What Is Spyware and How Does It Work?
Just what is spyware? The term covers a wide variety of sinister software—programs that can do everything from capturing your passwords as you type to peeping at you through a webcam or internet-aware device.
As the name implies, a keylogger keeps a log of all the keys you type, everything from personal messages to username and password combinations. If you have a keylogger running on your system, chances are good that some crooked individual planted it specifically to spy on you. The keylogger can even be a physical device installed between the keyboard and the PC.
We call them keyloggers, but in truth, these nasty programs log a ton of information in addition to keystrokes. Most capture screenshots, save the clipboard’s contents, note every program you run, and log every website you visit. The perp can use these various threads of information to, for example, match up a username and password you typed with the website you were visiting at the time. That’s a potent combination.
As noted, a first-class malware protection utility should wipe out keyloggers, along with all other types of malware. However, some of them add another layer of protection, just in case a keylogger slips past. When this sort of protection is active, the keylogger typically receives random characters, or nothing at all, in place of your typing, and attempts at screen capture come up blank. Note, though, that other logging activities may not be blocked.
Of course, keylogger protection in software can’t prevent a hardware keylogger from capturing keystrokes. But what if you don’t use the keyboard? A virtual keyboard on the screen lets you enter your most sensitive data by clicking with the mouse. Some products go to extremes, scrambling the key locations or creating a flock of decoy cursors to foil screen-capture attacks. Virtual keyboards are often found in password manager tools as well, so you can enter the master password without fear of having it captured.
How Do Trojans Steal Your Data?
The historic Trojan horse looked innocuous enough to the soldiers of Troy that they brought it inside the city walls. Bad idea: Greek soldiers exited the horse in the night and conquered the Trojans. The malware type aptly named Trojan horse works in much the same way. It looks like a game, a utility, or a useful program of some kind, and it may even perform its promised function. But it also contains malicious code.
So, now that you’ve brought it inside your city walls, what can the Trojan horse do? The possibilities are vast, but I’ll focus on the ones designed to steal your personal data. They silently sift through your files and documents, seeking information to send back to malware HQ. Credit card details, social security numbers, passwords—the malware coder can monetize these and other kinds of personal information.
One way to foil this sort of attack is to use encryption software to protect your most important files. You’ll find encryption built into many security suites, among them Trend Micro Maximum Security and G Data Total Security. Note, though, that it’s tough to find and encrypt every shred of personal data. It’s a good thing your antivirus usually whacks these nasties before they launch.
A variation on this theme creates what’s called a man-in-the-middle attack. All your internet traffic gets redirected through a malware component that captures and forwards personal information. Some banking Trojans take this a step beyond, actually modifying the traffic they handle. For example, the Trojan might transfer $10,000 out of your account but strip that data from the activity log that you see.
You can prevent man-in-the-middle and other types of browser-based spying by using a hardened browser. Implementations vary from suite to suite. Some wrap your existing browser in added protective layers. Some offer a separate high-security browser. And some move your browsing to a secure desktop, entirely separate from the normal desktop. The smart ones automatically offer their secure browser when they see you’re about to visit a financial site.
Routing your traffic through a Virtual private network (VPN) is another way to foil many kinds of browser-level spying. You can definitely use a vpn, along with your malware protection, for a suspenders-and-belt approach! More and more security suites are including a VPN component, though some charge extra for full functionality.
What if the worst happens and an evildoer uses your personal information to steal your identity? Norton 360 With LifeLock is all about detecting identity theft attempts early and helping you recover from the effects of such an attack. It’s our Editors’ Choice among security suites that include identity theft protection.
How Do Advertisers Track Your Browsing Habits?
Have you noticed how when you look at a product on a shopping site, you start seeing ads for it on other sites? Online advertisers really want to present ads that you might click on. To that end, they use a variety of techniques to pin down your browsing habits. They don’t necessarily know your name or your email address, but they do know “that guy who keeps shopping for Millie Bobby Brown action figures.”
Creepy, right? The good news is you can set your browser to tell every site you visit that you don’t want them tracking you. The bad news is they can (and do) totally ignore that request.
The advertising and analysis networks that perform this kind of tracking are necessarily large. It’s not too hard to compile a list of them and actively block their tracking, or at least give the user the option to do so. This active Do Not Track functionality is sometimes paired with general-purpose ad blocking. Note, too, that using a secure browser or a VPN can help to throw off the trackers.
The most advanced trackers create a fingerprint by quizzing your browser about all kinds of details, fiddly stuff like what extensions are installed—even what fonts are available. The usual active Do Not Track implementations can’t help you against these. If you really, really hate the idea of having your online behavior tracked, consider giving Avast AntiTrack a try. This tool keeps tweaking the data that goes into your browser fingerprint so the trackers lose track of you.
