August 20th, 2004, 03:01 AM
Spyware/Adware 2004: My Research Part One
Spyware/Adware 2004: My Research Part One
Greeting's AntiOnliner's. This tutorial is a tutorial but is also a paper/research report I'm doing on the whole spyware/malware/adware scene and how it has grown into a major and serious problem for internet users, network admins, and the like. This paper will cover how it developed, a little research on why companies have spyware in their programs, the positive and negative factors to spyware, and much more! Gear up, because I'm hoping this will be my best tutorial *prays*
What is Spyware/Adware, anyways?
my FAQ about Spyware :
So in short, collecting information without (or sometimes with) your knowledge and/or monitering your actions.
Spyware (as defined by a glossary or two) is a general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, like a remote control program used by a hacker, software companies have been known to use spyware to gather data about customers. The practice is generally frowned upon.
Okay, so we know that the issue concerning spyware/adware is an issue that has definitely made it's presence felt, moreso since 1999-2000. Companies such as Gator which had countless amounts of spyware in it's product's used it to moniter, advertise, and overall spy on the user who used the application. But are they wrong? Now, obviously that type of thing is an invasion of privacy. HOWEVER (and this is where user's ignorance comes into play) the user who downloaded the application more than likely failed to read the EULA (End User License Agreement) or the Terms of Agreement which usually mentions numerous things that could point out spyware is in the program. During my research, I saw a good "Quick Tip" actually on AO's mainpage from an old member, preacherman481. He put it in a very good way:
That is 100% correct. Usually the program will want to use part of your systems bandwidth for their own reasons/causes. However, they do this by trying to make it as secretive as possible. Also, they like to collect information about yourself, your PC, your location, etc. Why, do you ask they are doing this? Well.. it could be for numerous reasons some negative and some positive (depending on how you take it). Let's go over some of the reasons:
If the agreement says anything about "using part of your bandwith" or "collecting information" be very suspicious.
- It's intrusive.. 'nuff said.
- You don't want them to. It's that simple, and this is the big one. Why would you want YOUR personal information, system information, and your activities that you are doing being monitered by anyone? So the major negative is that you don't want them to.
- What do they need with your information anyway? I'm sure your asking yourself "Well, why the hell do they want to know these things anyway?". However, each company/creator of any spyware/adware type program has it's different motives (again going back to positive/negative reasons).
- It could be used against you. I mean, lets face it: If ANY private information fell into the wrong hands it could spell danger. Especially when that information concerns a users PC or a network admins server. Protecting a network's data is exactly what network admin's are supposed to do, and now with spyware/adware on the loose they now have another worry to worry about.
- "End User Insurance". Some companies (when confronted about having spyware in their programs) told the public they did it for the "End User Insurance". According to the companies, it can be used to positively make sure the user is using the product the way it is meant to instead of in any other way. A load of bull? I think so..
- Companies will also tell you that they do it to sort of "project" where the great deal of clients they get come from. They basically are saying they are handing out a survey to you, your filling it out and sending it back to them, ALL without you knowing.. They'd like to gather information about what type of system you have, user you are, etc so they know who they appeal to the most and who prefer's their product the most. It's all marketing/etc business and it's somewhat smart from a marketing-business point of view.
As you can see, the negative's DEFINITELY out weigh the positive's considering the fact that the positive's really isn't a good reason for companies/etc to put spyware/adware in programs. But anyways, let's move on.
Evolution of Adware/Spyware
This is something I found interesting during my research, and is taken from SDK's post on a ZDNet article. This is the interesting part (IMO):
This paragraph makes alot of great arguments and reasons as to the evolution of spyware/adware. One of them being that spyware, unlike viruses aren't usually written with the intent to vandalize the internet. Although many will disagree (myself somewhat included) that statement is true. The intent between a virus and a spyware application are extremely different (however both are annoying and both cause some form of damage). The second great argument/reason of this article is the point made about the rise of peer to peer (p2p) application's. The rise of both of them were along the same time frame (1999-2000) and coincided with each other. Peer-to-Peer networks such as Sharman Network's KaZaa had loads of spy/adware and a non-supported, ad-free version of it called KaZaa Lite was made. However, a lawsuit has stopped the latter from continuing. The last great reason is the rise of cost-per-click advertising. Everytime you click on an advertisement (blinking Bonzi Buddy, etc) you are probably installing some form of spy/adware on your system.
So why did adware evolve? Unlike viruses, it's not written by shadowy programmers looking to vandalize the Internet. Fundamentally, three forces created adware: the failure of the retail software model for low-priced software, the rise of peer-to-peer apps, and the rise of cost-per-click advertising.
Well, that about wrap's up Part One.. Part two will be on it's way soon and will discuss where else spyware/adware appear's, the ultimate kit against it, ultimate removal for most (if not all) spyware, comparisons to trojans/viruses, and more.. Remember, these are my notes and research on the subject so I hope you learn something from this. Thanks!
August 20th, 2004, 03:06 AM
Might wanna add some notes on polymorphism. Talk to groovicus about that, CWS is being a bitch lately.
Also check out articles about hydan. Although it's stego now, it's concept will be used in the future to avoid detection.
August 20th, 2004, 03:12 AM
Soda: Yeah, I'm actually going into CWS in my second paper (or Part two, whichever you will..). I'm still studying stego myself but am fascinated by the subject in it's own. Thanks for advice, will try to do in part two.
August 20th, 2004, 05:13 AM
Good start, looking forward to future chapters.
Might want to consider adding paragraph about some anti-virus programs not detecting spyware and the debate currenly underway in the AV vendor community about whether they should detect and remove.
August 20th, 2004, 02:16 PM
I'm just curious what's your definition of 'My Research'. Is Spyware/Malware/Adware the end result of your research? If it's not and you just put down the ideas already in existence, isn't it called Stealing?
August 20th, 2004, 02:20 PM
If it's my fault that my research is known fact, sure.. call it stealing. I call it studying, researching, and reporting a particular subject. So sure, now I'm "stealing"..