Computer users face a new and growing threat to security and privacy. This threat is not in the form of direct attacks by viruses or hackers, but rather by indirect infiltration in the form of monitoring programs surreptitiously installed on computers. These monitoring applications are called spyware, and serve to record and transmit a user's computer uses and behaviors to third parties. Frequently used by marketers to harvest customer data for segmentation and targeting purposes, spyware can serve to direct targeted advertising to user's computers. Spyware is often legally used since installations can be authorized as part of the licensed "clickwrap" agreement that users agree to when downloading free utility and file sharing programs from the Internet. In some cases, spyware is installed as part of legitimate computer applications provided by business to their customers, to provide updating and communicative functionality to application users. It appears that the ability to monitor remotely and communicate with computers is an opportunity attractive enough to attract the attention of third parties with non-legal intentions. This article focuses on the roles and functions of spyware, its use in both legitimate and non-legitimate ways, and a range of preventions and protections for avoiding and removing spyware that has been installed on end user computers.