The present invention provides tools and techniques for detecting particular types of spyware. A Google request to “define: spyware” produced the following definitions (the hyperlinks given in the definitions have been disabled and are not intended to be active, pursuant to USPTO policy in MPEP §6080.01 (VII)):
Definitions of spyware on the Web:
                Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else . . . .        www dot tjiss dot net/glossary_s.html        Software that sends information about your Web surfing habits to its Web site. Spyware is often installed without the user's knowledge or explicit permission in combination with a free download.        www dot spywaredetection dot org/spyware-glossary.htm        Just like Adware, except that the software abuses its ability to monitor the users activity.        www dot elearners dot com/resources/advertising-glossary.asp        gathers information about Internet users without their knowledge or consent and delivers that information to advertisers or others who have access to the information. Users can get spyware in their systems by downloading certain programs or in the form of a virus.        www dot broadbandinfo dot com/internet-connections-101/glossary/default.html        A general term for a class of software that monitors the actions of a computer user. This software falls into a number of categories: Software that may be installed legitimately to provide security or workplace monitoring, software with relatively benign purposes that may be associated with marketing data collection and software that is maliciously installed, either as a general violation of a user's privacy or to collect information to allow further attacks on their computer or online . . . .        www dot parliament.vic.gov dot au/sarc/E-Democracy/Final_Report/Glossary.htm        Software that monitors the activities of a user, more information . . . .        www dot cryer.co dot uk/glossary/s/        Spyware often installs as a third-party component bundled with a freeware or shareware application, just like adware, making the distinction between the two somewhat vague. Spyware includes code used to gather and transmit information about the user or his or her behaviour to a third party. This statistical data often is collected without the knowledge or consent of the user.        www dot zdnet.co dot uk/print/        A general term for a program that surreptitiously monitors your actions. While they are sometimes sinister, like a remote control program used by a hacker, software companies have been known to use Spyware to gather data about customers. The practice is generally frowned upon.        www dot visiontm dot com/Spy/Glossary.htm        Spyware is a computer program which can be installed on personal computers (usually without the permission from the owner) and has the purpose of collecting information and sending it back to another source—usually an Internet marketing or pornographic website.        www dot netalert.net dot au/01990-Glossary.asp        Any application that may track a person's or organization's online and/or offline PC activity and is capable of locally saving or transmitting those findings to third parties, most often without their knowledge or consent.        www dot targetonline dot com/sics/283069305261710.bsp        Programs that, when installed on your computer, change settings, display advertising, and/or track Internet behavior and report information back to a central database. Spyware sometimes installed unintentionally by users along with other wanted software, and can be very hard to remove. Also known as malware.        http://www dot techlearning dot com/content/outlook/itguy/2003/6-26.html dtp.epsb.net/glossary.htm        A somewhat vague term generally referring to software that is secretly installed on a users computer and that monitors use of the computer in some way without the users' knowledge or consent.        www dot jahadesign dot com/glossary.htm        is an Internet term for Advertising Supported software or Adware. It is a way for shareware/freeware software developers to make money from a software product, other than by selling it to the users. There are several large media companies that offer them to place banner ads in their products in exchange for a portion of the revenue from banner sales. This way, you don't have to pay for the software and the developers are still getting paid . . . .        www dot drdcomputer dot com/spywaredef.htm        Installs and gathers information from a computer without permission, and reports the information to the creator of the software or to one or more third parties. It provides the consumer with little or no control over removing the software. Spyware can change system settings, install keystroke loggers, collect and report consumer's personal information, use computer processing capacity without permission, and deliver spam or ads without consumer's notice and consent.        ths dot gardenweb dot com/faq/lists/comphelp/2005011632014938.html        Spyware is any software or program that employs a user's Internet connection in the background (the so-called “backchannel”) without their knowledge or explicit permission. Silent background use of an Internet “backchannel” connection requires a complete and truthful disclosure of backchannel usage, followed by the receipt of explicit, informed consent for such use. If permission is not obtained, the act is considered to be information theft.        www dot nve.vt dot edu/cias/Resources/glossary.htm        Installs itself onto a computer when a user clicks on a website containing spyware. The software then monitors visited websites and records habits of the user, sending it back to a main website.        www dot slais.ubc dot ca/courses/libr500/04-05-wt2/www/B_Olmstead/Glossary.htm        Spyware is potentially more dangerous beast than Adware because it can record your keystrokes, history, passwords, and other confidential and private information. Spyware is often sold as a spouse monitor, child monitor, a surveillance tool or simply as a tool to spy on users to gain unauthorized access. Spyware is also known as: snoopware, PC surveillance, key logger, system recorders, Parental control software, PC recorder, Detective software and Internet monitoring software.        www dot geekpatroloncall dot com/spyware.html        computer software that obtains information from a user's computer without the user's knowledge or consent        wordnet dot princeton dot edulperl/webwn        Spyware is a broad category of malicious software intended to intercept or take partial control of a computer's operation without the user's informed consent. While the term taken literally suggests software that surreptitiously monitors the user as a spy would, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party.        en dot wikipedia dot org/wiki/Spyware        
These definitions are helpful, but it should be noted that the term “spyware” as used herein to describe the present invention is not entirely consistent with them. For instance, the drdcomputer dot com definition treats adware and spyware as meaning the same thing, which is not consistent with the use of “spyware” herein when describing the present invention. As explained below, the present invention presumes that if some code's activity is apparent to a user, through the display of the computer the user is using, for instance, then the existence of that code can be detected without requiring the present invention. The type of spyware of greatest interest herein behaves surreptitiously, so its presence goes undetected unless the present invention (for instance) is used to detect it.
Accordingly, in connection with the prior art, “spyware” is a broad term that may include adware, browser hijackers, and other unwanted software that openly modifies a computer's output in some way not desired or intended by the user. In connection with the present invention, however, “spyware” is defined more narrowly. Unless expressly stated otherwise, “spyware” then means surreptitious spyware, e.g., spyware that monitors user activity without openly changing a machine's behavior in a manner readily apparent to the machine's user. Adware and browser hijackers are not spyware in this sense because they openly change a computer's behavior. The broad term “malware” means spyware (surreptitious or not), viruses, worms, Trojans, adware, and other unwanted software put on a computer without the user's informed consent, which inconveniences the user and/or harms user data, reputation, or other valuable resources.
Conventionally, efforts have been made to identify spyware by using tools and techniques originally developed to identify software viruses. For instance, a catalog of signatures of known viruses/spyware can be used to identify instances of such code. Signatures and other familiar spyware detection techniques are not necessarily mutually exclusive with the present invention.
Code has also been characterized as spyware based on its behavior. For instance, it has been said that “Unsolicited HTTP network activity is a telltale sign of adware and spyware, because those types of infections use HTTP connections to download and display advertisements in a browser.” www dot nuker dot com slash hunterslog 22051205 dot php. Silent downloading, installation, and/or execution of code without user knowledge or consent has been viewed as a characteristic of spyware, according to Sunbelt Software's CounterSpy software documentation; see the “Overview: Understanding Spyware” document submitted with the present application. See also paretologic dot corn slash resources slash detection_criteria dot aspx, and other documents submitted with the present patent application. However, a need remains for additional specific tools and techniques for detecting surreptitious spyware.
Other aspects of technology, discussed herein or previously known to those of skill in the art, may also be helpful in understanding the present invention.