Why Spyware Works
Spyware fundamentally requires that a system that the user assumes to be trustworthy is operating under the direction or influence of a third party. We're dealing with the notion of “trusted computing base” here, which essentially means all hardware, software, and procedure used to enforce security policy. One of these components--software--is being subverted to allow the spyware provider to observe the user's behavior surreptitiously.
Note that when we talk about trust in this context, we're not using the same term that is used by some computer manufacturers now, in particular the Trusted Computing Group alliance and related efforts that have been known by such names as NGSCB, Longhorn, and Pallidum. Those systems are designed to make media publishers able to trust your system as a playback device that is under their control; these can actually break your security policy. [1]