Editing Spyware (section)

==Remedies and prevention==
{{see also|Computer virus#Virus removal}}
As the spyware threat has evolved, a number of techniques have emerged to counteract it. These include programs designed to remove or block spyware, as well as various user practices which reduce the chance of getting spyware on a system.

Nonetheless, spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve [[Backup|backing up]] user data, and fully reinstalling the [[operating system]]. For instance, some spyware cannot be completely removed with tools from [[Gen Digital|Symantec]], [[Microsoft]], [[PC Tools (company)]].

===Anti-spyware programs===
{{see also|Category:Spyware removal}}
Many programmers and some commercial firms have released products designed to remove or block spyware. Programs such as PC Tools' [[Spyware Doctor]], Lavasoft's ''[[Ad-Aware SE]]'' and Patrick Kolla's ''[[Spybot - Search & Destroy]]'' rapidly gained popularity as tools to remove, and in some cases intercept, spyware programs. In December 2004, [[Microsoft]] acquired the ''[[GIANT AntiSpyware]]'' software,<ref>{{cite web |url=https://news.microsoft.com/2004/12/16/microsoft-acquires-anti-spyware-leader-giant-company/ |title=Microsoft Acquires Anti-Spyware Leader GIANT Company |date= 16 December 2004 |access-date=21 December 2020 |website=PressPass |archive-url=https://web.archive.org/web/20050617082537/http://www.microsoft.com/presspass/press/2004/dec04/12-16GIANTPR.mspx |archive-date=17 June 2005 |url-status=live}}</ref> re{{nbh}}branding it as ''Microsoft AntiSpyware (Beta 1)'' and releasing it as a free download for Genuine Windows XP and Windows 2003 users. In November, 2005, it was renamed [[Windows Defender]].<ref>{{cite web |url=http://blogs.technet.com/antimalware/archive/2005/11/04/413700.aspx |title=What's in a name?? A lot!! Announcing Windows Defender! |website=[[Microsoft TechNet#Blogs|blogs.technet.com]] |last=Garms |first=Jason |date=4 November 2005 |access-date=21 December 2020 |archive-url=https://web.archive.org/web/20051123220536/http://blogs.technet.com/antimalware/archive/2005/11/04/413700.aspx |archive-date=23 November 2005}}</ref><ref>{{cite web |url=http://blogs.technet.com/stevedod/archive/2005/11/04/413701.aspx |title=Microsoft Windows AntiSpyware is now......&quot;Windows Defender&quot; |website=[[Microsoft TechNet#Blogs|blogs.technet.com]] |last=Dodson |first=Steve |date=4 November 2005 |access-date=21 December 2020 |archive-url=https://web.archive.org/web/20051124234251/http://blogs.technet.com/stevedod/archive/2005/11/04/413701.aspx |archive-date=24 November 2005}}</ref>

Major anti-virus firms such as [[NortonLifeLock|Symantec]], [[PC Tools (company)|PC Tools]], [[McAfee]] and [[Sophos]] have also added anti-spyware features to their existing anti-virus products. Early on, anti-virus firms expressed reluctance to add anti-spyware functions, citing lawsuits brought by spyware authors against the authors of web sites and programs which described their products as "spyware". However, recent versions of these major firms home and business anti-virus products do include anti-spyware functions, albeit treated differently from viruses. Symantec Anti-Virus, for instance, categorizes spyware programs as "extended threats" and now offers [[real-time protection]] against these threats.

Other Anti-spyware tools include FlexiSPY, Mobilespy, mSPY, TheWiSPY, and UMobix.<ref>{{Cite journal |last1=Qabalin |first1=Majdi K. |last2=Naser |first2=Muawya |last3=Alkasassbeh |first3=Mouhammd |date=2 August 2022 |title=Android Spyware Detection Using Machine Learning: A Novel Dataset |journal=Sensors |language=en |volume=22 |issue=15 |pages=5765 |doi=10.3390/s22155765 |pmid=35957337 |pmc=9371186 |issn=1424-8220 |doi-access=free }}</ref>

===How anti-spyware software works===
Anti-spyware programs can combat spyware in two ways:
# They can provide [[Real time protection|real-time protection]] in a manner similar to that of [[Anti virus|anti-virus]] protection: all incoming [[computer network|network]] data is scanned for spyware, and any detected threats are blocked.
# Anti-spyware software programs can be used solely for detection and removal of spyware software that has already been installed into the computer. This kind of anti-spyware can often be set to scan on a regular schedule.
Such programs inspect the contents of the [[Windows registry]], [[operating system]] files, and [[software|installed programs]], and remove files and entries which match a list of known spyware. Real-time protection from spyware works identically to real-time anti-virus protection: the software scans disk files at download time, and blocks the activity of components known to represent spyware.
In some cases, it may also intercept attempts to install start-up items or to modify browser settings. Earlier versions of anti-spyware programs focused chiefly on detection and removal. Javacool Software's [[SpywareBlaster]], one of the first to offer real-time protection, blocked the installation of [[ActiveX]]-based spyware.

