Spyware is any computer program that reports usage patterns or specifics of the computer on which it is installed to a third party. Spyware is a type of malware that generally does not adversely affect the performance of the computer on which it is running, to avoid suspicion and detection. While the software itself does not directly harm the computer or the user, the information gained from such an attack is often used in spam advertising, credit card fraud and identity theft.
Spyware infections affect not only the users of the infected computer, but also those with whom they communicate. For instance, email addresses of correspondents is very often a target of spyware. Those addresses are sent to the spammers' computer, and personalized email advertisements (complete with names and other personal information) are then sent to the infected users' correspondents. Any information sent via email, including birthdays, home addresses and telephone numbers, credit card numbers, business details, and more are at the attacker's disposal.
In response to the rise in popularity of spyware, an anti-spyware industry has arisen alongside the anti-virus industry. Spyware removal software is now as common as virus removal software, and many Internet firewalls have filters designed to identify and block spyware from operating. However, these firewalls usually cannot block the download and installation of spyware as it is typically part of a larger program that is intentionally downloaded. Also, delivery of spyware via CD-ROM, such as was practiced by Sony, cannot be detected by Internet firewalls. Microsoft's free spyware removal program, Windows Defender, is also largely ineffective against the installation of spyware via the traditionally trusted CD-ROM drive.
As the typical home PC user does not read the EULA or modify the options of installed programs, a common method of installing spyware on a computer is to package it as part of a desirable program, such as a screensaver, and to fully disclose what it does. The attack vector relies on the fact that the disclosure is rarely read. This particular attack vector is legal, and some argue even morally correct, as it passes the responsibility of the infection directly onto the ignorant user who in effect agrees to the installation. The wording of such EULA's often state that the spyware will actually improve the user's online experience by storing valuable information in a safe manner. Which is true, in a way, however the fact that the information is surveyed by third parties is not typically disclosed in an obvious way.
Science Security Terminology Questions