What is spyware?

Spyware and adware covertly gather system or personal information from your computer and report that data to the perpetrator. This information is used by identity thieves or sold to advertisers to use as they wish. Adware is closely related to spyware and often uses information gathered by spyware to send unsolicited and sometimes inappropriate advertisements to your computer, sometimes as pop-up ads. The most commonly collected information includes your buying habits, history of website visits, personal information and email addresses. The most insidious (though rarest) spyware can collect passwords and financial account information.

Cookies are common programs that track your web browsing and report that information. Even if you don't mind the invasion of privacy, these mini-applications are always running and if you have too many tracking cookies, they can dramatically slow your computer.


Avoiding spyware in the first place

Experts say that there's a lot you can do to avoid spyware in the first place, including using alternative browsers and practicing defensive computing.

Currently, most spyware and adware is written to exploit Internet Explorer. Because of that, experts say, you can avoid some spyware if you avoid Internet Explorer entirely and switch to an alternative web browser such as Firefox. But while switching might protect you for a while, as other browsers gain market share, spyware and adware writers will target them as well. See our report on web browsers for alternatives to Internet Explorer. If you prefer to stick with IE, make sure you are using the latest version with all current security patches installed.

Defensive computing can also keep you safe from some spyware. Don't click inside pop-up windows, and always close them by using the "X" in the corner. If this does not work, close your browser and then reopen it. Deleting unsolicited email messages without opening them will protect against most malware spread through email. Read the end-user license agreement before you install software. When you click "I agree," you may be agreeing to install spyware with the software. Cookies can hold personal profiles and Internet browsing tracks. You can clear the cache (downloaded cookies) in Internet Explorer, but before you do, make sure you have your passwords handy, as you'll need to reenter them. Only download executable (*.exe) files from known and trustworthy websites.

Keep your operating system updated with the latest security patches and service packs. Use Microsoft's automatic updates for greater security. In Internet Explorer, make sure your security level is set to medium or higher. Lower settings allow spyware to enter your system's memory. Set your browser to deny installing Active X controls without asking permission.

Regularly back up your system, so you can reinstall your files in case a spyware invasion or crash forces you to reinstall your operating system. Be prepared with emergency disks or other system-restoration tools. See our report on online backup systems for options.


Beware of fake anti-spyware programs

Some spyware masquerades as legitimate anti-spyware or antivirus tools, often known as scareware. According to McAfee, nearly 70,000 people in the U.S. are duped by scareware each day. Experts say you should never click on a pop-up or email link that offers to scan your computer for viruses or spyware. Don't trust advertisements that claim your computer is already infected with malware or spyware. In addition, you should only download anti-spyware software from a reputable company.

Spyware detection and removal are the most important considerations when selecting an anti-spyware program. Compatibility with other security programs is also critical. Finally, anti-spyware software should include the following:

  • Real-time blocking and background monitoring that occurs before spyware is downloaded or installed. It is far easier to prevent spyware from installing in the first place than to clean out an infected system after the fact.
  • Automatic spyware definition updates. Some free tools require manual updates.
  • Restoration/rollback capability is a good feature if legitimate application components are inadvertently deleted. With this feature, components can be restored from quarantine so that the application will work again. Some applications may not work without their (non-threatening) spyware components.
  • Automatic scan scheduling allows you to set the day and time for spyware scans. Alternatively, you can instruct the software to run scans at start-up or shutdown.
  • Threat-level description and severity analysis. Having that information in the user interface allows you to make good decisions about what components to ignore, quarantine or delete.
  • Support features including online help, forums, email support and free telephone support. Given the reported difficulties some users have in getting anti-spyware utilities to upgrade cleanly or play nicely with other applications -- particularly security applications -- good product support can be crucial.

Back to top