Of course, sometimes you can’t avoid giving out your personal details, like giving your email address and credit card to a shopping site. The etailer may not be spying on you, but others can get hold of that data. Using a tool like IronVest, you can go ahead and shop online without ever giving out your real email address or credit card. IronVest includes active Do Not Track, password management, and more.
What About Spyware That Uses Public Data?
Real-world espionage experts don’t spend all their time hiding behind potted plants or focusing binoculars on their targets. They can often gather an impressive dossier just by collating information that’s publicly available. Spies call this OSINT, which stands for Open-Source Intelligence. The same is true of a growing class of businesses called data brokers or data aggregators. These snoops can assemble a thorough profile of you, your neighbor, and just about anyone from public information.
These businesses have to obey the law, and that includes the laws about removing your personal information from their files if you ask them. But how do you know to opt out when you don’t even know they’ve got your profile?
A growing army of privacy services has arisen to help. These services search dozens or even hundreds of data broker sites to find your information and then automate the process of opting you out. Optery is our current favorite in this realm. It handles hundreds of brokers and verifies that your data has been removed. It will even search out your data for free if you’re willing to make the opt-out requests yourself.
What’s the Best Webcam Antispyware
That webcam on your laptop or all-in-one computer makes video conferencing super easy. You can tell when it’s active because of the little light next to it. Right? Well, no. There are varieties of malware that can turn on the webcam and watch you without causing the light to reveal their activities.
Facebook’s Mark Zuckerberg famously tapes over his webcam for privacy. If using tape seems déclassé, you can get a sliding webcam cover for just a few bucks. But, with the right security software, you don’t need to physically cover the camera.
Products from Sophos and Trend Micro include a component that monitors any program that tries to activate the webcam. Norton has a similar feature. Authorized programs, like your video conferencing tool, get access without a problem. But if an unknown program tries to peek through the camera, you get a warning, as well as a chance to give the spyware a black eye.
Do My Smart Devices Need Antispyware Software?
Your home network supports a collection of very visible computers and mobile devices. Behind the scenes, though, it also supports an even bigger collection of Internet of Things (IoT) devices. Connected garage doors, washing machines, light bulbs—everything’s on the network these days. Toys, too. It’s cool that your child’s new doll can learn her name and converse realistically. It’s not so cool when it turns out that the doll is spying on you. (No, the doll’s name is Cayla, not Chuckie.)
There are occasional instances like the connected doll where IoT devices deliberately collect data about you. But the lack of security in most connected devices is even more worrisome. Spending extra bucks to secure a smart light bulb makes no financial sense in some manufacturers’ eyes. The competitor who skips security can get to market faster and for less. Ultimately, you may pay the cost for their negligence.
Any unsecured IoT device can potentially offer spies a view into your house and your habits. Ironically, hacked security cameras provide a lovely view for hackers. Even something as simple as a thermostat that adjusts the temp when you’re home can reveal that you’ve gone on vacation.
You can’t go around installing antivirus on each connected doorbell, refrigerator, and bathroom scale. The only way to truly secure these devices is to install a network security device like Firewalla. Without adding hardware, you can at least keep track of just what lives in your home network.
Some security products now include variations on the theme of a network scanner. Features include verifying your network security settings, cataloging all devices on the network, and flagging devices that may be vulnerable to attack. If your antivirus or security suite includes this feature, be sure to take advantage of it and learn as much as you can. If you didn’t get this feature as part of your protection, consider trying the free Bitdefender Home Scanner.
How Does Antispyware Software Work?
The spyware protection features I’ve mentioned are important, but they’re not the only tools available. I mentioned encrypting your sensitive files. For maximum security, you must also use secure deletion to erase the originals beyond the possibility of forensic recovery. And yes, quite a few antivirus and security suite products offer secure deletion.
If spyware does get a foothold on your PC, it can’t hoover up data that isn’t there. Many security products can clear traces of your browsing activity, general computer activity, or both. As a bonus, getting rid of unnecessary files can free up disk space and may boost performance.
It’s unlikely that a spy would get physical access to your computer and copy sensitive documents to a USB drive. That’s something that happens in the movies. But if you have the slightest worry about that possibility, consider choosing a security suite that lets you ban the use of any USB drive that you haven’t previously authorized. G Data Total Security, ESET Smart Security Premium, and Avira Prime are among the products that offer this kind of device control.
As I noted earlier, this article focuses on products that employ techniques aimed specifically at different types of spyware. It’s not about the best general-purpose security software. In the end, the most powerful tool you can apply to keep yourself safe from spyware is a top-of-the-line antivirus or security suite. These products handle all kinds of malware, including threats much tougher than mere spyware.
Editors’ Note: Based on the increasing censure and criticism of Kaspersky by US government agencies, foreign agencies, and informed third parties, we can no longer recommend Kaspersky’s products. We continue to evaluate these products on their merits and report on them for those who wish to decide for themselves.