Spyware: The Ghost in the Machine

Abstract

Computer users face a new and growing threat to security and privacy. This threat is not in the form of direct attacks by viruses or hackers, but rather by indirect infiltration in the form of monitoring programs surreptitiously installed on users’ computers. These monitoring applications are called spyware, and serve to record and transmit to third parties a user’s computer uses and behaviors. Frequently used by marketers to harvest customer data for segmentation and targeting purposes, spyware can serve to direct targeted advertising to user’s computers. Spyware is, for the most part, legally used, since installations typically come as part of the licensed “clickwrap” agreement that users agree to when downloading free utility and file sharing programs from the Internet. In some cases, spyware is installed as part of legitimate computer applications provide by business to their customers, to provide updating and communicative functionality to application users. But, it appears that the ability to monitor remotely and communicate with computers is an opportunity attractive enough to attract the attention of third parties with non-legal intentions. This tutorial focuses on the roles and functions of spyware, its use in both legitimate and non-legitimate ways, and a range of preventions and protections for avoiding and removing spyware that is installed on end user computers.