If you believe the stories, the Internet is not a safe place. At every click, you run the risk of your computer being silently coerced into giving up passwords, credit card details, and private documents. You hardly dare visit a new Web site for fear of being targeted by this malicious software. Fortunately, the reality is somewhat different, and in this course, you'll learn the truth behind spyware.

This course covers concepts and topics in depth that are capable of causing damage to your computer. Be sure to read the course and follow instructions with care, especially where malicious software is being discussed!

First of all, it's important to understand that the term spyware is often used as a generic catchall category that lumps together a number of distinctly different software traits. A perfectly normal application can easily be classified as spyware because of a single function it performs, when in reality, the function in question is legitimate. For example, the File menu in Microsoft Word; when you click it, a list of the most recent documents the application used to access is visible at the bottom of the menu.

This type of functionality is called a usage tracker and is harmless; in fact, it enhances your experience and productivity. However, if a hidden application running on your computer without your knowledge silently tracks every document you open, and then stores this information for later use, it's considered malicious.

You'll find out about spam, the other part of this course title, in the second half of this course.

Web site cookies are an interesting extension of usage tracking; not only do they allow Web sites to provide personalized interfaces such as user accounts, but they also allow in-depth tracking of Web browsing behavior. Adware works on a similar principle and is also generally harmless, although often irritating. You've probably seen some shareware or freeware applications that, instead of having limited functionality to encourage you to register, display context sensitive advertisements in a window. It's common for shareware applications to use adware techniques to earn their creators some money through advert syndication, especially P2P (Peer to Peer) clients such as Kazaa or eDonkey, shown in Figure 1-1.

Figure 1-1: The eDonkey P2P client displays tracking advertisements in the toolbar.

Adware

There are a number of privacy concerns with adware, mainly because the advertisements displayed within the application are retrieved from a remote server on the Internet. As each advertisement is requested, the remote server logs your computer's IP (Internet Protocol) address and the time of the request, as well as other details. If you use the application over a period of time, the owners of the remote server can easily do the following:

• Build a picture of your usage of the application.
• Note the times you're most likely to be at the computer.
• Note the length of time you use the application.
• Note what you like doing when you use the application.

P2P Clients

P2P clients are also often the source of less innocent, true spyware. In this case, the term spyware is used to refer to a specific type of malicious application rather than as a generic term. A common technique with many of these clients is to silently include a spyware application within the installation process. The Kazaa P2P client is notorious for doing this and includes (among other things) an application called Gator.

Gator is also a Trojan application that masquerades as a legitimate and useful program when, in reality, it's anything but. It integrates itself into the operating system and monitors which Web sites are viewed and which applications are accessed. This information is used to display pop-up advertisements directly on your desktop, containing supposed special offers for products that might interest you. One of the most concerning "features" of Gator is its ability to store commonly used information for Web page forms. This is great if you want to save yourself from repeatedly entering your name and e-mail address, but not so good when Gator remembers your credit card number and gives it to Web sites without your consent.

Malware

Finally, and most seriously, there's an application category known as malware. This is software specifically designed to invade your computer, hijack normal operating system and application functions, and actively prevent you from removing it. The only difference between malware and a generic virus is that malware generally makes itself known through its visibly destructive actions. Some well-known examples of malware include the C2.Lop program, and the infamous CWS (CoolWebSearch). Some variants of CWS actually invade the Microsoft Windows networking subsystem, integrating themselves with the operating system, which makes them difficult to remove.

This course concentrates on spyware and malware; the two types of malicious software that are most important to you. CWS is covered in more detail in Lesson 2.