Check Your Viral Load for Bugs

I use and can recommend one of the filters mentioned in this article, Ad Aware. By way of improving your online experiences, I can also recommend an anti-spam filter I recently installed, SpamNet.

Check Your Viral Load for Bugs

Wired, 02:00 AM Apr. 14, 2003 PT

Is your computer stuck in first gear? Does it cough and sputter and crash more often than usual? And, by chance, are you seeing an unusually high number of pop-up ads?

If so, it's possible your machine harbors one or more programs known collectively as spyware, nasty little intruders that combine the worst features of e-mail viruses and spam into one package.

Like spam, spyware co-opts bandwidth in an attempt to sell you something. And just like viruses, spyware can slow down your computer, alter its settings without your permission, monitor your every move and transmit personal information about you to snoops.

Spyware isn't new to the Internet, but it is becoming more prevalent. According to a December 2002 report from research firm GartnerG2, more than 20 million people now have spyware, also known as adware, lurking on their machines, and those numbers are rising rapidly.

Some security experts warn that spyware, not viruses, is the biggest threat facing computer users. Whereas most businesses have set up filters to fend off known viruses contained within attachments -- and some users are learning not to click on attachments at all in order to avoid getting hit -- few casual users even know about spyware.

"Spyware is the next frontier of nastiness," said Marquis Grove, of security news site Security News Portal. "You may not know it, but you've probably got dozens of little nasty applets sitting on your system, reporting on your every move to some faceless, nameless corporate entity."

Spyware typically tracks users' travels across the Internet, and regularly reports that information back to the spyware's mothership.

Armed with that data, advertisers can send out pop-up or spam ads with "targeted offerings" -- products that users might be interested in based on their surfing habits.

Spyware applications typically contain a component that flings pop-up ads across a user's computer screen, sometimes producing 10 or more ads in a single brief surfing session. That's on top of the pop-ups spewed by the sites that a viewer is visiting. And spyware-produced ads often appear even when users are offline or aren't browsing the Web.

Some of the more infamous spyware applications like Xupiter, NetPal and Lop, have been circulating for a while. Recently, some nasty new programs have joined the arsenal.

The most worrisome of the recent releases is ClientMan, an application that appears to be able to change settings on older versions of the popular free ZoneAlarm firewall program without user consent.

When ClientMan tries to connect to the Internet, ZoneAlarm flashes a warning and asks the user to confirm whether the program should be allowed to connect or not.

Instead of waiting for user approval, ClientMan clicks the Yes button and checks the Always checkbox. Now ClientMan has permission to access the network whenever it chooses.

It appears ClientMan doesn't do much more than fiddle with the firewall, but it may soon be used to report browsing habits. Spyware programs are updated frequently and given evil new abilities by their authors.

NetPal Now, from MindSet Interactive, the same folks who have introduced a slew of other "marketing" programs, adds unwanted bookmarks to Web browsers and icons to computer desktops.

Of course, America Online does much the same thing, dumping a heap of "Free Internet!" shortcuts, bookmarks and icons when users upgrade AOL's free Instant Messenger program.

Spyware trackers note that companies specializing in spam are also often in the spyware business. For example, Xupiter's owners have a long history of sending unsolicited e-mails.

And, like spammers, most companies that distribute spyware insist they offer a useful service that simply alerts potential customers about products they might want to purchase.

They claim they aren't doing anything wrong because everything the software does is spelled out in the End Users License Agreement, which users must initialize before the software is installed.

But EULAs are often so long and complex that many users don't read them closely or fail to understand their meaning.

Mike Healan, who runs SpywareInfo advises users to at least skim EULAs looking for catch phrases like "from time to time," or "we may make your personal information available to our partners and affiliates," and "we will use the information to present you with specials and deals that we believe will interest you."

This sort of language often indicates the software being installed has tracking capabilities.

Legal experts agree that those EULAs probably limit any court action users could take against spyware producers, but also feel that the programs "fly just under the legal radar," according to Harvey Jacobs, an attorney specializing in Internet law.

"Spyware should be illegal," said Jacobs. "It is far worse, in my opinion, than viruses."

He thinks that while spyware would "be a ripe area for class action litigation," it might be difficult to argue such a case in court.

"Actual damages may be difficult to prove," Jacobs explained. "How much is your online privacy worth?"

Putting a price on individual privacy is difficult, but money is the sole reason that spyware exists.

Many of the major file-trading programs include spyware as a way to recoup the costs of developing their free file-trading applications. Spyware distributors pay to have their programs included with file sharing and other popular applications.

Spyware can also lurk on websites. Programs that offer to install themselves by way of a pop-up window when you visit a site are often spyware, despite the fact that the pop-up attests the offered program is a useful utility or essential for viewing the site properly.

Healan advises users not to click Yes when they are asked whether they want to download and install an application, unless they have specifically gone to the site in search of software. Even then, they should make sure they know and trust the source of the software.

Antivirus software does block the activation of some but not all spyware. A few companies are beginning to come out with dedicated spyware detection and removal programs.

But many of the best spyware removal tools are developed by anti-spyware advocates and are offered at no cost or for a small fee.

SpyBot Search & Destroy identifies and removes an incredibly long list (read it and weep) of spyware programs and other nasty little applications. SpyBot is free.

Lavasoft's renowned Ad Aware doesn't handle as many issues as Spybot, but is perhaps a bit easier for Internet newbies to use. Lavasoft offers a free version of the program.

Most spyware programs will fight frantically against any removal efforts, so automated removal programs are helpful to those who don't enjoy spending time re-configuring the innards of their operating systems.

Scanning a system for spyware isn't a one-shot deal either. Users may find that regular checks reveal a surprising number of these sneaky little spies taking up residence in their computers.

"It's a never-ending battle," sighed Frank Ferlin, a graphic designer whose computer had been infested with Xupiter last month.

"It's like dealing with an anorexic," he said. "My computer binges on all this garbage, gobbling up cookies and all this other crap. I purge it, and soon the cycle begins again."

You may manage Weekend Readings by visiting www.analects-ink.com, or clicking the commands below:

p Subscribe to Weekend Reading

p Unsubscribe to Weekend Reading

p Add a friend or colleague to the list of Weekend Reading recipients