Editing Spyware (section)

==History==
[[File:Corte de EE.UU. rechaza apelación de NSO Group en litigio contra WhatsApp.jpg|thumb|An illustration of the [[Pegasus spyware]] by the [[NSO Group]], designed to be covertly and remotely installed on mobile phones running iOS or Android<ref>{{cite news |title=Pegasus: Spyware sold to governments 'targets activists' |url=https://www.bbc.com/news/technology-57881364 |access-date=6 April 2025 |work=BBC |date=18 July 2021}}</ref>]]
The first recorded use of the term [[:wikt:spyware|spyware]] occurred on October 16, 1995, in a [[Usenet]] post that poked fun at [[Microsoft]]'s [[business model]].<ref name="coinage">Vossen, Roland (attributed); October 21, 1995; [http://groups.google.com/group/rec..programmer/browse_thread/thread/86a426b0147496d8/3b5d1936eb4d0f33?lnk=st&q=&rnum=8#3b5d1936eb4d0f33 Win 95 Source code in c!!] posted to rec..programmer; retrieved from groups.google.com November 28, 2006.  {{dead link|date=June 2016|bot=medic}}{{cbignore|bot=medic}}</ref> ''Spyware'' at first denoted ''software'' meant for [[espionage]] purposes. However, in early 2000 the founder of [[Zone Labs]], Gregor Freund, used the term in a press release for the [[ZoneAlarm|ZoneAlarm Personal Firewall]].<ref name="wienbar">Wienbar, Sharon. "[http://news.cnet.com/2010-1032-5307831.html The Spyware Inferno] {{Webarchive|url=https://web.archive.org/web/20110510085748/http://news.cnet.com/2010-1032-5307831.html |date=May 10, 2011 }}". ''News.com''. August 13, 2004.</ref> Later in 2000, a parent using ZoneAlarm was alerted to the fact that ''[[Reader Rabbit]]'', educational software marketed to children by the [[Mattel]] toy company, was surreptitiously sending data back to Mattel.<ref name="Hawkins">Hawkins, Dana; "[https://www.usnews.com/usnews/culture/articles/000703/archive_015408.htm Privacy Worries Arise Over Spyware in Kids' Software]". ''U.S. News & World Report''. June 25, 2000 {{webarchive |url=https://web.archive.org/web/20131103060440/http://www.usnews.com/usnews/culture/articles/000703/archive_015408.htm |date=November 3, 2013 }}</ref> Since then, "spyware" has taken on its present sense.

According to a 2005 study by [[AOL]] and the National Cyber-Security Alliance, 61 percent of surveyed users' computers were infected with some form of spyware. 92 percent of surveyed users with spyware reported that they did not know of its presence, and 91 percent reported that they had not given permission for the installation of the spyware.<ref name="aolstudy">"[http://www.staysafeonline.info/pdf/safety_study_2005.pdf AOL/NCSA Online Safety Study] {{webarchive|url=https://web.archive.org/web/20051213090601/http://www.staysafeonline.info/pdf/safety_study_2005.pdf |date=December 13, 2005 }}". ''America Online'' & ''The National Cyber Security Alliance''. 2005.</ref>
{{as of|2006}}, spyware has become one of the preeminent security threats to computer systems running Microsoft Windows [[operating system]]s. Computers on which [[Internet Explorer]] (IE) was the primary [[web browser|browser]] are particularly vulnerable to such attacks, not only because IE was the most widely used,<ref name="pcworld-ie">Spanbauer, Scott. "[http://www.pcworld.com/article/id,117550-page,1/article.html Is It Time to Ditch IE?] {{Webarchive|url=https://web.archive.org/web/20061216202917/http://www.pcworld.com/article/id,117550-page,1/article.html |date=December 16, 2006 }}". ''Pcworld.com''. September 1, 2004</ref> but also because its tight integration with Windows allows spyware access to crucial parts of the operating system.<ref name="pcworld-ie"/><ref>Keizer, Gregg. "[http://www.techweb.com/wire/software/170100394 Analyzing IE At 10: Integration With OS Smart Or Not?]". ''TechWeb Technology News''. August 25, 2005. {{webarchive |url=https://web.archive.org/web/20070929092100/http://www.techweb.com/wire/software/170100394 |date=September 29, 2007 }}</ref>

Before [[Internet Explorer 6]] SP2 was released as part of [[Windows XP Service Pack 2]], the browser would automatically display an installation window for any [[ActiveX]] component that a website wanted to install. The combination of user ignorance about these changes, and the assumption by [[Internet Explorer]] that all [[ActiveX]] components are benign, helped to spread spyware significantly. Many spyware components would also make use of [[Exploit (computer security)|exploit]]s in [[JavaScript]], Internet Explorer and Windows to install without user knowledge or permission.

The [[Windows Registry]] contains multiple sections where modification of key values allows software to be executed automatically when the operating system boots. Spyware can exploit this design to circumvent attempts at removal. The spyware typically links itself to each location in the [[Windows Registry|registry]] that allows execution. Once running, the spyware will periodically check if any of these links are removed. If so, they will be automatically restored. This ensures that the spyware will execute when the operating system is booted, even if some (or most) of the registry links are removed.