First of all, it's important to understand that the term spyware is often used as a generic catchall category that lumps together a number of distinctly different software traits. A perfectly normal application can easily be classified as spyware because of a single function it performs, when in reality, the function in question is legitimate. For example, the File menu in Microsoft Word; when you click it, a list of the most recent documents the application used to access is visible at the bottom of the menu.
This type of functionality is called a usage tracker and is harmless; in fact, it enhances your experience and productivity.
However, if a hidden application running on your computer without your knowledge silently tracks every document you open, and then stores this information for later use, it's considered malicious.

Web site cookies are an interesting extension of usage tracking; not only do they allow Web sites to provide personalised interfaces such as user accounts, but they also allow in-depth tracking of Web browsing behaviour.

Adware works on a similar principle and is also generally harmless, although often irritating. You've probably seen some shareware or freeware applications that, instead of having limited functionality to encourage you to register, display context sensitive advertisements in a window. It's common for shareware applications to use adware techniques to earn their creators some money through advert syndication, especially P2P (Peer to Peer) clients such as Kazaa or eDonkey, shown below.

There are a number of privacy concerns with adware, mainly because the advertisements displayed within the application are retrieved from a remote server on the Internet. As each advertisement is requested, the remote server logs your computer's IP (Internet Protocol) address and the time of the request, as well as other details. If you use the application over a period of time, the owners of the remote server can easily do the following:

• Build a picture of your usage of the application.
• Note the times you're most likely to be at the computer.
• Note the length of time you use the application.
• Note what you like doing when you use the application.

P2P clients are also often the source of less innocent, true spyware. In this case, the term spyware is used to refer to a specific type of malicious application rather than as a generic term. A common technique with many of these clients is to silently include a spyware application within the installation process. The Kazaa P2P client is notorious for doing this and includes (among other things) an application called Gator.

Gator is also a Trojan application that masquerades as a legitimate and useful program when, in reality, it's anything but. It integrates itself into the operating system and monitors which Web sites are viewed and which applications are accessed. This information is used to display pop-up advertisements directly on your desktop, containing supposed special offers for products that might interest you.

One of the most concerning "features" of Gator is its ability to store commonly used information for Web page forms. This is great if you want to save yourself from repeatedly entering your name and e-mail address, but not so good when Gator remembers your credit card number and gives it to Web sites without your consent.

Finally, and most seriously, there's an application category known as malware. This is software specifically designed to invade your computer, hijack normal operating system and application functions, and actively prevent you from removing it. The only difference between malware and a generic virus is that malware generally makes itself known through its visibly destructive actions. Some well-known examples of malware include the C2.Lop program, and the infamous CWS (CoolWebSearch).

Some variants of CWS actually invade the Microsoft Windows networking subsystem, integrating themselves with the operating system, which makes them difficult to remove.

At first glance, the spyware issues may seem quite obvious and easy to avoid. Unfortunately, the hallmark of really good spyware is that you don't know you're about to become a victim until it's too late.

Although spyware is commonly associated with malicious Web sites, it quite regularly gets bundled with legitimate software by less than scrupulous developers. And just to really push the point home, many software developers include a clause in their EULA (End-User License Agreement) that prevents you removing the spyware if you want to continue to use the application.
The eDonkey P2P client is just one example of this.

Economics drives the entire spyware industry, so it's no wonder that its creators want to make spyware as hard to remove and avoid as possible. The vast majority of Web-based spyware falls into one of three categories:

• Toolbar hijacks: The most common types. They place a custom toolbar within your Web browser that displays advertisements and tracks your Web browsing.
• Functionality hijacks: Prevents your Web browser and operating system from functioning normally. In some cases, they pop up application windows and advertisements on your desktop at random.
• Dialer applications: Forces your computer to dial premium rate and international phone numbers at random times.

Some users may find this a handy way to find related products and information, whereas others may consider it annoying and an invasion of privacy. Alexa is owned by Amazon.com, which does give it some legitimacy.

Although spyware tied to applications is relatively easy to avoid or disable, Web-based spyware is a whole different game, as discussed in the following sections.

• Browser Hijacking
• Dealing with Spyware
• Spyware Prevention
• How AntiSpyware Works
• AntiSpyware Products
• Ransomware