Spyware finally moved from "simply annoying" to the top of my "Things I Hate Most About the Internet" list. Low lifes messing with my daughter's computer pushed me over the edge.
At its most benign, spyware simply tracks a user's Web surfing to help target annoying banner and pop-up advertisements. At its worst, spyware can monitor keystrokes, harvesting login names, passwords and other confidential information of interest to cyber criminals. And to add insult to the injury, spyware can slow your computer to a crawl.
Spyware frequently finds its way onto a computer in a "drive-by download" without the computer user's knowledge when they visit an offending Web page. Spyware may also be installed, or "bundled," with free consumer software games, peer-to-peer file-sharing programs, customized tool bars and other attractive software. With bundled spyware, the only notice given to the user is buried deep in the seldom-read fine print of the software license agreement.
Drive-by-downloads and bundled spyware installations are so indiscriminate that an unprotected computer ends up with multiple copies of the offending code. Like cockroaches inside a wall, each copy runs in the background, invisible to the user. The more spyware installed, the more time the computer spends running spyware tasks and less time running the software you want to use. The end result? Computer gridlock.
My daughter's experience is an excellent example of spyware anarchy. Recently she complained about slow response and poor performance of her Windows XP computer. The computer isn't the latest and greatest a hand-me-down, custom-built 600 MHz Pentium III. But it's certainly fast enough to handle a high school student's homework, Web surfing and Internet Messenger chats.
Suspecting spyware was the problem, I installed a copy of PestPatrol (www.pestpatrol.com). PestPatrol's scan of the computer was astounding, identifying 5,262 instances of spyware files and registry entries! Most of the items were spyware associated with four programs popular with today's younger crowd. But there were enough drive-by downloads to fill the parking lot at the local shopping mall.
The fix was easy enough. First, I set PestPatrol to monitor and block any background spyware processes. After restarting the computer, we noticed an immediate improvement in the computer's speed and responsiveness.
Next, I had PestPatrol remove all the spyware it had found on the computer. Because of the huge number of spyware files, this turned out to be an all-night job.
I've used PestPatrol for the past 2 years on my Windows XP computer and have been quite happy with its performance. I certainly can't explain why I never installed anti-spyware software on my daughter's computer. I feel like the cobbler whose children go without proper shoes.
Unfortunately, PestPatrol was recently bought by Computer Associates and you can no longer download a free, full-featured, 30-day free trial. Fortunately, two other anti-spyware programs are available free for the download Adaware SE (www.lavasoftusa.com) and Spybot Search and Destroy (www.safer-networking.org).
I installed both Adaware and Spybot alongside PestPatrol on our two Windows XP computers and put them through their paces. All three programs provide on-line software and spyware definition updates. And all three do a credible job finding and deleting spyware. Spybot, however, came out on top in my analysis for several reasons.
First, unlike PestPatrol, Spybot is free. Next, like PestPatrol, Spybot provides real time protection against spyware attacks, a feature that only comes with the paid version of Adaware. Spybot also has the best tutorial and help system of the group. Finally, Spybot reports on the nature of the spyware found were the most informative, including providing pertinent privacy language from any license agreements associated with the spyware.
Spyware is drawing increasing attention from industry groups and government agencies. Dell Computer has teamed up with the Internet Education Foundation to establish the Consumer Spyware Initiative at GetNetWise (spotlight.getnetwise.org/spyware). The site provides an excellent, plain language overview of spyware issues and how to minimize your risk. The site includes tips on how to recognize a spyware infection, tools for removing spyware, and how to report spyware to the authorities.
The National Cyber Security Alliance (NCSA) (www.staysafeonline.info) and the CERT Coordination Center (www.us-cert.gov) declared October "National Cyber Security Awareness Month." The NCSA estimates that 90 percent of all computers are infected with spyware. Their Web site provides an educational self-guided computer security test and the NCSA's Top 10 Cyber Security Tips.
The Federal Trade Commission (FTC) recently took legal action against a company that purposefully infected computers with spyware that interfered with the computer's normal operation. The spyware also generated pop-up ads in an attempt to sell the company's anti-spyware software to its victims.
To minimize your risk of spyware, the FTC recommends that you:
- Update your operating system and Web browser software with the latest patches to close holes in the system that spyware could exploit.
- Download free software only from sites you know and trust.
- Don't install any software without knowing exactly what it is. Take the time to read the end-user license agreement before downloading any software. Think twice about installing the software if the license agreement is hard to find or difficult to understand.
- Minimize "drive-by" downloads by making sure your browser security setting is high enough to detect unauthorized downloads (at least the "Medium" setting for Internet Explorer)
- Don't click on any links within pop-up windows. If you do, you may install spyware on your computer.
- Close pop-up windows by clicking on the close box in the title bar.
- Don't click on links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.
- Install a personal firewall to stop uninvited users from accessing your computer.
Stocking Stuffer?
Help make computing safer for someone you know this holiday season. Save copies of Spybot, ZoneAlarm (www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=nav_za), and the GetNetWise, NCSA and FTC security tips on an inexpensive USB flash drive (128 MB drives are under $25) and stuff it in their stocking.
Contributing Editor Michael Blotzer, MS, CIH, CSP, is an occupational hygiene and safety professional, writer and computer enthusiast who brakes for animals on the information superhighway. He can be reached by mail addressed to Occupational Hazards, by fax at (309) 273-5493, or by e- mail at [email protected].