1. Field of the Invention
The present invention relates to key logging and spyware protection systems. More particularly, the invention relates to an automated system which protects passwords, user identifications, uniform resource locators (URLs), accounts, credit card numbers, social security numbers, personal identification numbers, e-mail addresses, and any other sensitive data.
2. Description of Related Art
Keystroke logging or, as it is often known, key logging is a diagnostic tool used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems. Such legal uses, however, are outweighed by the illegal uses of key logging. Such key logging systems are highly useful for espionage, for instance, providing a means to obtain passwords or encryption keys and, thus, bypassing other security measures.
Keystroke logging can be achieved by both hardware and software means. Commercially available systems include devices which are attached to the keyboard cable and are instantly installable but only visible if the user makes a thorough inspection of his machine. Commercially available systems also include devices which can be installed in keyboards and are invisible but require some basic knowledge of mechanics to install. Writing software for key logging is trivial and can be accomplished by novice computer programmers and, like any computer program, is easy to distribute over the internet in the form of viruses, worms, Trojan horses, etc. It is said that using a non-screen keyboard is a way to combat these types of key logging devices but, as is known in the prior art, it only requires a software key logger to recover these keyboard event messages that are sent by a non-screen keyboard using a mouse click and they can be tracked as easily as a normal keyboard. Every software key logger can log the text typed with both onscreen and traditional keyboards.
In addition to key logging software and hardware, there is another broad category of espionage software known as spyware. Spyware is a category of malicious software designed to intercept or take partial control of a computer's operation without the informed consent of that machine's owner or legitimate user. While the term taken literally suggests software that monitors the user, it has come to refer more broadly to software that subverts the computer's operation for the benefit of a third party.
Spyware differs from viruses and worms in that it does not usually self replicate. Like many recent viruses, however, spyware is designed to exploit infected computers for commercial gain. Typical tactics furthering this goal include delivery of unsolicited pop-up advertisements, theft of personal information such as credit card numbers or financial information, passwords, user accounts, and also monitoring of web browsing activity for malicious purposes or rerouting of HTTP requests. As of 2005, spyware was becoming one of the preeminent security threats for computers running Microsoft Windows operating system or Microsoft browsers or any other known browser.
Historically, spyware has grown as the internet has grown. The first recorded use of spyware occurred somewhere in the year 1994. In early 2000, it was realized that advertising software was being installed on systems and the suspected software was stealing personal information.
Spyware behaviors include reporting on websites the user visits, capturing screen activity, capturing logs, monitoring network connections, and monitoring file transfers.
There are many known infection routes. The spyware does not directly spread in the manner of a computer virus or worm, generally. Typically, an infected system does not attempt to transmit the infection to other computers. Instead, spyware gets on a system through deception of the user or through exploitation of software vulnerabilities.
The most direct route by which spyware can get on a computer involves the user installing it. However, users are unlikely to install software if they know that it will disrupt their working environment and compromise their privacy. So many spyware programs deceive the user either by piggy backing on a piece of desirable software or by tricking the user to do something that installs the software without realizing it. Recently, spyware has come to include rogue anti-spyware programs which masquerade as security software while actually doing damage.
Classically, a Trojan horse by definition smuggles in something dangerous in the guise of something desirable. Some spyware programs get spread in just this manner. The distributor of spyware presents the program as a useful utility for the user, for instance as a utility for free games or a memory accelerator for the computer or as a software agent. Users then download and install the software without immediately suspecting that it can cause harm.
Spyware will also come bundled with shareware or other downloadable software, as well as music CDs. The user downloads a program, for instance a music program or a file trading utility, and installs it. The installer then additionally installs the spyware. Although the desired software itself does no harm in most cases, the bundled software does. In some cases, spyware authors have paid shareware authors to bundle their spyware with the software, as with the well-known Gator.
A third way of distributing spyware involves tricking users by manipulating security features designed to prevent unwarranted installations. The Internet Explorer web browser is designed not to allow sites to initiate an unwanted download. However, links can prove deceptive and a pop-up ad may appear like a standard Windows dial-up box. The box contains a message, such as “Would you like to optimize your internet access?”, with links which look like buttons reading “Yes” and “No”. No matter which button the user presses, a download starts. The download places the spyware on the user's system and it can be very difficult to remove this software once it is placed on the user's machine.
Some spyware authors infect the system by attacking security holes in the web browser or another software. When the user navigates to a web page controlled by the spyware author, the page contains code that attacks the browser and forces the download and installs the spyware. The author would also have some extensive knowledge of commercially-available anti-virus and firewall software. The spyware author has known browser exploits. An infected computer can rapidly become infected with large numbers of spyware components. Users frequently notice unwanted behavior and degradation of system performance. Spyware infestation can create significant unwanted CPU activity, disk usage, and network traffic. Spyware can also place key logging software on the computer. Stability issues, such as application or system crashes, are also very common. Spyware, which interferes with the networking software, commonly causes difficulty connecting to the internet. Spyware can place programs that can allow remote users to take control and to download information freely, often infecting the machine.
When Microsoft Windows users seek technical support, whether from manufacturers, help desks, internet service providers (ISP), or other sources, typically spyware infection emerges as the most common cause. In many cases, the user has no awareness of spyware and assumes that the system performance, stability, and/or conductivity issues relate to hardware, to Microsoft Windows installation problems, or to a virus. Some owners of badly infected systems resort to buying an entire new computer system because the existing system has become too slow. For badly infected systems, a clean re-install may be required to restore the system to working order, a time-consuming project nonetheless.
