Article Preview
TopIntroduction
Malware (‘mal’, a Latin root meaning ‘bad’) is a generic term for any software created with malicious intentions, including spying. Views vary about what types of software are included under the umbrella term ‘spyware’. The term ‘spyware’ includes adware, key loggers, trojans, hijackers, dialers and malware (Garrie, Griver & Joller, 2010; Stafford & Urbaczewski, 2004). In contrast, it is not uncommon to find discussions treating adware and spyware as separate terms (Chien, 2005). While these terms refer to software with quite specific functions, other terms such as ‘malware’ are more generic and refer to any malicious software including viruses and worms, and these are usually treated as a separate category to spyware (Australian Government, 2006). The review of literature showed that most authors concur with this view. In short, viruses and worms are about causing destruction, damage or inconvenience to their victims, while spyware is about surreptitious information mining, data theft and exploitation of stolen data. This is the general distinction that will be utilised in this paper.
Spyware works by existing in background processes from which they perform their designed ‘mal’ functions. A variety of ‘mal’ functions exist, but in general, all engage in user or system monitoring, data gathering, and secret communications with a third party over the victim’s Internet connection. Software that is, or that contains, spyware is acquired in many ways, and the significant growth of public use of the Internet since the early 2000s has meant that increasingly, spyware can be acquired through users simply clicking on links found in websites, in emails (Sophos, 2013) and on social networking platforms (Wüest, 2010). Spyware has evolved over time into increasing levels of sophistication and consequent hazard to the victims.
Whilst computers and the Internet have reached widespread popularity only in recent decades, there appears to have been no substantial or significant breakthrough in human factors studies within this context since the Theory of Reasoned Action (TRA) in 1967, or the Technology Acceptance Model (TAM) in 1986. As a result, much of the scholastic literature concerning user motivations and technology use that rely on these models is not specific to addressing spyware proliferation (Boldt, 2007) and academic research has been parsimonious. In the already established Theory of Planned Behaviour (TPB) model, a factor called ‘perceived behaviour control’ is shown to be capable not only of influencing behavioural intentions, but also capable of directly influencing usage behaviour, that is, conscious intention is bypassed. It is important to recognise that what is being studied in this paper is fundamentally a facet of human behaviour around technology. A study of this nature may lead to the lowering of spyware proliferation globally by assisting both users and organisations alike. Current defences against spyware include user avoidance actions such as refraining from downloading free software, and installing antispyware detection and removal software. However, what needs to be explored are contributory factors to users’ calculation of risk probability that ultimately lead to the action of downloading and installing potentially spyware-infected software.