Other types of hijacking exploit the tight links between Internet Explorer and Windows. It's common for spyware to use Windows policies to force the computer to act a certain way; for example, to change the Internet Explorer home page, and then set a policy to prevent you from changing back. This type of hijacking can be very difficult to reverse because it uses the Windows security system. In other words, to remove it, you actually fight Microsoft's security mechanisms!

Spyware can also use the multiple ways Windows knows to automatically start an application on boot, ensuring that the spyware is always running. Once running on a victim computer, many types of spyware actively seek out antispyware tools and attempt to disable them. They also manipulate the Windows networking system to prevent the unfortunate user from even downloading antispyware tools. Many of these programs are deliberately named to sound like legitimate operating system files, for example svchost32.exe; the legitimate Windows program is named svchost.exe and deleting the wrong one can cause serious damage.

Trojan Web Pages

One problem that's becoming more widespread is the use of Trojan Web page techniques to keep a computer infected. Newer versions of Windows, such as Microsoft Windows XP and Microsoft Windows Server 2003, use custom Web page interfaces to provide access to operating system functions. If spyware infects these pages, no matter how many times you delete the spyware-related executable files and Registry entries that appear, every time you access the infected management page, the spyware reinfects your computer. This is a technique used by the CWS malware.

Although this may seem like a desperate situation, things aren't as bad as they sound. Although spyware is annoying, a security risk, and in some cases very difficult to get rid of, all is not lost. It's your computer and you have overall control over it. You can remove most of the spyware and malware either manually or with an automated tool. Best of all, most spyware is very well known and removal techniques have been studied in depth by antispyware researchers. If you do have spyware, it's not the end of the world.

Moving On

In this lesson, you learned the important underlying theory behind spyware, its concepts, and terminology. Not all spyware is equal; techniques from simple toolbars to deeply integrated phone dialer systems are used.

Before diving into the technical aspect of spyware, it's important to make sure you understand the topics covered in this lesson, so be sure to do the assignment and take the quiz. Don't forget to visit the Message Board to discuss spyware issues with your fellow students and instructor.

In Lesson 2, you'll learn how to locate and remove spyware, no matter how hidden and secretive it may be. You'll also learn how to proactively protect against spyware and understand how antispyware researchers reverse engineer and remove new spyware.