Spyware threatens privacy and computer security

By Steve Brukbacher, UWM Information Security Coordinator
(http://www.security.uwm.edu)

Most people know that spyware is often responsible for those annoying pop-up ads on the computer. But spyware can also be much more invasive because of its ability to share personal information, including financial information and passwords, with third parties without your knowledge or consent. This use of spyware is becoming more widespread.

Machines clogged with multiple versions and types of spyware are gradually reduced to expensive paperweights. For many users the only answer has been to completely wipe the hard drive and reinstall the operating system. Unless you can do this yourself, this process can be expensive and inconvenient. And, when you go back online, you’ll be right back where you were before in no time – unless you change your behavior and take precautions.

Fortunately, there are some simple steps you can take to help avoid spyware problems.

Here is some background information on spyware and how it works as well as anti-spyware efforts at UWM and suggestions for combating spyware. UWM’s IMT area is offering a free class on information security, identity theft and spyware viruses through its Technology Trends program. Go to http://cfprod.imt.uwm.edu/imt/happenings/sc.cfm for information on how to register.

What is spyware?

Spyware is software that is installed on a computer to covertly gather your user information through your Internet connection without your knowledge, usually for advertising and marketing purposes. Once it’s on your computer, the spyware "phones home" and sends information to interested third parties about your online activity. Often the information is sold to advertisers for marketing research or to more accurately target you for pop-up ads.

Spyware can also monitor the Web sites you visit, forcibly redirect your browser to a Web site, or cause all of your Internet traffic to go through another server, allowing a third party to inspect all of your Web traffic.

Common symptoms of spyware include serious system slowdowns, loss of Internet access, and numerous pop-up ads. Some users have reported so many pop-up ads due to spyware that their computers are unusable.

How does a computer get infected with spyware?

Spyware often is downloaded and installed without you, the user, doing anything except by visiting a maliciousWeb site. This happens most often with Internet Explorer, the browser provided with Microsoft Windows products.

Voluntary downloads account for a large portion of the privacy-infringing software. You may not realize a free screensaver or computer game or toolbar also reports back to an advertiser or gathers other private information.

How does spyware work?

Many spyware attacks exploit a vulnerability in the Microsoft Internet Explorer browser. Internet Explorer has a feature called “browser helper objects” that allows developers to easily create add-on application products to work with Internet Explorer. Unfortunately, this feature also allows spyware and other malicious software to be installed on your computer without your knowledge. While other browsers may also be somewhat vulnerable, Internet Explorer has been the main target of spyware producers.

Are spyware and computer viruses the same thing?

The short answer is no. Viruses are typically spread from one host computer to another, to damage systems and networks. They do this, either through using so much of the resource that traffic is at a standstill, or they may simply damage or delete necessary system files.

Spyware writers, on the other hand, certainly want to get their software installed on as many computers as possible, but ultimately they are after browsing information. This information can then be sold to advertisers and marketers who charge companies to more accurately target chosen demographics.

When systems are adversely affected by the software’s presence, the information collectors don’t get good data. However, the lines between viruses and spyware are blurring as more and more blended threats are being created. Spyware and viruses increasingly use one-another’s tactics, such as browser vulnerabilities, to achieve their goals.

Increasing threat level

Spyware can transmit data such as credit card numbers, financial information, or passwords. In addition, spyware can give criminals an open door to your computer to install more dangerous applications or to gain remote control over your computer.

Eweek reported an attack in June 2004 which gave the attackers the ability to monitor Web traffic to gain account numbers and passwords of the victims’ online banking accounts (see http://www.eweek.com/article2/0,1759,1619842,00.asp).

While this case is extreme, other types of software you may be voluntarily installing pose serious privacy risks. Marketscore is a free utility that promises to improve your Internet connection speed. Installing this product reroutes all of your Internet communication through Marketscore’s servers to gather information about how you use the Internet. This information is sold to marketing and advertising organizations and poses significant privacy and security risks.

To make matters worse, many free products that claim to provide spyware protection are actually themselves spyware. Most anti-virus software currently does not reliably detect spyware.

Combating spyware at UWM

The threats posed by spyware are being taken seriously by IT administrators at UWM. The College of Letters and Sciences, which accounts for a large number of campus faculty and staff computers, has chosen to begin providing an alternative browser, Firefox, that is not as susceptible to spyware installed without a user's knowledge. Providing such an alternative browser is can be part of an effective strategy to fight spyware. Administrators are also suggesting the use of Spybot, an anti-spyware software. This is a free product which includes a real-time spyware detector, much like an anti-virus product. The updates are also free of charge and the product can be configured to update automatically, much like the University’s customized McAfee Virus Scan program.

Efforts are underway to include the alternative browser Firefox and the Spybot anti-spyware program on all desktops administered by I&MT. Documentation on these items is also being developed through I&MT’s Student Technology Services (see links to these documents below).

In addition, all members of the campus community will soon be able to get a newer version of McAfee Virus Scan which also has the ability to combat spyware. This will be available for download in February.

In January 2005, Microsoft released an early test version of its own anti-spyware software. While initially a free utility, this will likely take the form of a paid subscription service.

Combating spyware on home computers

The efforts underway to combat spyware on the professionally supported computers on campus do not necessarily solve the problem for your home computers or for personally owned computers you may bring to campus. The UWM Information Security Coordinator suggests the following five steps to combat spyware on home computers.

Steps for Combating Spyware

1. Use an alternative browser such as Firefox.
2. Use an anti-spyware program such as Spybot or Ad-Aware.
3. Be wary of downloading free software utilities.
4. Avoid unsolicited offers of any kind, particularly those delivered by pop-up ads and spam email.
5. Always follow UWM's computing best practices.

For more details on how to accomplish these five security steps, general computer security information for UWM and links to other sources of information on related issues, see:

http://www.uwm.edu/News/Features/05.01/spyware_suggestions.html
http://www3.uwm.edu/security/steps/
http://www.security.uwm.edu
http://www.uwm.edu/News/Features/05.01/spyware_security_links.html