Josh the Aspie’s Blog

For those of you who are new to Josh the Aspie’s Blog, I’m currently working on a series of posts to let people know what certain terms on the internet mean when it comes to software.

In cases where the meaning is somewhat nebulous, I give the terms as I use them, rather than the meaning as used by the companies that don’t want the term applied to their software. Most of these terms have at least a partially negative connotation, so you can see why most companies wouldn’t want those labels applied to their software.

In this installment I’ll be talking about “Spyware”, one of the phrases most commonly applied to internet software.

There are several definitions of Spyware out there, like with any term people want to avoid sticking to them. Some people say that spyware is any software that installs it’s self on your computer without your knowledge. Others say that it’s any software that collects data from you without your explicit consent.

I personally say that Spyware is any piece of hardware or software that collects information from your computer and sends that information to a third party. Corporate accounting software that lets bosses see what you are doing on your computer when at work, for example, is Spyware even if you know it’s there.

In real life, sometimes you know who a spy is. Just because you know he’s there, doesn’t make i him any less of a spy. Similarly, spyware is spyware simply because that software is collecting data on behalf of someone else, whether you know that software is there or not.

By my definition, internet browsers like IE and Firefox aren’t spyware, because while they do send information across the internet, that information is only sent to the person you’re requesting the information from, and generally the main way this information is used is to send you the information you want (the webpage you’re browsing). This is like hiring someone to do your shopping for you. You ask them to go get something, and they go to the store, ask where something is, go get it, buy it, and bring it back to you.

A piece of spyware that attaches it’s self to the browser, however, is like someone that follows your hired shopper around, and then reports a list of things they bought to the NSA, or the Mob. Even worse would be a piece of spyware that digs down through the files on your computer. In essence, someone ransacking your house for information in the analogy we used above.

Things get a little bit hazy in the middle, though where there is a blurry grey line rather than a sharp black one. For example, the Google tool bar allows you to see the page rank of any web page you link too. Page Rank is simply a measure of how many pages link to that one. But in order to do this, the tool bar sends this information to Google, where they index the information, and store it away, along with records of every search you’ve ever made through the tool bar. And once you have the Google tool bar, you’re likely to use it to search, rather than going to Google, then searching, this makes it even easier to keep track of your search profile.

Why does Google do this? Simple, it lets them target adds to you even more effectively.

Remember that hired shopper we talked about? Well imagine if she kept a record of everything she ever bought for you, and anything else she notices about you. Let’s say she is a part of a shopping service, and they keep a database of all of this. Now, knowing this, companies pay to have the shopper… suggest… purchases to you. Going to buy a set of glasses? She’ll suggest a glasses case (and if you say to go ahead and buy one, she’ll pick up one owned by the company). Oh, and if you ask for salsa, and Pace happens to be one of the corporate sponsors for the shopping service, that’s the brand she’ll buy unless you tell her you don’t like pace. And then of course, she’ll have another customer as number 2 to try. Oh, and Taco shells just happen to be on sale at Walmart this week.

Now just imagine if the commercials on your TV were targeted to you based on this information.

Suddenly our perky little shopper doesn’t seem so innocent, does she? And just who is she working for? You… or the companies that want to sell their products? This is why a lot of people classify tool bars like these to be “Spyware” so often. I personally classify this as spyware.

There is other, software, however, that is definitely Spyware. Keyloggers, for example, are pieces of hardware or software that record what keystrokes a user enters into their computer, and then either transmit this information, or save it for later retrieval.

This is a tool that can sometimes be used to diagnose hardware. For example, let’s say whenever you push the “p” key on your keyboard, nothing happens. A technician with the right keylogging tool can put it in between your keyboard cord and the computer port, and record the keystrokes. They then retrieve the information to see if the keyboard actually sent the “p” character. If it didn’t, the problem is in your keyboard. If it did, you have a more serious problem, and part of your computer needs to be replaced.

Unfortunately, these tools are far more often used to spy on others. They are somewhat common in the work place, but I’ve actually had an acquaintance ask me if I could recommend a keylogging script embedded in another application so that he could infect the computer of a girl he was interested in. I didn’t give him any such tips, and did what I could to discourage him of this Black Hat notion.

This entry was posted on Tuesday, April 24th, 2007 at 11:37 pm and is filed under Technology, Terms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.