|One Step Ahead
February 9, 2010, Volume 56, No. 21
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Spyware: Who’s “watching” you—and why
It’s no longer news that all sorts of hardware and, especially, software exist for the specific purpose of surreptitiously tracking what people do with their personal computers, which websites they visit (and purchase from), whom they communicate with, and what sensitive data reside on their systems. Known generically for years as “spyware” and “adware,” these programs have now been lumped by some experts into the classification of “privacy-invasive software” along with other varieties like “stealware” and “scareware.”
Whatever the motivation of the people who write and spread these programs (and there are literally hundreds of reasons), the ongoing danger is that computer users still tend to collect multiple infections because, like bacteria, spyware/adware tend to “colonize” a host
computer, and the users are rarely aware that the software is there. And of course, that’s the point—the creators don’t want you to know it’s there. In many cases, spyware/adware is “piggybacked” onto “free” software that’s often described as Internet “optimizers” or “accelerators,” and is often part of the installation of popular peer-to-peer filesharing software
such as eDonkey and KaZaa (yet another reason to avoid those programs). And, the term “drive-by download” has been coined to describe intrusive software downloaded and installed from questionable websites without the visitor’s knowledge.
In addition to the dangers of your activities and information falling into the hands of others, once the level of infection reaches “critical mass,” your computer will simply slow to a crawl as it tries to run all the “parasite” processes that produce, among other things, endless “pop-up” ads.
The first step in combatting spyware/adware is to acquire and use anti-spyware software. For Windows users, the University has a site license for Symantec Endpoint Protection 11.0.5, which will help to protect your system. It can be downloaded from www.upenn.edu/computing/product. The newest version of Mac OS has some spyware protection built in. Avoid “optimizers,” “accelerators” and “cool toolbars”—they tend to be “carriers” and besides, they generally don’t work anyway.
Wikipedia has an excellent, and more detailed discussion at http://en.wikipedia.org/wiki/Spyware
To receive OneStepAhead tips via email, send email to email@example.com with the following text in the body of the message: sub one-step-ahead <your name>.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.