Archive for Sunday, May 30, 2004

Spyware invasion

Computer software tracks users’ online activities

May 30, 2004


Computer viruses are rampant and spam is epidemic. But the fastest-growing Internet malady is spyware, and chances are your computer is infected.

Spyware is software that secretly forwards information about your online activities to a company or person without your knowledge or permission. In most cases, it is used to display advertising and is relatively benign.

As spyware programs accumulate, however, they can bog down your machine and its Internet connection. The most virulent forms can steal personal information.

Some experts say that up to 90 percent of computers online contain spyware. The situation is bad enough that Congress is considering a law banning stealthy software practices. And Internet service providers such as Earthlink have begun offering subscribers free spyware scans and removals.

In the first three months of Earthlink's offer, scans of more than 1 million hard drives found an average of 28 spyware installations per PC.

What are the symptoms?

The computer becomes unstable or crashes frequently.

Your system seems sluggish and slow to respond to simple tasks.

You see unusual processes running on your PC when you check the Windows Task Manager by pressing Ctrl-Alt-Delete. But be warned: Many spyware programs have official-sounding names such as "winsafeboot" to keep you from disabling them.

Your modem shows extraordinary activity even after you've closed e-mail and other Internet applications.

Pop-up ads are appearing in rapid-fire succession and with increased frequency no matter where you go or what you're doing.

How do you get infected?

You may get spyware when you download files, view a junk e-mail attachment, accept a file during instant messaging or view a Web page that initiates a download.

Teenagers and music fans are particularly susceptible because many peer-to-peer file-sharing programs, including KaZaA, contain "freeware" programs that install along with the main application.

The best way to avoid spyware is to "be aware any time anything prompts you to download," says Daniel Sullivan, president of, a computer tech support company. "You've got to be very, very careful about exactly what you're installing."

In most cases, users grant permission for the infection by accepting the end user license agreement, which may contain wording such as "third-party software may be installed along with this application."

Spyware/adware programmers often create the false impression that a download is necessary for some chore. For example, you receive an e-mail saying someone has sent you a greeting card and directing you to a Web site to see it. The Web site asks you to install a "greeting card viewer program," which is actually spyware.

Programs help ID spies

Several companies will scan your computer for known spyware and adware, but in most cases cleaning your hard drive will require the purchase of one of their products. Some exceptions are:

  • Lavasoft AD-aware ( A highly-regarded scanning and cleaning program. The company also sells a feature-rich version.
  • Spybot Search & Destroy ( Consistently judged one of the top programs of its kind. Spybot roots out even the most shifty adversaries.
  • X-Cleaner Micro Edition ( A "lite" version of XBlock's flagship commercial product detects and removes the most common spyware.

¢ Keep an anti-virus program running and up to date. Most of the latest versions detect spyware.¢ Set your browser's security settings on medium or high. When they're set on low, a drive-by download can occur without any alert.¢ Regularly run spyware scans and use the latest updates. Spyware programmers "deliberately change the code to avoid being caught by filters," Sullivan says.¢ Software firewalls such as the free ZoneAlarm ( can be set to notify you when spyware attempts to "phone home" from your PC.

Free hard-drive scans to find spyware are available online. Be aware that some will report browser cookies as "adware cookies" or "spyware cookies." Cookies -- small text files stored in your browser -- are not always bad.

"In many cases, cookies ... help you navigate Web sites," says Vincent Weafer, director of Symantec's Security Response Center. But poorly-made cookies, he says, can contain passwords and other personal information you have entered on Web site forms. Some online scanning programs:

  • PestScan ( This program does a competent job of identifying suspect software and pinpointing its location. For cleansing, the company markets PestPatrol for $39.95.
  • Spy Audit ( A stripped-down version of the $30 Spy Sweeper removal tool, Spy Audit displays a graph of your exposure to spyware.
  • Spyware for Macintosh computers is fairly rare, but several companies are making scanners for Apple operating systems. They include MacScan for Mac OS Classic and Mac OS X (


Adware and adware cookies:

Adware is any software application that displays advertising banners in the interface, then sends data back to a third party without permission. Adware cookies are a mechanism that allows a Web site or software to record a user's surfing habits without that user's knowledge or consent.

Drive-by download:

Spyware that tries to load each time you visit a particular Web page. As a security measure, your browser will persistently ask if you want to install the program, and many people simply relent under the onslaught. Other spyware downloads are invisibly injected onto hard drives by Web pages or e-mail.

Keystroke loggers:

A system monitor that makes a record of a user's keystrokes, which can help in the theft of personal information, including banking passwords, Social Security numbers and other critical data.


Any software that covertly gathers information about a user, usually for advertising purposes. Once installed, spyware monitors a user's activity on the Internet and transmits that information in the background to someone else. The worst versions are used to steal credit-card numbers and commit identity theft.

System monitors:

Programs that record all user activity, including where a user visits online.


Software applications that appear harmless but help steal personal information by allowing hackers unrestricted access through an Internet connection.

Commenting has been disabled for this item.