HOME & FAMILY FINANCE
Welcome to your one-stop financial information center
How to Be "Spywary": It's More Software Than You Bargained ForLiz Brady
So you've downloaded the latest antivirus software, you filter your e-mail, and you browse the Internet responsibly. Your PC (personal computer) must be relatively secure, right? Think twice before you answer that question. Outsiders can access personal information from your own computer files—without your knowledge.
Dubbed "spyware," these stealthy programs covertly gather information about your personal browsing habits and online activities or harvest your personal files and then sell this data to advertisers for marketing purposes.
While spyware developers assert that tracking an individual's computing behavior is harmless and actually benefits the consumer by enabling targeted marketing, consumer advocates contend that spyware is an intrusive violation of privacy. "Anything that comes onto my computer without me asking for it or giving permission for it is a violation of my rights," argues Ken Dwight of Houston, who is widely recognized as "The Virus Doctor" for his expertise regarding "malware," short for malicious software.
Furthermore, consumer advocates, like Dwight, note that the crafty nature of this spying software makes it difficult to identify. "Spyware doesn't even want you to know it's there in the first place," Dwight says. "The big problem today is that you don't have any reliable way of knowing where it came from."
According to Consumer Reports, 850,000 people replaced their computers as a result of spyware infections from January to June 2007. That said, it's not always necessary to replace your PC. Answers to the following questions may help you understand spyware and secure your PC and your privacy.
How can I tell if my computer has been infected with spyware?
Spyware is a form of malware, but is not designed to harm the computer or the computer user. Spyware basically parks itself somewhere in your PC and collects information about your computing habits, such as the Web sites you visit, the time you spend online, and the types of programs you install on your computer. The infiltration is surreptitious, so you may not even recognize it exists.
Even so, spyware frequently causes PC performance issues that provide warning signs indicating its presence. For instance, if your computer behaves sluggishly (especially when connected to the Internet), if your browser's start-up page or other browser settings have been changed without your knowledge, or if random windows or ads continue to pop up, there is a good chance spyware or other variants have been installed in your system.
Those variants may include:
- Trojans: Malware that surreptitiously performs tasks—like allowing a remote user to control someone's PC over the Internet.
- Keyloggers: Types of trojans that track all keys a user types and sends those logged keystrokes to a remote user—used to capture personal information such as passwords, account numbers, and even your mother's maiden name for identity theft purposes.
- Browser hijacker: Malware that uses a feature in Microsoft Internet Explorer to install plug-ins that change the home page and other settings on a Web browser.
- Adware: Software that displays ads and is capable of reporting surfing behavior to advertisers.
- Parasiteware: Malware that is sneakily included with another program—usually hidden in the host software's End-User License Agreement (EULA).
Spyware has become a persistent problem because it is a profit-driven activity.
How did spyware enter my computer?
Spyware can enter your system through several methods:
Direct installation: This occurs when a consumer unsuspectingly installs a malicious program advertised as something useful—for instance, the software may claim to enhance your Web browser. Also, spyware can be directly installed when a consumer fails to carefully read the software's EULA before clicking, "I Agree."
Piggybacking: Some spyware is attached to benign (and often free) software programs installed by the computer user. The benign software installs on your system and—automatically—spyware from the third party vendor installs as well.
Security holes: Known security flaws in Internet Explorer have allowed spyware to infiltrate PCs that regularly use Internet Explorer as a search engine. Internet Explorer has built-in mechanisms, such as ActiveX, that allow mobile code to be downloaded to your machine. Once in your system, the mobile code can perform an endless number of functions from your PC.
How can I avoid spyware?
In testimony presented to the U.S. House Subcommittee on Commerce, Trade, and Consumer Protection, Jeffrey Friedberg, director of Microsoft Windows Privacy, stated: "Spyware and other deceptive software share a common theme: They use ambiguity, coercion, deceit, and outright trickery to lure or even force users to execute or install unwanted and often invasive programs." Considering this array of deceptive weaponry, is there any way to prevent spyware or other forms of malware from infecting one's PC? Most important, experts say, PC security is a matter of user education.
Experts offer these tips to avoid spyware and other deceptive software:
- Be sure your browser security level is set to at least medium (for Internet Explorer click on Tools, Options, and then Privacy). Keep in mind, however, that security settings higher than medium may make Web sites less usable.
- Try using a different Web browser. Browsers such as Opera (commercial software with free download) and Mozilla (open source and free) are immune to the automatic installation flaws in Microsoft Internet Explorer and always prompt the user before downloading and installing software.
