Spyware is software which is installed without the user’s knowledge and may gather information about that user's internet browsing habits, intercept their personal data, and transmit this information to a third party. Spyware commonly comes in the form of:
This type of malicious software pretends to be a useful program while secretly performing another function, eg spying on a user's activities. Trojan software is often used to create a ‘Backdoor’ which will allow unauthorised access to the user’s computer without their knowledge. Users may download and install what they believe to be legitimate software without realising that a Trojan horse will also be installed.
Examples of Trojans might be:
Adware is not always malicious. It is not uncommon for developers working on their own to agree to include advertising within the software that they produce. They can legitimately include adware software in their product. They will be paid to allow this to happen and the software will show adverts when in use.
However, adware can also be installed without the user’s knowledge or maliciously as part of another piece of software. Adware can be setup to gather information about browsing habits.
This information can be sent back to the person who created the malicious adware and is a security threat. When the adware becomes intrusive like this, then it is spyware. Adware installed with the ability to review browsing habits makes use of tracking cookies.
Cookies are text files that contain information about browsing habits, such as the website visited and the username used to access the site. They can also track things like the amount of time spent on a site, or the multimedia that was watched as well as user defined browser settings. Cookies are saved on your computer to reduce the load that would be placed on servers if this information had to be held there.
However, there are ‘tracking cookies’ and these cookies are designed to send as much data as possible to external servers/third parties. Sometimes the tracking cookie is used for market research and no theft of data is intended but on other occasions programmers can set the tracking cookie up to send them usernames and personal details. As well as concern around identity theft, these cookies can be used to target users with personalised adverts.