What are SpyWare and AdWare?

"SpyWare" and "AdWare" are virtually the same in purpose - they are both used by online advertising companies to track your computer and internet use by gathering information such as your email address, web sites you have visited, music you listen to, your calendar data and more.  In turn, they email you or serve up ads while you are surfing the Internet that relate to the information they have gathered.  The only real difference between the two, is spyware implies that there is no informed consent for the company to gather your personal information.  Adware refers to software that contains advertising components and it usually makes it more clear that you are viewing an ad and information is being gathered.

How common is spyware?

An April 2004 BBC report (http://news.bbc.co.uk/1/hi/technology/3633167.stm) suggested that spyware was very prevalent amongst home PCs... according to the report, the US Internet service provider Earthlink said it found an average of 28 spyware programs on over one million PCs scanned in early 2004. The 29+ million spyware programs found were mostly ad-ware, but they also discovered some 300,000 system monitors and Trojans, which could steal personal information from the infected computers.

Why is spyware bad?

Many users have installed and used spyware-installing software, and don't seem to find that a problem. After all, many of us have supermarket club cards or air mileage cards, both of which promise us benefits in exchange for passing on information about our shopping habits. On one level, spyware reporting on our Web surfing habits isn't much different.

But aside from questions about whether I want my computer reporting on my Web surfing, spyware can cause other problems. I've already mentioned that each spyware program lurking in the background saps a bit of your computer's resources-- using up some memory and CPU time. Uploading information without your consent eats away at your Internet bandwidth, which can be especially problematic for dialup subscribers. The DSSAgent program installed by Mattel and Broderbund with some of their children's and educational titles (some versions of the popular Where in the World is Carmen Sandiego, for instance) can cause serious network congestion with rapidly repeated DNS queries as it pulls down its ads.

Not only that, poorly-designed spyware programs can cause operating system and browser crashes! BonziBuddy spyware, which reports on browsing habits has been implicated in system slowdowns and so-called blue screen of death system crashes.

And in many cases, uninstalling the downloaded free program may still leave the spyware installed, still lurking in the background reporting on you, even when the program it's designed to work with is long gone.

What are the names of often-installed spyware?

Among the many spyware 'brands', you may find these installed without your knowledge on your system. Click on the links for more information, or search for their names on Google or other search engine:

o        Aureate/Radiate: installed by many ad-supported programs. Monitors browsing habits. Can remain even if the main application is uninstalled. Can cause instability and crashes. http://www.accs-net.com/smallfish/radiate.htm

o        Bonzi: most often installed on its own by clicking a disguised web-ad; can slow systems down or even cause crashes: http://www.accs-net.com/smallfish/bonzi.htm

o        BDE/Brilliant: installed with KaZaa; causes instability and crashes. Removing it causes KaZaa to fail to work; install KaZaa Lite instead

o        Comet Cursor: installed by clicking on Web ads and links, included with some RealPlayer versions. http://www.accs-net.com/smallfish/comet.htm

o        Cydoor is installed with KaZaa and Opera, among others. It serves ads within these applications, and collects demographic information. http://www.accs-net.com/smallfish/cydoor.htm

o        DSSAgent was installed by Broderbund and Mattel in educational and children's programs (typically sold on CD, not downloaded). It can cause network congestion. http://www.accs-net.com/smallfish/mattel.htm

o        Other names to watch out for include: Aveo/Help Express, CommonName/CNBabe, DownloadWare/ClipGenie, eAcceleration, EasyInstall, eZula/TopText, Gator/GAIN, HotBar, Lop, Network Essentials, OnFlow, PromulGate/DelFin, SaveNow, SideStep, TimeSink/Conducent, TwistedHumor/Winad, VX2/Transponder, webHancer, Web3000, WurldMedia, and Xupiter Toolbar. Doubtless the list will grow over time.

Check the Spyware Guide: http://www.spywareguide.com/index.php for up to date information on spyware applications (and anti-spyware software). It listed 277 (!) different spyware programs when I checked in August 2003.

How can you get infected with SpyWare or AdWare?

The number of programs using spyware are now totaling in the thousands and many popular downloads on the Internet - including Comet Cursor, CuteFTP, KaZaA, Gator and Bonzi Buddy - are infected with spyware.  Some warn you ahead of time, but you also cannot download the program without the spyware included.  Some (like Bonzi Buddy) are disguised as system error message pop-ups when you are surfing the Web - clicking on the message may install the spyware on your machine.

If you have ever downloaded and installed free software - like the popular file sharing programs and the ones listed above - you most likely also installed spyware or adware.  People distributing free software they have developed sometimes allow the inclusion of spyware to offset the cost of developing the software.

When installing software, most people that I know (myself included) do not take the time to read the license agreement - they just click "I Agree" to get on with the software installation.  If the program contains information gathering components, it probably states something related to gathering information in the license agreement, and by clicking without reading you have just given permission for the company to gather your information and they are not held liable.

One of the more well known companies, Mattel (makers of Barbie!), distributed a spyware program called Brodcast with their many educational programs including those for children.  Since it became known that Mattel used this spyware, Broderbund, the maker of Brodcast, now provides a utility you can download that will remove Brodcast from your PC and Mattel no longer includes Brodcast in their CD-ROMs.  CD-ROMs affected are those distributed prior to April 2000.

Free multi-media players, like Real Player and Windows Media Player also contain elements of spyware.  That way, when you pop in a new CD and listen to it via one of the players, that information is transmitted to the company and allows for them to show information or ads related to the CD through the software.  If you entered your email address when registering, you might also receive email related to the music you are listening to.  You always wondered why it was free, isn’t it?