- Never accept downloads from people or companies you don't know or trust, and don't wander into Web sites with questionable content. Sites offering free downloads of popular music and software or pornography often are loaded with deceptive software.
- Beware of peer-to-peer file sharing services. Many of the most popular applications include spyware.
- Thoroughly investigate any software you intend to install. Read all disclosures, EULAs, "Terms and Conditions," and privacy statements carefully before you click "Accept," "Agree," or "OK."
- Remove all unwanted, unnecessary, or suspicious-looking software from your computer. However, Dwight advises PC users to run a GoogleTM search on any unfamiliar software before you remove it to make sure you don't delete essential computer programs.
Spyware infiltration is surreptitious, so you may not even know it has been installed on your PC.
- Keep Windows and any other regularly used software up-to-date, by running all the latest patches and fixes from Windows Update.
- Get a firewall. This software sits between your computer and the Internet and helps block unauthorized access to your computer. Download Zone Alarm's firewall for free.
I think my computer already is infected with spyware—what now?
Some spyware applications offer standard uninstallation programs—check in the add/remove program module in the Windows Control Panel. Other spyware software is more complicated to remove. Consequently, an entire industry of anti-spyware and spyware removal software has popped up in response to spyware's omnipresence.
Here's a list of popular spyware removal software (all are free except the final two, as indicated). Keep in mind, however, that none of these programs guarantees the removal of all spyware applications:
- Spybot Search and Destroy: Leader in software removal, but slightly difficult to use.
- Ad-aware: Easy to use and very popular. Designed to remove spyware and browser cookies.
- Hijack This!: Restores browsers whose settings or home pages have been "hijacked."
- CW Shredder:Finds and removes browser hijackers like CoolWebSearch. Created by the company that designed Hijack This!
- SpywareBlaster and Microsoft's Windows Defender are free programs that can help combat spyware.
- Visit download.com to check ratings of spyware removal programs.
- Trend Micro Anti-Spyware:Recommended by Consumer Reports. Costs about $30.
- Pest Patrol: Software that searches your entire PC for hidden programs. Costs about $30.
What other solutions are being considered?
Spyware has become a persistent problem because it is a profit-driven activity. "There was never any real, positive intent other than to make money," says Dwight. Currently, anti-spyware programs are the only technical defense against spyware, so some spyware experts contend that stopping spyware proliferation will require legal action.
But recent legislative attempts to regulate spyware haven't been succesful. The U.S. House of Representatives passed the Internet Spyware (I-SPY) Prevention Act in May 2007, but the Senate has yet to vote on the bill. A similar bill, the Spy Act, also remains stalled in the Senate.
However, some spyware experts doubt the effectiveness of legislative attempts to control deceptive software. "It won't do any good at all—it's absolutely worthless," Dwight says. He notes that the very nature of spyware makes it difficult for authorities to track who and where spyware comes from. Furthermore, Dwight attributes the futility of legislative measures to the fact that many spyware applications are created in foreign countries by writers who cannot even be penalized under U.S. law. In his opinion, legislative efforts to control spyware are "just a way of politicians getting their name in the paper."
Microsoft has publicized a strategy that involves public and private sectors in the fight against spyware and other misleading software. "This strategy," Friedberg announced in his testimony, "has four prongs: widespread customer education, innovative technology solutions, improved industry self-regulation, and aggressive enforcement under existing state and federal laws. Legislation could complement this strategy, but we believe it should be carefully crafted to target the bad behavior—not the underlying technology," he said.
Microsoft is also part of the Anti-Spyware Coalition, a group of companies, academics, and consumer groups dedicated to building consensus and establishing best practices in the debate surrounding spyware and other potentially unwanted technologies. Google, HP, and Dell are among over 40 members of the Coalition.
Whatever the future holds for spyware and its deceptive software counterparts, for the present, PC users will be forced to cope with and adapt to these undesirable intruders. Because the sponsors of spyware will undoubtedly continue to adapt their deceptions, the best advice to users is to maintain vigilance and keep informed about remedies.
Pay careful attention to what windows pop up on your screen. If you have the slightest doubt that's it's not legitimate, press "Alt-F4" or close the window through the task manager. To access this, right-click on the taskbar at the bottom of the screen and select "Task Manager" or press "Ctrl+Shift+Esc". Under the tab "Applications", select the title of the pop-up and press "End Task".
Avoid clicking on the "X" in the upper right-hand corner of the window—sometimes, the entire pop-up is infected, so clicking anywhere on the window will launch the spyware. Likewise, do not choose "OK" or "Close".