Adware, Spyware and Monitoring Software-–What's What?
Submitted on Mar 18, 2005
Author: Alexandra Gamanenko
Everybody seems to have heard about spyware now. Media publish loads of surveys, "how to"s, and horror stories about the victims. Readers are supposed to know exactly what terms like "spyware", "adware", "malware" mean. Alas, their meanings may vary from article to article, from author to author-- some of them still use these terms interchangeably. It is not correct. Being an employee of an anti-spyware developing company, I guess I know this matter well enough to point that out.
The spyware problem is much broader and more complex than we think it to be; it isn't all about unwanted advertising, pop-ups, etc., etc. It isn't all about privacy, either. Adware by no means equals spyware. One needn't be a genius to suspect it. Adware is more annoying than really dangerous -- though it slows down PCs and drives people crazy. Programs used for targeted advertising, such as adware or cookies, make only a tiny part of existing programs which are usually called spyware, and the purposes they are used for are the most innocuous, I should say.
In my opinion, these programs should better be called "trackware" or something like that -- they keep track of PC users' activities (to target advertising better) but not actually spy. You disagree? Well, your browsing habits, things you buy online--all this stuff certainly is your private business. If somebody else uses this info to bombard you with ads, you get angry. You are quite right. One more question: what private info you value more--your browsing habits or your credit card number?
Social security numbers, credit card numbers, your bank accounts, passwords, another valuable (in the direct sense) data--can easily be stolen by means of software programs specially created for stealing data. That's what I usually mean when talking about "spyware." These programs spy--they log every your keystroke or mouse click, make screenshots, compile a neat log-file and send it to the person who installed the program (as a rule, remotely) on your PC.
Compared with keyloggers, adware seems pretty innocent, doesn't it? Even hijacking a browser looks like petty offence. To visualize difference between adware stuff and keylogging spyware just compare a juvenile delinquent and, say, a terrorist.
In view of that, software products which make possible unwanted advertising are rather distant relatives of real spyware. Cousins, so to speak. Second cousins twice removed, to be more precise. What about brothers and sisters?
Spyware has very much in common with monitoring software -- legitimate software products widely used for parental control, workplace surveillance, Internet access control, etc. They pretty often are based on the same technology. They are so similar, that a spy program can sometimes be used for monitoring purposes, and vice versa. So, what is the difference, if there is any?
There is a vague line between monitoring products and spy products -- this is the line between security management and security violation. However, there are two specific program functions that are typical to spy programs.
First, it is possible to carry out preliminary configuration of the monitoring module (it is usually called client, agent etc.), getting a compiled executable file as a result. This file, when installed, doesn't display any messages or create windows on the screen. It "hides itself" and "shows no signs of life". It is impossible to notice whether the particular PC is being secretly monitored or not. Of course, the user is not aware of being spied -- until the consequences show up.
Second, spy software always has built-in means of remote installation; as a rule, the pre-configured module (agent) is installed into the target PC remotely. Then the files with obtained information are sent via local network or emailed to the person who installed the spy program.
Last, but not least-- spyware is always used illicitly and behind the user's back-- here monitoring is performed by a person who has no right for it. Unlike spyware, legally used monitoring programs are almost never used secretly. Though in many states your boss doesn't break any law when he installs monitoring devices or software without your consent and never tells you about it, it happens not very often. As a rule, people at work are aware of being under surveillance. Managers are very likely to tell a new employee that there are things that he or she had better not do -- because there are means of finding that out. Kids know what websites they had better not visit--for the same reason. Remove these functions -- and you will get a monitoring program instead of spyware. If it is impossible to pre-configure the monitoring module and install it remotely; if you should have administrator privilege to install the program, it is monitoring software, not spyware.
Though the basic principle is often the same, purposes differ greatly. Monitoring software is most frequently used in large and middle-sized companies to ensure information security and local network accountability. At home more and more parents install it as a "life jacket" for their web-surfing kids. You probably use such a program already, or going to. Use it, but remember about the illegitimate relative of so useful and absolutely legal monitoring program installed on your own PC.
About the Author:
Alexandra Gamanenko works as a PR manager at the Raytown Corporation, LLC--monitoring and anti-monitoring software developing company. Website: http://www.anti-keyloggers.com
|