spyware n.
Skip this Video
Loading SlideShow in 5 Seconds..
Spyware PowerPoint Presentation


501 Views Download Presentation
Download Presentation


- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Spyware Ryan Myers Andrew Sullivan ECE 4112 – Spring 2005

  2. Overview • What is Spyware? • Examples of Spyware • Spyware prevention techniques • Spyware detection and removal • Tools explored in the lab ECE 4112 - Internetwork Security

  3. What is Spyware? • Spyware is a piece of software intended to monitor computer usage • This data can be collected anonymously for statistical purposes or with knowledge of whose usage they are tracking • Spyware comes in basically two flavors • Commercial Spyware • Subversive Spyware ECE 4112 - Internetwork Security

  4. Commercial Spyware • Commercially sold products for monitoring computer usage • These include mostly keyloggers and similar monitoring software • This software is intended to be used in legitimate situations such as monitoring employee computer usage but has a large potential for abuse ECE 4112 - Internetwork Security

  5. Subversive Spyware • Software usually bundled with legitimate useful software for tracking computer usage • In most cases this is technically legal because it is disclosed in the End-User License Agreement • Despite the legality a large amount of spyware uses underhanded tactics • Confusing wording in the EULA • Often doesn’t disclose spyware “up front” and relies on people not reading the EULA ECE 4112 - Internetwork Security

  6. Where is Spyware found? • Spyware is most often found in Downloading/Sharing utilities and Media players • Spyware is almost always associated with free software ECE 4112 - Internetwork Security

  7. A Few Examples of Spyware • BonziBuddy • Monitors user searches • Provides Targeted Ads • Bearshare • SaveNow • Bundled with Bearshare • Collects User Information • Provides Targeted Ads • Alexa Toolbar • Collects User Data • Provides Targeted Content ECE 4112 - Internetwork Security

  8. How Spyware Works • Varies from Program to Program • Some programs only send aggregate statistical data • Others associate data to a unique ID called a Global User ID (GUID) ECE 4112 - Internetwork Security

  9. How Spyware Works • Spyware “phones home” with usage data • Vendors store this data and often use it to send targeted advertising Diagram Courtesy of Symantec (see references) ECE 4112 - Internetwork Security

  10. Is Spyware legal? • Technically yes. Many if not all Spyware programs include End-User License Agreements (EULA) which a user must accept to install the software • These agreements disclose the nature of the spyware bundled with the software • However the legality of many of these EULAs is being contested • They are often verbose, ambiguous, and full of legalese • Most users are completely unaware they are using spyware in their applications ECE 4112 - Internetwork Security

  11. Is Google and GMa Spyware? • Recent Controversy has arisen over Google’s Popular new e-mail service GMail • GMail provides targeted ads based upon the content of your e-mail • Google also keeps a GUID for it’s users which is maintained across search, mail, and other services ECE 4112 - Internetwork Security

  12. Google’s Position • Google claims it protects user’s privacy by claiming • It will not reveal information to 3rd parties • It’s targeted ads are “better” than non-targeted ads • Scanning of e-mail for ads is a completely automated process • E-mail is already scanned for spam and virus detection ECE 4112 - Internetwork Security

  13. EPIC’s position on GMail • Users who send mail have not agreed to Gmail’s EULA • Google’s GUID tracks users across it’s services • Google encourages users to keep E-mail indefinitely and makes it very difficult to delete E-mail • Google has a rather vague privacy policy • This policy can be changed without notice • Google reserves the right to share information collected about you amongst it’s services to “improve the quality of service” ECE 4112 - Internetwork Security

  14. Spyware prevention techniques • Awareness • Be knowledgeable and conscious of software with spyware bundled • Check Known Spyware Lists such as • Application protection programs • These are programs that prevent programs from running that are not on a baseline list you set without your consent • One such application is BlackICE from ISS ECE 4112 - Internetwork Security

  15. Spyware detection • Even the most cautious computer user is likely to have spyware installed on his or her computer • Many solutions exist to detect spyware these include • XRayPC • Ad-Aware • Spybot Search & Destroy ECE 4112 - Internetwork Security

  16. Spyware removal • Removal of spyware can be accomplished either automatically or manually • The Automated method includes the use of programs like Ad-Aware and Spybot • Manual removal often requires editing registry keys, deleting files, or even replacing system files ECE 4112 - Internetwork Security

  17. Automatic Spyware Removal • Automated removal utilities are often quick and easy to use but can sometimes be ineffective in removing all spyware • Particularly devious spyware is often only completely removed manually ECE 4112 - Internetwork Security

  18. Manual Spyware Removal • Most spyware programs have well documented procedures for manually removing them • Often this documentation is provided by independent spyware sites but occasionally the manufacturer provides such information • The procedure for manual removal is often fairly complex and time consuming ECE 4112 - Internetwork Security

  19. Lab: Commercial Spyware • In the lab we will be using XPCSpy which is a full-featured Keylogger available as a free trial • This logger tracks all activities on a computer including keys typed, programs ran, web sites visited, and more • XPCSpy has the option of transmitting logs via FTP which will be explored in this lab ECE 4112 - Internetwork Security

  20. XPCSpy Detection • Detection of this software is rather easy as it is designed for legitimate use and doesn’t have a high need for secrecy • The FTP transfer of logs is a particular weakness of this software as no encryption is used ECE 4112 - Internetwork Security

  21. Lab: Subversive Spyware • For this portion of the lab we will use Gator and BonziBuddy • In both cases spyware is bundled with useful applications • Detection and removal of this software is done with automated utilities Ad-Aware and Spybot ECE 4112 - Internetwork Security

  22. Summary • Spyware is software that collects computer usage data. • Two Types: • Commercial: Commercially sold products such as keyloggers • Subversive: Bundled with software often unknown to the user • Dealing with Spyware • Prevention (Awareness and Application protection) • Detection (Ad-Aware, Spybot, XRay-PC) • Removal (Manually, Ad-Aware, Spybot) ECE 4112 - Internetwork Security

  23. References • Post, André. The Dangers of Spyware. Symantec Security Response. • Gmail Privacy FAQ. Electronic Privacy Information Center. • GMail and Privacy. • Spyware Guide. ECE 4112 - Internetwork Security