyware

by Wayne Porter

No one should be too paranoid, but an informed user is a safe user. Spyware has recently begun cascading into the computer market at an astonishing rate. Surprisingly there are a lot of misconceptions about what spyware really is and how dangerous it can be.

#1: Spyware and Adware are fundamentally different-This is important and often made confusing by the media and privacy advocates. Many people have the common misconception that spy software is made by advertisers to profile their shopping and surfing habits. This is a false and potentially dangerous assumption.

This misconception probably stems from the fall of two companies- Radiate and Conducent. Both of these companies attempted to sell banner space inside of freeware applications and to share this revenue with software authors in exchange for letting them distribute and selling space inside the freeware. This seemed to be a fair deal but what they didn?t disclose to software authors and didn?t tell consumers is that they were secretly profiling and logging surfing habits and sending this information back to their servers for analysis.

Conducent and Radiate are no longer functioning, or at least they don't seem to be, but they left the legacy of adware paranoia with them. Adware may have spyware-like features, it may profile shopping habits, it is usually annoying, has the potential to be a security threat but it is nowhere near the security threat that real spyware can be. In short most Adware is not trying to capture your secret chats, e-mails or passwords. It usually is trying to entice you to buy something by showing ads, throwing out pop-up windows, profiling your surfing habits or gathering broad and general information about you.

Fact #2: Spy software creates dangerous security holes- The latest ?rage? among spyware vendors is the ability to let the spy remotely connect to the target?s computers. Right now we have identified several spyware programs opening a default port on the system and using a hard-coded or default, easy to guess or easy to brute force password. We have analyzed and carried out simulated attacks in this scenario. Hackers can use a simple port scanning tool to scan entire networks and easily penetrate affected machines.

People who have certain remote spyware programs installed on their machines are literally sitting ducks. Ironically, in the case of shared-machine spousal spying, the spy has actually opened themselves up to severe security threats because they operate on the same machine as the victim. The very same spyware that was supposed to protect their children by monitoring their activity is now leaving them vulnerable to outside attacks.

Fact #3: Spyware is often illegal- The use of Spyware or key recorders is illegal in some countries. If you are thinking about spying on people?s computers then think again. It may carry stiff legal penalties, up to and including prison time. In the U.S. installing a keylogger or spyware on someone's machine without their permission carries severe legal penalties.

Unfortunately there are virtually no laws currently restricting an employer from monitoring of computers in the workplace for citizens of the United States. The good news is there is pending legislation to tighten these rules focusing on requiring notification of employees if their computer activity is being monitored. As of today this disclosure is not required.

Recently The Utah state legislature has passed a bill, Utah Spyware Control Act, outlawing certain activities in which most spyware engages. This includes, without first seeking permission from the owner of the computer, reporting online behavior, sending information about a user to third parties and creating pop-up advertisements based on the context of a web site a person is visiting. Currently this bill is being challenged by WhenU, a large adware vendor, on the grounds of limiting free speech.

Fact #4: Spyware is common- We know what you might be thinking; spy software seems rather ?James Bondish? and beyond the reach of average users. This is not so. It is now mass-marketed, cheap and very easy to acquire. You can find spyware for sale through Internet auctions, via e-mails (often spam), and all over the Web. You can even get spyware for free if you know where to look.

Fact #5: Spyware is easy to install- There are no special technical skills needed to install these programs. A teenager can do it and according to reports received by ourselves and other anti-spyware vendors they sometimes do. Spy software companies have made it very easy for just about anyone to start spying. We have documented cases of children installing spyware on their parent's machines to circumvent parental control software.

Fact #6: Spyware may be sold under legitimate pretenses- Many spy programs are marketed as ?child monitoring systems? when in fact they are bought by employers, spouses, and other individuals for the sole purpose of gathering system and personal information without a user?s consent. Because of this "legitimacy" these?programs are often missed by anti-virus software designed to target viruses and trojan horses. Let?s be realistic, spy software makers know exactly why people are really buying these programs.

