Technically Speaking (August 2005)

The Spyware Nightmare

My parents, who remain spry and sharp well into their 70s, are wise in the ways of the real world, but are like innocent lambs when it comes to the increasingly nasty practices one encounters in the online world. On a recent visit, my father complained that his computer was sluggish and that his browser was doing weird things, such as taking him to some pretty unsavory sites when he merely clicked on a link in an otherwise normal Web page.

The symptoms sounded all too familiar, and when I scanned his machine, I found what I suspected: it was infected with over 100 examples of various types of malware, the now common generic term for malicious software, such as viruses and Trojan horses. The worst offender in my father's case was spyware, a plague upon the earth that threatens to deprive a significant portion of the online world of its sanity.

As often happens with new concepts, the term spyware has become encrusted with multiple meanings as people attach similar ideas to a convenient and popular label. Spyware is generally defined, however, as any program that surreptitiously monitors a user's computer activities--particularly the typing of passwords, PINs, and credit card numbers--or harvests sensitive data on the user's computer and then sends that information to an individual or a company via the user's Internet connection, the so-called back channel.

Linguistic proof of the cultural impact of spyware is the large number of synonyms that have popped up in the past year or so. These include sneakware, stealthware, snoopware, trackware, thiefware, or, tellingly, scumware. A spyware program is also sometimes called an E.T. application, because it "phones home" to secretly send data to an online destination.

Many people also use the term adware as a synonym for spyware, but that's not strictly accurate. It's true that some spyware programs do nothing but disgorge ads, but these are usually pop-up windows (by the dozen) for porn sites. The word adware is properly used to refer to any program that displays ads with the user's consent. Of course, the notion of "consent" is a slippery beast these days, and many companies that claim to have a legitimate adware-based business model undermine that legitimacy with confusing, misleading, or simply nonexistent consent forms.

That's why adware has managed to foist itself on millions of computers and why, in May, the Los Angeles Times reported that adware has become a truly big business with between US $500 million and $2 billion a year in sales. So it's no wonder that adware firms protest when they get lumped in with spyware purveyors in antispyware programs. In fact, some antispyware companies are being sued by firms that object to their products' being tarred with the "spyware" label.

These legal threats may be why spyware-scrubbing companies, such as McAfee Inc., in Santa Clara, Calif., now use the more generic term potentially unwanted program--or PUP--to refer to any program that a user may not want on his or her system, even if he or she consented to download it.

The problem of consent--or, really, the lack of it--is the reason spyware is such a huge problem. These programs piggyback on programs that users actually want to download, such as screen savers. A piggyback program is most often called a drive-by download: a program is downloaded and installed without the user's knowledge or consent. This type of spyware is closely related to a pop-up download, which happens after the user clicks an option in a pop-up browser window, particularly when the option's intent is vaguely or misleadingly worded.

Among the most common of the drive-by downloads is the browser hijack. In this case, the sneakware replaces the user's home page, alters other browser settings (including crucial security settings), and redirects searches and some URLs (such as the addresses of antispyware companies) to the spyware vendor's home page. Some of these browser hijackers even initiate other drive-by downloads to install more malware on the user's computer.

Spyware would be less of a problem if users could easily uninstall it from their systems. Unfortunately, most spyware embeds itself deep in a system, and removing it is a time-consuming operation beyond the abilities of even experienced users. Some spyware programs actually come with an "Uninstall" option, but it's nothing but a ruse, of course. The program appears to remove itself from the system, but what it actually does is execute a covert reinstall, reinstalling a fresh version of itself when the computer is idle.

This reinstall is most often accomplished by a trickler, a small program that remains running on the system and handles the downloading of new files without the user's knowledge. Spyware that constantly rises from the dead is called Kruegerware, after Freddy Krueger of Nightmare on Elm Street fame. Unfortunately, it seems that our spyware nightmare is only just beginning.

Paul McFedries is a technical and language writer with more than 40 books to his credit. He also runs Word Spy, a Web site and mailing list that tracks new words and phrases (http://www.wordspy.com).

Advertisement
Advertisement