Adware is any computer program that displays advertisements while the application is running. Advertisements appear in a web browser, pop-up windows, special toolbars or within the host program. Adware also can gather information about user’s habits and interests and send it out through a background Internet connection. Such behavior allows adware vendors to deliver targeted advertisements to the end user and collect general statistics.
Adware is divided into parasitical and legitimate applications. Illegal advertising programs are very similar to spyware parasites and often have some of their functions. They can be installed without explicit user consent and work all the time a computer is on. However, they are less dangerous, because most of such parasites are primarily intended to collect user’s personal information for marketing and advertising, but not for criminal purposes.
Legitimate adware applications are harmless. They do not track user activity or record any vital information about the user and use an Internet connection only to receive advertisements. Lots of reputable advertising-supported products, such as Opera web browser or Eudora mail client, fall into this category. Vendors of these products use advertising as a legal revenue model that allows to distribute high-quality commercial software for free.
Adware parasites differ from regular viruses. They do not spread by themselves and usually must be installed as any other software with or without user content. There are three major ways unsolicited adware program can get into the system.
1. Some adware vendors deceive the user by presenting a particular adware as a useful tool, for example, a powerful web search service or fast download manager. Users download and install such programs. However, practically all of them appear to be either completely useless or ineffective. Although in most cases users can uninstall these products, main adware components may stay in the system and remain fully functional.
2. Lots of free, advertising-supported or shareware products such as Kazaa or Exeem are bundled with small add-ons needed by the host program to work properly. These add-ons actually are third-party spyware parasites or adware components. Uninstalling the host application not always removes bundled adware. This distribution method is most common for widely spread parasites.
3. Some illegal advertising applications can get into the system using Internet Explorer ActiveX controls or exploiting certain web browser vulnerabilities. Their vendors run insecure web sites filled with malicious code or distribute unsafe advertising pop-ups. Whenever the user visits such a site or clicks on such a pop-up, harmful scripts instantly install a parasite. The user cannot notice anything suspicious, as a threat does not display any setup wizards, dialogs or warnings.
It is known some dangerous adware parasites often can be dropped by specific spyware, worms or trojans. Adware affects mostly computers running Microsoft Windows operating system. However, reputable advertising-supported software can be also found on other popular platforms.
- Continuously serves commercial advertisements and displays pop-ups.
- Installs advertising toolbars, additional adware programs or undesirable third-party software.
- Creates numerous links to advertising resources, places desktop shortcuts to marketing sites, adds bookmarks to the web browser’s Favorites list.
- Tracks user’s web browsing habits, gathers information about user’s interests, records addresses of visited web sites, logs taken actions and sends some or all collected data to a remote server.
- Degrades overall system performance. Some adware parasites are badly programmed, they waste too much computer resources and cause software instability.
- Updates itself via the Internet and often does not provide the complete uninstall feature.
There are plenty of different adware parasites. The following examples illustrate typical adware behavior.
BargainBuddy is an example of a typical adware parasite. Few years ago this threat and its variants were installed on thousands of computers around the world. BargainBuddy isn’t very dangerous, as it is initially designed to display advertisements and pop-ups. However, it also doesn’t hesitate to log addresses of visited web sites or record keywords the user enters into various online search fields. BargainBuddy adware silently updates itself through a background Internet connection. Such function may cause serious security issues. Furthermore, the parasite attempts to obstruct its removal. Its uninstaller leaves main adware components in the system, so that the threat can be automatically reinstalled later without user knowledge.
Prevalent GAIN adware by its functionality is very similar to BargainBuddy. It displays advertisements, collects information about the user and sends it to home servers. GAIN is also known for background downloads of unsolicited arbitrary programs and system instability issues caused by some of them. Users who have GAIN installed on their computers often complain about decreasing system performance and constantly appearing new processes.
nCase is yet another infamous adware parasite. It displays large amount of undesirable advertisements and pop-ups and collects information about a computer and user’s browsing habits. However, these are the most harmless nCase functions. The parasite also captures user’s e-mail messages, steals identity data, downloads and runs arbitrary code and causes multiple system stability problems. nCase uninstaller leaves main adware components in the system, so the threat can be fully reinstalled without user consent.
Completely different adware is WeatherBug. It is a legal advertising-supported program that provides weather forecasts and other similar information. It displays built-in advertisements only while the program itself is running. This adware doesn’t violate user privacy, doesn’t affect system performance or overall security level. WeatherBug can be easily uninstalled. No suspicious components stay in the system.
As it was said above adware parasites are quite similar to spyware threats and therefore cannot be removed with the help of popular antivirus products. To remove them special anti-spyware tools (spyware removers) should be used. These programs scan the system in similar way as antivirus software. However, they have special parasite signature databases, which allow them to detect and eliminate most spyware and adware threats. Powerful spyware removers include real-time monitors that prevent the installation of known risks and unauthorized system modification.The most effective and popular anti-spyware programs are Spyware Doctor, Microsoft AntiSpyware Beta, Spybot - Search & Destroy, Ad-Aware SE, SpyHunter, eTrust PestPatrol.
In some cases even a spyware remover can fail to get rid of a particular parasite. That is why there are Internet resources such as 2-Spyware.com, which provide manual spyware and adware removal instructions. These instructions allow the user to manually delete all the files, directories, registry entries and other objects that belong to a parasite. However, manual removal requires fair system knowledge and therefore can be a quite difficult task for novices.
Not all adware programs (even if they track some personal information) are bad and needed to remove immediately.