Like most anti-virus software, many anti-spyware/adware tools require a frequently updated database of threats. As new spyware programs are released, anti-spyware developers discover and evaluate them, adding to the list of known spyware, which allows the software to detect and remove new spyware. As a result, anti-spyware software is of limited usefulness without regular updates. Updates may be installed automatically or manually.

A popular generic spyware removal tool used by those that requires a certain degree of expertise is [[HijackThis]], which scans certain areas of the Windows OS where spyware often resides and presents a list with items to delete manually. As most of the items are legitimate windows files/registry entries it is advised for those who are less knowledgeable on this subject to post a HijackThis log on the numerous antispyware sites and let the experts decide what to delete.

If a spyware program is not blocked and manages to get itself installed, it may resist attempts to terminate or uninstall it. Some programs work in pairs: when an anti-spyware scanner (or the user) terminates one running process, the other one respawns the killed program. Likewise, some spyware will detect attempts to remove registry keys and immediately add them again. Usually, booting the infected computer in [[safe mode]] allows an anti-spyware program a better chance of removing persistent spyware. Killing the process tree may also work.

===Security practices===
To detect spyware, computer users have found several practices useful in addition to installing anti-spyware programs.  Many users have installed a [[web browser]] other than [[Internet Explorer]], such as [[Mozilla Firefox]] or [[Google Chrome]]. Though no browser is completely safe, Internet Explorer was once at a greater risk for spyware infection due to its large user base as well as vulnerabilities such as [[ActiveX]] but these three major browsers are now close to equivalent when it comes to security.<ref>Stefan Frei, Thomas Duebendofer, Gunter Ollman, and Martin May, [http://www.codeengn.com/archive/Conference/Defcon/16/Understanding%20the%20Web%20browser%20threat%5Bfrei-panel%5D.pdf Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the insecurity iceberg] {{Webarchive|url=https://web.archive.org/web/20160911181857/http://www.codeengn.com/archive/Conference/Defcon/16/Understanding%20the%20Web%20browser%20threat%5Bfrei-panel%5D.pdf |date=September 11, 2016 }}, Communication Systems Group, 2008</ref><ref>{{cite journal|title= Security Busters: Web Browser security vs. rogue sites|journal= Computers & Security|volume= 52|pages= 90–105|doi= 10.1016/j.cose.2015.04.009|year= 2015|last1= Virvilis|first1= Nikos|last2= Mylonas|first2= Alexios|last3= Tsalis|first3= Nikolaos|last4= Gritzalis|first4= Dimitris}}</ref>

Some [[Internet service provider|ISP]]s—particularly colleges and universities—have taken a different approach to blocking spyware: they use their network [[Firewall (networking)|firewall]]s and [[web proxy|web proxies]] to block access to Web sites known to install spyware. On March 31, 2005, [[Cornell University]]'s Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, ''[[Marketscore]]'', and the steps the university took to intercept it.<ref>Schuster, Steve. "{{cite web |url=http://www.cit.cornell.edu/computer/security/marketscore/MarketScore_rev2.html |title= Blocking Marketscore: Why Cornell Did It |archive-url=https://web.archive.org/web/20070214111921/http://www.cit.cornell.edu/computer/security/marketscore/MarketScore_rev2.html |archive-date=February 14, 2007}}". Cornell University, Office of Information Technologies. March 31, 2005.</ref> Many other educational institutions have taken similar steps.

Individual users can also install [[Personal firewall|firewalls]] from a variety of companies.  These monitor the flow of information going to and from a networked computer and provide protection against spyware and malware.  Some users install a large [[hosts file]] which prevents the user's computer from connecting to known spyware-related web addresses.  Spyware may get installed via certain [[shareware]] programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack.<ref name=AAA>{{cite news|url=http://www.spywareloop.com/news/spyware |title=Information About Spyware in SpyWareLoop.com |author=Vincentas |newspaper=Spyware Loop |date=July 11, 2013 |access-date=July 27, 2013 |url-status=dead|archive-url=https://web.archive.org/web/20131103215947/http://www.spywareloop.com/news/spyware |archive-date=November 3, 2013 }}</ref>

Individual users can use cellphone / computer with physical (electric) switch, or isolated electronic switch that disconnects microphone, camera without bypass and keep it in disconnected position where not in use, that limits information that spyware can collect. (Policy recommended by NIST Guidelines for Managing the Security of Mobile Devices, 2013).