Only rarely does a single piece of software render a computer unusable. Rather, a computer rarely has one infection. As the 2004 AOL study noted, if a computer has any spyware at all, it typically has dozens of different pieces installed. The cumulative affect, and the interactions between spyware components, typically cause the symptoms which are reported by users. The symptoms include slow systems because of parasitic processes running on it. Moreover, some types of spyware disable software firewalls and anti-virus software, and reduce browser security settings, opening the system to further opportunistic infections, much like an immune deficiency disease. There are also documented cases where a spyware program disabled other spyware programs created by their competitors. In recent years, a few spyware vendors, notably When You and 180 Solutions, have written programs that have come to be known as affiliate fraud or click fraud. These redirect the payment of affiliate marketing revenues from the legitimate affiliate to the spyware vendor.
Affiliate marketing networks work by tracking users who follow an advertisement from an affiliate and subsequently purchase something from the advertised website. On-line merchants, such as E-bay and Dell, are among the larger companies which use affiliate marketing. In order for affiliate marketing to work, the affiliate places a tag, such as a cookie or a session variable on the user's request, which the merchant associates with the purchases made. The affiliate then receives a small commission. Spyware, which attacks affiliate networks, does so by placing the spyware operator's affiliate tag on the user's activity. Everyone involved is harmed by this type of spyware. The user is harmed by having their choices thwarted. A legitimate affiliate is harmed by having their earned income redirected to the spyware operator. Affiliate marketing networks are harmed by the degradation of their reputation. Vendors are harmed by having to pay out affiliate revenues to an affiliate who did not earn them according to contract.
Another type of spyware is closely associated with identity theft. Spyware closely associated with identity theft is believed to be made by the makers of the common cool web search (CWS) spyware. A common cool web spyware search had used it to transmit chat sessions, user names, passwords, bank information, etc., but it turned out that it actually is its own sophisticated criminal that is independent of CWS. This case is currently under investigation by the FBI.
Spyware makers may perpetrate another sort of fraud with dialer programs spyware, called wire fraud. Dialers cause a computer with a modem to dial up a long distance telephone number instead of the usual ISP. Connecting to the number in question involves long distance or oversea charges, and this can result in massive telephone bills, which the user must either pay or contest with the telephone company.
Another type of spyware has piggy backed on a more legitimate use of computer technology called cookies. Anti-spyware programs often report web advertiser's HTTP cookies as spyware. Websites set cookies, most times legitimately, to track web browsing activity. For instance, to maintain a shopping cart for an on-line store, a cookie is set and, when the user leaves the website, the cookie maintains the list of items in the shopping cart so that when the user returns they can go back to their shopping cart and continue shopping from where they left off.
Only the website that sets the cookie can access it. In the case of cookies associated with advertisements, the user generally does not intend to visit the website which sets the cookies but gets redirected to a cookie setting third party site referenced by a banner ad image. Some web browsers and privacy tools offer to reject cookies from sites other than the one that the user requested. Advertisers use cookies to track people's browsing among various sites carrying ads from the same firm and, thus, to build up a marketing profile of the person or family using the computer. For this reason, many users object to such cookies and anti-spyware programs offer to remove them.
As the spyware threat has worsened, a number of techniques have emerged to counteract it. These remedies and prevention include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of getting spyware on a system. Nonetheless, spyware remains a costly problem.
Moreover, the unsuspecting computer user may not even be aware that spyware is loaded on their computer and is, thus, vulnerable to all risks of losing security and subjecting themselves to spyware capabilities. Over the last several years, many programmers and commercial firms have released products designed to remove or block software. Some of the common names that you hear in the market today are programs such as Lavasoft's Ad-Aware, Spybot Search and Destroy, and, more recently, Microsoft has released their own version of a spyware blocker.
Anti-spyware programs are capable of combating spyware in two ways. They provide real-time protection, which prevents the installation of spyware, and they also detect and remove spyware that has been loaded onto a user's machine. However, like most anti-virus software, frequent updates are required to actually combat the threat of spyware. As new spyware programs are released, anti-spyware developers discover and evaluate them and make signatures and definitions which allow the software to detect and remove the spyware. As a result, anti-spyware software is of limited usefulness without a regular source of updates.
If a spyware program is not blocked and manages to get itself installed on a machine, it may resist attempts to terminate or uninstall itself. Once a spyware loads its dynamic link libraries (DLLs) into the memory of a computer, they can be very difficult to remove and require expert intervention to be removed. In addition, users are tricked by the malicious programmers who have released numbers of fake anti-spyware programs, and widely distribute these fake anti-spyware programs over the internet with fake warnings that computers have been infected and various other marketing ploys.
Lastly, in recent years, there has been a dramatic increase in identity theft because of these vulnerabilities, and other vulnerabilities such as viruses and Trojan horses. Large corporations are themselves vulnerable to these threats. These same large corporations have databases of our personal information that include users' names, addresses, social security numbers, drivers' license numbers, credit card histories, medical records, and financial information. Over the last four years, companies such as Lexis Nexis, Visa, and other large corporations have been attacked by hackers who have commandeered one or more of their databases to gain access to thousands and thousands of personal files of the many users of these services. Afterward, Federal and company investigators look to find out what happened and what caused the security breach. However, after the information is stolen, there is nothing that they can do to get it back from distribution in criminal networks. In one instance, a database known as Choice Point Incorporated said that it had been commandeered and had the personal information of 145,000 Americans compromised by thieves posing as small business customers.
It is foreseeable that as more spyware achieves greater sophistication in the coming years, the need for a secure mode of storing data would be preferred. It would be a technical advantage if the program could allow users to retrieve information without storing the password. It would be a further technical advantage if the users' stored data could be encrypted with that same unstored password, known only to the user. Lastly, it would be a technical advantage if there is a useful security method of utilizing user entered data to develop a security wall which cannot be penetrated unless a user knows the unique code.