How to Be "Spywary": It's More Software Than You Bargained For/ October 29th, 2008
So you've downloaded the latest antivirus software, you filter your e-mail, and you browse the Internet responsibly. Your PC (personal computer) must be relatively secure, right? Think twice before you answer that question. Outsiders can access personal information from your own computer files—without your knowledge. Dubbed "spyware," these stealthy programs covertly gather information about your personal browsing habits and online activities or harvest your personal files and then sell this data to advertisers for marketing purposes. While spyware developers assert that tracking an individual's computing behavior is harmless and actually benefits the consumer by enabling targeted marketing, consumer advocates contend that spyware is an intrusive violation of privacy. "Anything that comes onto my computer without me asking for it or giving permission for it is a violation of my rights," argues Ken Dwight of Houston, who is widely recognized as "The Virus Doctor" for his expertise regarding "malware," short for malicious software. Furthermore, consumer advocates, like Dwight, note that the crafty nature of this spying software makes it difficult to identify. "Spyware doesn't even want you to know it's there in the first place," Dwight says. "The big problem today is that you don't have any reliable way of knowing where it came from." According to Consumer Reports, 850,000 people replaced their computers as a result of spyware infections from January to June 2007. That said, it's not always necessary to replace your PC. Answers to the following questions may help you understand spyware and secure your PC and your privacy.
How can I tell if my computer has been infected with spyware?Spyware is a form of malware, but is not designed to harm the computer or the computer user. Spyware basically parks itself somewhere in your PC and collects information about your computing habits, such as the Web sites you visit, the time you spend online, and the types of programs you install on your computer. The infiltration is surreptitious, so you may not even recognize it exists. Even so, spyware frequently causes PC performance issues that provide warning signs indicating its presence. For instance, if your computer behaves sluggishly (especially when connected to the Internet), if your browser's start-up page or other browser settings have been changed without your knowledge, or if random windows or ads continue to pop up, there is a good chance spyware or other variants have been installed in your system. Those variants may include:
- Trojans: Malware that surreptitiously performs tasks—like allowing a remote user to control someone's PC over the Internet.
- Keyloggers: Types of trojans that track all keys a user types and sends those logged keystrokes to a remote user—used to capture personal information such as passwords, account numbers, and even your mother's maiden name for identity theft purposes.
- Browser hijacker: Malware that uses a feature in Microsoft Internet Explorer to install plug-ins that change the home page and other settings on a Web browser.
Spyware has become a persistent problem because it is a profit-driven activity.
- Adware: Software that displays ads and is capable of reporting surfing behavior to advertisers.
- Parasiteware: Malware that is sneakily included with another program—usually hidden in the host software's End-User License Agreement (EULA).
How did spyware enter my computer?Spyware can enter your system through several methods: Direct installation: This occurs when a consumer unsuspectingly installs a malicious program advertised as something useful—for instance, the software may claim to enhance your Web browser. Also, spyware can be directly installed when a consumer fails to carefully read the software's EULA before clicking, "I Agree." Piggybacking: Some spyware is attached to benign (and often free) software programs installed by the computer user. The benign software installs on your system and—automatically—spyware from the third party vendor installs as well. Security holes: Known security flaws in Internet Explorer have allowed spyware to infiltrate PCs that regularly use Internet Explorer as a search engine. Internet Explorer has built-in mechanisms, such as ActiveX, that allow mobile code to be downloaded to your machine. Once in your system, the mobile code can perform an endless number of functions from your PC.
How can I avoid spyware?In testimony presented to the U.S. House Subcommittee on Commerce, Trade, and Consumer Protection, Jeffrey Friedberg, director of Microsoft Windows Privacy, stated: "Spyware and other deceptive software share a common theme: They use ambiguity, coercion, deceit, and outright trickery to lure or even force users to execute or install unwanted and often invasive programs." Considering this array of deceptive weaponry, is there any way to prevent spyware or other forms of malware from infecting one's PC? Most important, experts say, PC security is a matter of user education. Experts offer these tips to avoid spyware and other deceptive software:
- Be sure your browser security level is set to at least medium (for Internet Explorer click on Tools, Options, and then Privacy). Keep in mind, however, that security settings higher than medium may make Web sites less usable.
- Try using a different Web browser. Browsers such as Opera (commercial software with free download) and Mozilla (open source and free) are immune to the automatic installation flaws in Microsoft Internet Explorer and always prompt the user before downloading and installing software.
- Never accept downloads from people or companies you don't know or trust, and don't wander into Web sites with questionable content. Sites offering free downloads of popular music and software or pornography often are loaded with deceptive software.
Spyware infiltration is surreptitious, so you may not even know it has been installed on your PC.
- Beware of peer-to-peer file sharing services. Many of the most popular applications include spyware.
- Thoroughly investigate any software you intend to install. Read all disclosures, EULAs, "Terms and Conditions," and privacy statements carefully before you click "Accept," "Agree," or "OK."
- Remove all unwanted, unnecessary, or suspicious-looking software from your computer. However, Dwight advises PC users to run a GoogleTM search on any unfamiliar software before you remove it to make sure you don't delete essential computer programs.
- Keep Windows and any other regularly used software up-to-date, by running all the latest patches and fixes from Windows Update.
- Get a firewall. This software sits between your computer and the Internet and helps block unauthorized access to your computer. Download Zone Alarm's firewall for free.
I think my computer already is infected with spyware—what now?Some spyware applications offer standard uninstallation programs—check in the add/remove program module in the Windows Control Panel. Other spyware software is more complicated to remove. Consequently, an entire industry of anti-spyware and spyware removal software has popped up in response to spyware's omnipresence. Here's a list of popular spyware removal software (all are free except the final two, as indicated). Keep in mind, however, that none of these programs guarantees the removal of all spyware applications:
- Spybot Search and Destroy: Leader in software removal, but slightly difficult to use.
- Ad-aware: Easy to use and very popular. Designed to remove spyware and browser cookies.
- Hijack This!: Restores browsers whose settings or home pages have been "hijacked."
- CW Shredder:Finds and removes browser hijackers like CoolWebSearch. Created by the company that designed Hijack This!
- SpywareBlaster and Microsoft's Windows Defender are free programs that can help combat spyware.
- Visit download.com to check ratings of spyware removal programs.
- Trend Micro Anti-Spyware:Recommended by Consumer Reports. Costs about $30.
- Pest Patrol: Software that searches your entire PC for hidden programs. Costs about $30.
Spyware infections caused 850,000 people to replace their computers in the first six months of 2007.