1 / 23

Spyware

Spyware. Ryan Myers Andrew Sullivan ECE 4112 – Spring 2005. Overview. What is Spyware? Examples of Spyware Spyware prevention techniques Spyware detection and removal Tools explored in the lab. What is Spyware? . Spyware is a piece of software intended to monitor computer usage

mora
Download Presentation

Spyware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Spyware Ryan Myers Andrew Sullivan ECE 4112 – Spring 2005

  2. Overview • What is Spyware? • Examples of Spyware • Spyware prevention techniques • Spyware detection and removal • Tools explored in the lab ECE 4112 - Internetwork Security

  3. What is Spyware? • Spyware is a piece of software intended to monitor computer usage • This data can be collected anonymously for statistical purposes or with knowledge of whose usage they are tracking • Spyware comes in basically two flavors • Commercial Spyware • Subversive Spyware ECE 4112 - Internetwork Security

  4. Commercial Spyware • Commercially sold products for monitoring computer usage • These include mostly keyloggers and similar monitoring software • This software is intended to be used in legitimate situations such as monitoring employee computer usage but has a large potential for abuse ECE 4112 - Internetwork Security

  5. Subversive Spyware • Software usually bundled with legitimate useful software for tracking computer usage • In most cases this is technically legal because it is disclosed in the End-User License Agreement • Despite the legality a large amount of spyware uses underhanded tactics • Confusing wording in the EULA • Often doesn’t disclose spyware “up front” and relies on people not reading the EULA ECE 4112 - Internetwork Security

  6. Where is Spyware found? • Spyware is most often found in Downloading/Sharing utilities and Media players • Spyware is almost always associated with free software ECE 4112 - Internetwork Security

  7. A Few Examples of Spyware • BonziBuddy • Monitors user searches • Provides Targeted Ads • Bearshare • SaveNow • Bundled with Bearshare • Collects User Information • Provides Targeted Ads • Alexa Toolbar • Collects User Data • Provides Targeted Content ECE 4112 - Internetwork Security

  8. How Spyware Works • Varies from Program to Program • Some programs only send aggregate statistical data • Others associate data to a unique ID called a Global User ID (GUID) ECE 4112 - Internetwork Security

  9. How Spyware Works • Spyware “phones home” with usage data • Vendors store this data and often use it to send targeted advertising Diagram Courtesy of Symantec (see references) ECE 4112 - Internetwork Security

  10. Is Spyware legal? • Technically yes. Many if not all Spyware programs include End-User License Agreements (EULA) which a user must accept to install the software • These agreements disclose the nature of the spyware bundled with the software • However the legality of many of these EULAs is being contested • They are often verbose, ambiguous, and full of legalese • Most users are completely unaware they are using spyware in their applications ECE 4112 - Internetwork Security

  11. Is Google and GMa Spyware? • Recent Controversy has arisen over Google’s Popular new e-mail service GMail • GMail provides targeted ads based upon the content of your e-mail • Google also keeps a GUID for it’s users which is maintained across search, mail, and other services ECE 4112 - Internetwork Security

  12. Google’s Position • Google claims it protects user’s privacy by claiming • It will not reveal information to 3rd parties • It’s targeted ads are “better” than non-targeted ads • Scanning of e-mail for ads is a completely automated process • E-mail is already scanned for spam and virus detection ECE 4112 - Internetwork Security

  13. EPIC’s position on GMail • Users who send mail have not agreed to Gmail’s EULA • Google’s GUID tracks users across it’s services • Google encourages users to keep E-mail indefinitely and makes it very difficult to delete E-mail • Google has a rather vague privacy policy • This policy can be changed without notice • Google reserves the right to share information collected about you amongst it’s services to “improve the quality of service” ECE 4112 - Internetwork Security

  14. Spyware prevention techniques • Awareness • Be knowledgeable and conscious of software with spyware bundled • Check Known Spyware Lists such as http://www.spywareguide.com • Application protection programs • These are programs that prevent programs from running that are not on a baseline list you set without your consent • One such application is BlackICE from ISS ECE 4112 - Internetwork Security

  15. Spyware detection • Even the most cautious computer user is likely to have spyware installed on his or her computer • Many solutions exist to detect spyware these include • XRayPC • Ad-Aware • Spybot Search & Destroy ECE 4112 - Internetwork Security

  16. Spyware removal • Removal of spyware can be accomplished either automatically or manually • The Automated method includes the use of programs like Ad-Aware and Spybot • Manual removal often requires editing registry keys, deleting files, or even replacing system files ECE 4112 - Internetwork Security

  17. Automatic Spyware Removal • Automated removal utilities are often quick and easy to use but can sometimes be ineffective in removing all spyware • Particularly devious spyware is often only completely removed manually ECE 4112 - Internetwork Security

  18. Manual Spyware Removal • Most spyware programs have well documented procedures for manually removing them • Often this documentation is provided by independent spyware sites but occasionally the manufacturer provides such information • The procedure for manual removal is often fairly complex and time consuming ECE 4112 - Internetwork Security

  19. Lab: Commercial Spyware • In the lab we will be using XPCSpy which is a full-featured Keylogger available as a free trial • This logger tracks all activities on a computer including keys typed, programs ran, web sites visited, and more • XPCSpy has the option of transmitting logs via FTP which will be explored in this lab ECE 4112 - Internetwork Security

  20. XPCSpy Detection • Detection of this software is rather easy as it is designed for legitimate use and doesn’t have a high need for secrecy • The FTP transfer of logs is a particular weakness of this software as no encryption is used ECE 4112 - Internetwork Security

  21. Lab: Subversive Spyware • For this portion of the lab we will use Gator and BonziBuddy • In both cases spyware is bundled with useful applications • Detection and removal of this software is done with automated utilities Ad-Aware and Spybot ECE 4112 - Internetwork Security

  22. Summary • Spyware is software that collects computer usage data. • Two Types: • Commercial: Commercially sold products such as keyloggers • Subversive: Bundled with software often unknown to the user • Dealing with Spyware • Prevention (Awareness and Application protection) • Detection (Ad-Aware, Spybot, XRay-PC) • Removal (Manually, Ad-Aware, Spybot) ECE 4112 - Internetwork Security

  23. References • Post, André. The Dangers of Spyware. Symantec Security Response. http://enterprisesecurity.symantec.com/PDF/danger_of_spyware.pdf • Gmail Privacy FAQ. Electronic Privacy Information Center. http://www.epic.org/privacy/gmail/faq.html • GMail and Privacy. http://gmail.google.com/gmail/help/more.html • Spyware Guide. http://www.spywareguide.com/index.php ECE 4112 - Internetwork Security

More Related