We believe parents have a right to monitor there children but if a system is monitored it should be made clear this software is in place and the software should give the user adequate warning while it is in operation. The same holds true for employers and employees.

Fact #7: Spies intentionally ?misuse? monitoring software- Established spy software companies usually ask purchasers to agree through a EULA (End User License Agreement) not to monitor users without their knowledge and consent. You guessed it- most spies have absolutely no intention of letting users know they are under surveillance.

Fact #8: Spyware software can be detected- Spy software makers will go to great lengths to convince users they are ?untraceable? or they cannot be sniffed out by counter-surveillance probes. While spy ware makers often?use very sophisticated counter-detection and stealth technologies the vast majority of them can be scanned against and removed. If it is being sold on the commercial market- it can be targeted.

Fact #9: Some commercial spy programs are repurposed ?Trojan horses?- This is sad but shockingly true. Some spyware vendors have went as far as to repurpose old Trojan horse programs found on technical minded boards and are selling them as new spy technology. (A Trojan horse is a malicious, security-breaking program disguised as something benign.)

Fact#10: Deleting history and computer use logs does nothing against true spyware- While erasing usage history is useful to protect your privacy this type of protection is useless if your activity is being logged or snapshots are being taken of your computer use. Deleting history, files, cache and cookies cannot and will not protect you against the prying eyes of active spies on your machine.

The safest way to remain free from spyware is to use?one or more?anti-spy programs that actively scan your system for intrusion and utilities that help inoculate your system from penetration. Good anti-spy programs will use a variety of methods for detection including registry scanning, md5 signatures, digital fingerprints, filesize, CLSID,?windows titles and other traces that spyware leaves on your machine.

Even with anti-spy software programs active do not develop a false sense of security. The battle to contain these programs rages on daily basis with some rogue programs creating over two-hundrend variants in a single day! One lapse in security can lead to unwanted?infection so above all- use common sense. Don't download files from sites you don't know or trust, don't use P2P file sharing software, do not open e-mail attachments and be sure you have good anti-virus and firewall software running at all times.

Unless otherwise noted this article is Copyright © 2021 by FaceTime Communications, Inc. This article may not be resold, reprinted, or redistributed for compensation of any kind without prior written permission from FaceTime Communications, Inc. For reprint or media inquires please contact us with the phrase "Spyware Guide Articles" in the subject line and we will by happy to assist you. Links to this article from other websites are appreciated and encouraged. Users are also encouraged to utilize our RSS system to provide unique content and extracts for their site.

Related Articles

Read other articles (back to full list)

Help with the BUST!
Click here and give us what details you have and let our international research team take it from there. If you desire your report will remain anonymous.
Recent Blog Posts
Notice: Undefined index: version in /data/www/spywareguide/magpierss/rss_parse.inc on line 228
  • A Year In Security
  • Youtube Comment Bot Spams In Waves
  • VGA Awards Trailers Used As Bait For Spam Offers
  • Fake Visa Electronic Report Serves Up Zbot Data Stealer
  • Banned Console Owners Beat The System - With Stickers
  • Spot The Hack
  • The Futility Of EULAs
  • Auto Whaler Spears Phishers
  • Fake Porn Grabbers Snag Nothing But Malware
  • Console DDoS Botnets - A Thriving Industry
  • Recent Modifications
    2021-8-24  Adult Networks/Services
    2017-2-10  Adult Hosts
    2016-3-30  CoolWebSearch
    2015-9-29  Malicious URLS
    2015-5-19  Dialers
    2015-1-5  Email Threats
    2013-7-20  Date Manager
    2013-4-10  BeeBus
    2012-12-18  JT.Moonwalk
    2012-12-18  Sadbiz

    Site EULA | Site Map | Contact Us | About Us | Site and Spyware FAQ | Advertise | RSS Feeds  | Link To Us | SpywareGuide Japan Japanese

    © Copyright 2007, FaceTime Communications, Inc. All rights reserved.