Interhack Home
Navigation

Publications
INFOSEC: Friend or Foe?
Identity Theft: What If We Didn't Dodge a Bullet?
Electronic Evidence in Criminal Defense
Anatomy of Online Fraud
Security: Built-in or Bolt-on?
Spying on Spyware
Introduction to Spyware
How Spyware Works
Why Spyware Works
Mitigating Spyware
Conclusions on Spyware
Cryptography in Practice
HIPAA Security HyperRule
 Publications


Introduction

Software to observe user behavior to collect information under users' noses is often called spyware. These systems have become central to a heated debate regarding online privacy, prompting the U.S. Congress to consider several bills.1 In addition, the very nature of such systems--the collection of data that would not otherwise be available outside of corporate firewalls--raises questions about how companies can remain compliant with privacy-oriented regulation like the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Gramm-Leach-Bliley Financial Modernization Act of 1999 (GLBA).


What is Spyware?

In its most simple form, spyware is software designed to collect information from computer system users without their knowledge. Typically, spyware can be classified as a type of trojan horse, which is a type of technology-based security incident, allowing for information security policy violation. Figure 1 shows where spyware fits within the broader context of policy enforcement.

Figure 1: Where Spyware Fits
\scalebox{.6}{\includegraphics{spywhere}}

Next

 
Contact Privacy Policy (c) 2001-2008 Interhack