Spyware (a portmanteau for spying software) is any malware that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's security, or other means.
[2] The first recorded use of the term spyware occurred on October 16, 1995, in a Usenet post that poked fun at Microsoft's business model.
However, in early 2000 the founder of Zone Labs, Gregor Freund, used the term in a press release for the ZoneAlarm Personal Firewall.
According to a 2005 study by AOL and the National Cyber-Security Alliance, 61 percent of surveyed users' computers were infected with some form of spyware.
Computers on which Internet Explorer (IE) was the primary browser are particularly vulnerable to such attacks, not only because IE was the most widely used,[7] but also because its tight integration with Windows allows spyware access to crucial parts of the operating system.
The combination of user ignorance about these changes, and the assumption by Internet Explorer that all ActiveX components are benign, helped to spread spyware significantly.
Many spyware components would also make use of exploits in JavaScript, Internet Explorer and Windows to install without user knowledge or permission.
The Windows Registry contains multiple sections where modification of key values allows software to be executed automatically when the operating system boots.
Some spyware, such as keyloggers, may be installed by the owner of a shared, corporate, or public computer intentionally in order to monitor users.
The Wall Street Journal analysis was researched by Brian Kennish, founder of Disconnect, Inc.[16] Spyware does not necessarily spread in the same way as a virus or worm because infected systems generally do not attempt to transmit or copy the software to other computers.
Usually, this effect is intentional, but may be caused from the malware simply requiring large amounts of computing power, disk space, or network usage.
Users assume in those situations that the performance issues relate to faulty hardware, Windows installation problems, or another malware infection.
When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system.
However, recent versions of these major firms home and business anti-virus products do include anti-spyware functions, albeit treated differently from viruses.
As most of the items are legitimate windows files/registry entries it is advised for those who are less knowledgeable on this subject to post a HijackThis log on the numerous antispyware sites and let the experts decide what to delete.
Usually, booting the infected computer in safe mode allows an anti-spyware program a better chance of removing persistent spyware.
In 2005, Sony BMG Music Entertainment was found to be using rootkits in its XCP digital rights management technology[31] Like spyware, not only was it difficult to detect and uninstall, it was so poorly written that most efforts to remove it could have rendered computers unable to function.
Depending on local laws regarding communal/marital property, observing a partner's online activity without their consent may be illegal; the author of Loverspy and several users of the product were indicted in California in 2005 on charges of wiretapping and various computer crimes.
[38] Anti-spyware programs often report Web advertisers' HTTP cookies, the small text files that track browsing activity, as spyware.
While they are not always inherently malicious, many users object to third parties using space on their personal computers for their business purposes, and many anti-spyware programs offer to remove them.
[47] On January 26, 2006, Microsoft and the Washington state attorney general filed suit against Secure Computer for its Spyware Cleaner product.
Despite the ubiquity of EULAs agreements, under which a single click can be taken as consent to the entire text, relatively little caselaw has resulted from their use.
Launched by France and the UK in early 2024, the Pall Mall Process[55] aims to address the proliferation and irresponsible use of commercial cyber intrusion capabilities.
The US Federal Trade Commission has sued Internet marketing organizations under the "unfairness doctrine"[56] to make them stop infecting consumers' PCs with spyware.
On November 21, 2006, a settlement was entered in federal court under which a $1.75 million judgment was imposed in one case and $1.86 million in another, but the defendants were insolvent[57] In a second case, brought against CyberSpy Software LLC, the FTC charged that CyberSpy marketed and sold "RemoteSpy" keylogger spyware to clients who would then secretly monitor unsuspecting consumers' computers.
A complaint filed by the Electronic Privacy Information Center (EPIC) brought the RemoteSpy software to the FTC's attention.
[60] In a suit brought in 2005 by Spitzer, the California firm Intermix Media, Inc. ended up settling, by agreeing to pay US$7.5 million and to stop distributing spyware.
[63] PC Pitstop settled, agreeing not to use the word "spyware", but continues to describe harm caused by the Gator/Claria software.
[64] As a result, other anti-spyware and anti-virus companies have also used other terms such as "potentially unwanted programs" or greyware to denote these products.
School officials were also granted the ability to take snapshots of instant messages, web browsing, music playlists, and written compositions.