Helping people with computers... one answer at a time.
Much of what we call spyware, like adware, can be relatively benign. But more and more there's a more intrusive, damaging kind of spyware as well, better called "malware".
Suppose someone had an MSN instant message conversation on a computer that had spyware on it (unbeknownst to them). Could a hacker access these messages, without access to the computer that had the spyware on it, where the messages were sent from? In other words, from an unrelated computer source?
•
The scenario you outline is a little unclear, but the short answer is probably ... Yes
Spyware can be extremely invasive and, for lack of a better term, "sneaky".
There are some very frightening scenarios.
•
Much of what we've called "spyware" has for many years been relatively benign. It's been annoying and intrusive, but not particularly malicious.
However, particularly with the lines blurring between spyware and viruses, the fact is that most malware these days is far from benign. Not only can spyware "spy", it can push ads, infect other machines, send spam, and even in some scary scenarios poke around in your bank account when you're not looking.
The term "malware" - for MALicious softWARE - is actually much more appropriate these days as spyware is doing a lot more than just spying.
Let's look at the scenario you've outlined as an example. If your machine or your friend's machine has spyware of some sort it is very possible that it could, while you are conversing in an instant messaging program:
-
Write your conversations to a hidden file and leave open a "back door" that allows the hacker to retrieve that file at a later date.
-
Intercept everything you type and everything you receive, and send a copy to another computer somewhere else on the internet as you type it.
-
Or any of a number of other things...
This is also a good example of the fact that there are both "good" and "bad" types of spyware.
While monitoring your IM conversations seems like a very bad thing on the surface, it's exactly what we ask parental monitoring and control software to do. Legitimate spyware that is, indeed, spying on you. These are commercially available packages that can be used by parents to monitor or control their children's internet use. Is it spyware? Absolutely, it is - it's spying on you. It could be used to do exactly the types of things we're talking about here, on purpose, and it would be a very legitimate use of the technology.
It could also be used by others to do exactly the types of things we're talking about here, also on purpose, but it would be far from a legitimate use - true "spying" in a very malicious sense.
And of course there are other, less legitimate instances of spyware that do the same or worse and really earn the moniker "malware". Perhaps one of the worst I've heard of recently is malware that inserts itself into your system and waits for you to connect to your bank to perform online banking. While you're connected it operates in the background and starts transferring money out of your account, which you don't see while it's happening.
Yes, spyware can be sneaky ... very sneaky.
That's why most tech support folks like myself seem to be constantly harping on anti-malware tools and general education about malware prevention.
It really is that important.
(This is an update to an article originally published in June, 2004.)
Article C1990 - March 19, 2010
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
I know my boss is reading my emails. (dont ask how but its been verified) now that I am aware of it I will be using my home computer more often. It only seems though when I Deleted my emails they are being read. Since I am afaid to delete anything is there a way to get rid of sent messages without hitting my delete?
Posted by: april at September 23, 2007 3:39 AM@April: It's not difficult for your boss to read your emails. It's his computer and he would have administrative privileges for all accounts. He ay even have a keylogger installed (the kind of "good" spyware Leo was talking about.) Never assume privacy on someone else's computer.
Posted by: Mark at March 20, 2010 3:05 PM@Jane: If you think your computer's been hijacked, the safest and I've found the easiest (I'm not saying it's easy but in the long run the easiest) is to copy everything to an external disk, format your hard drive and reinstall everything.
Also stay away from pirate programs. If you calculate the cost of your time cleaning up the trojans and spyware and worms (oh my!). It's probably cheaper to buy than pirate. It used to be possible to get away with downloading programs through torrents but now the % of malware is too high to take chances.
April, you could also use a 'portable' e-mail client and a thumb drive then use it to copy incoming (or send outgoing) email from there.
Posted by: sirpaul1 at March 23, 2010 10:17 AM...Call me Sisyphus.
I've been a careful and grateful reader of Leo's comments on everything he chooses as a topic. But...this Cat-And-Mouse game is not "Tom&Jerry". It seems that the very complexity created by very smart folks to avoid spyware simply creates "challenges" to the spies to find other penetration schemes.
This boulder keeps falling back on me, so, I push it back up that hill.
We who refuse to live in our separate caves will simply have to be constantly vigilant.
Eh, Leo?
Posted by: Charles (Sisyphus) Griffith at March 23, 2010 5:23 PMFor a safer online banking experience you can always boot from a 'Live CD' like Linux Ubuntu or Mint. Not only are you very unlikely to 'catch a bug' with a Linux based operating system, nothing can be written to your Live CD as it is 'Read Only'. I use Mint myself. It is very good at detecting hardware and quite easy to use. Of course websites that require Internet Explorer are another matter!
Posted by: JustInspired at March 30, 2010 8:25 AM