The ASC [Anti-Spyware Coalition] drafted a definition of “spyware”
in August 2005. The ASC defines “spyware and other potentially unwanted
technologies” as those that “impair users’ control over material
changes that affect their user experience, privacy, or system security;
use of their system resources, including what programs are installed on
their computers; or collection, use, and distribution of their personal
or otherwise sensitive information.”
“Spyware” is something of a grey area, so there’s no copy-book
definition for it. However, as the name suggests, it’s often loosely
defined as software that is designed to gather data from a computer and
forward it to a third party without the consent or knowledge of the
computer’s owner. This includes monitoring key strokes, collecting
confidential information (passwords, credit card numbers, PIN numbers,
etc.), harvesting e-mail addresses, or tracking browsing habits.
There’s a further by-product of spyware where such activities
inevitably affect network performance, slowing down the system and
thereby affecting the whole business process.
The reason “spyware” is such a grey area is that it is really just a
catch-all term for a wide assortment of malware-related programs,
rather than a defined category. Most “spyware” definitions apply not
only to “adware”, “pornware” and “riskware” programs, but also to many
Trojan programs: Backdoor Trojans, Trojan Proxies and PSW Trojans. Such
programs have been around for almost 10 years, when the first AOL
password stealers appeared. However, at this time the term “spyware”
had not yet been used.
Another reference to spyware is “Adware”. In this case, spyware can
exist in the form of malicious backdoor programs that open up ports,
initiate an ftp server, or collect keystroke information and transmit
it back to the attacker. Spyware can exist in the form of legal (and
acceptable) commercial applications that give network administrators a
great deal of power both over what they can affect, and see happening
on managed systems.
Although such programs are not new, their use for malicious purposes
has increased in recent years and they have received much greater
attention, both from the media and from “spyware”-only vendors.
|