November 27, 2006 4:22 PM PST
Security from A to Z: Spyware
At its most malicious, the application will steal passwords and personal data such as financial information related to Internet banking or ecommerce, facilitating fraud and identity theft.
Spyware is now smart enough to recognize when a user is on a transactional Web site and will use that as a prompt to start relaying keystrokes or screenshots back to its master.
This issue is confused by the grey area of adware, which is often also installed on a user's machine without their full awareness.
However, adware, though highly controversial is by and large legal and will normally only relay information such as surfing habits in order to serve annoying pop-ups and redirect browser sessions. Its intent appears to be to annoy the user by bombarding them with unwanted ads rather than to defraud them.
Both spyware and adware applications will go to some lengths to disguise their installation. Often they are bundled with a download the user does want, or thinks they want.
Speaking last year, Tori Case, director of security management at CA, said: "What one person calls "spyware," another calls "adware," another calls "surveillance software" and yet another says it is not anything. That has led to a lot of confusion. If we could all agree, that would allow us to focus our energy on making better products and actually protecting against this stuff."
A movement against spyware has, however, been gathering momentum. In 2005, a coalition was formed with the aim of creating a definition of spyware and developing guidelines to control its use. Early this year, the coalition finalized a set of detection guidelines.
Natasha Lomas reported for Silicon.com in London.