Also, if you accept "cookies" when browsing the Internet, those cookies can contain tracking information.  A cookie is a small file saved to your machine in your temporary internet files directory.  If you have registered with Web sites, this is how they know who you are when you come back and display something like - "Hello, Karyn!".  Pop-up ads and other ads may also try to save a cookie on your machine.  Some cookies are safe and are used only to personalize a Web site for you or to remember your password so that you don't have to re-enter it when logging in.  The trouble is, it's very hard to determine which cookies are safe and which are not.  You can find your cookie settings in Internet Explorer by going to:  Tools/Internet Options/Privacy tab/Advanced button.

Most large companies use this type of spying for the purposes of gathering information for targeted marketing.  However, some have more malicious intent and may actually try to find out things like passwords.

Other Problems with SpyWare

Aside from the fact that spyware and adware have obvious privacy issues, some spyware is badly made and can cause problems with your PC.  It can cause your PC to run slowly or even crash Internet Explorer.  One particular piece of spyware, Aureate Radiate, contained in 250 software programs has caused so many IE problems that Microsoft has added a page to their site about the issue.

How can you tell if your PC is infected and how to remove these spyware?

The only real way to tell, is to download a program that scans your PC for spyware and adware.  The one recommended are SpyBot  and AdAware.  Hey are free and can do a full system scan or a quick scan of areas you specify.  It can scan your hard drives, registry and memory for known spyware and adware and remove the components. 

Please note that removing certain components of spyware or adware may impact the functionality of the software applications associated with it, and you should never remove anything you are not sure about.

There is one program out there that is not at all recommended.  The program is SpyWareNuker, and several spots on the Internet report that the program itself is spyware masquerading as a spyware removal program.  In fact, AdAware and SpyBot even scan for it as known spyware when you run the scan on your system.

Avoiding SpyWare and AdWare

There are a couple of places you can go before you download software to check and see if spyware or adware is associated with it.

·         SpywareGuide.com keeps a list of programs that have spyware.  For your convenience, I have added their search box below so that you can check the database right from this web page.

·         Another site that lists programs with known spyware is Sutton.

·         A great site for downloading software is Web Attack.  You will find software here clearly labeled as to whether it is shareware, freeware or adware.

·         CNet and ZDNet download sites have also started listing software that is adware free.

You should also check your cookie settings in Internet Explorer (Tools/Options/Privacy tab/Advanced button) and have IE warn you when a cookie is about to be installed.  You can then either accept or block the cookie.  Keep in mind that for some Web sites, you cannot browse or login without out having their cookie enabled.  For example, I cannot get my web-based email without having the cookie enabled on my machine.

An excellent additional resource to check out is Alan Zisman's article, CyberSafety: Spyware.  It contains a list of some of the most common spyware programs and ways to rid your machine of spyware.

What can you do?

o        Read Eulas carefully, and think about what rights and information you may be asked to give away in exchange for a so-called free program or service. Consider whether what you're going to get is worth the hidden cost. Assume that any application that displays ads when you're not online is probably also sending information about you 'back home'.

o        If you are using Internet Explorer, check its options (click the Tools menu, then Internet Options.) Go to the Security tab and make sure it is set to Medium or above; the Low setting will allow files to be downloaded without your knowledge.

o        Look for spyware-free or ad-free alternatives. Consider using the paid-versions of programs like Eudora, Opera, Limewire, or Bearshare to avoid the ads and the reporting back. If you (or children or teens in your home) are users of the wildly-popular KaZaa file-sharing application, replace it with the spyware-free KaZaa K++ (http://www.kazaakpp.com). Note that popular peer-to-peer file-sharing programs (often used for getting MP3 music files over the Net) are big sources of spyware. Along with KaZaa K++, Shareaza (http://www.shareaza.com) is another spyware free file-sharing program. (Be aware, when using KaZaa K++ that you may get notification that 'A newer version of KaZaa is available' each time the program starts. If you click to get the newer version, you will be replacing KaZaa K++ with the spyware-version. Also note that the earlier KaZaa Lite installs a fake Cydoor.dll file (The newer K++ version doesn't do this...), which is not spyware, but may be identified by some spyware removal programs. Don't let such programs remove it!). (Dec 2003: the producers of Kazaa have succeeded in legal action against the K++ people, and gotten the program removed from its website (If you already have a copy of K++ it will still work). If you have Kazaa installed, you might want to try Diet K which removes the spyware from an existing installation of standard KaZaa. http://www.versiontracker.com/dyn/moreinfo/win/28492 )

o        Some download sites try to mention whether listed programs use ad-supported spyware. Once again, read the fine-print and decide how badly you want or need such applications.

o        Install a software firewall such as ZoneAlarm which can block spyware from 'phoning home' without your knowledge. This won't remove the spyware, which will still be gobbling system resources, but it will stop the spying. More on firewalls in my tutorial on that subject.

o        Open the Windows Add-Remove Software control panel, and check for unfamiliar applications (especially with names like the ones listed above). You'll find some spyware such as CometCursor this way.

o        Run Autoruns from Sysinternals, looking for spyware being loaded at startup. 

o        Install and run software to scan your system for spyware, and with your permission, remove spyware that it finds (see below). Note that removing spyware often makes the related application stop working. 

o        You can prevent other users of your PC from installing the most popular 'file-sharing' applications such as Kazaa with the free File Sharing Sentinel: http://www.akidthaine.com