Stay Away from Spyware!
By Brett Burney
Apparently at least 91 percent of computer users today are heeding this oft-repeated advice. According to a July 2005 report ( http://www.pewinternet.org/pdfs/PIP_Spyware_Report_July_05.pdf) from the Pew Internet & American Life Project ( http://www.pewinternet.org/), 91 percent of Internet users say they have made at least one change in their online behavior to avoid unwanted software programs. That statistic is amazing and wonderful. It has been a long battle, but maybe, finally, average PC users are starting to win the fight against undesirable spyware, adware, and malware.
But the fight isn’t over. The report also states that 43 percent of Internet users surveyed admitted that they had at least one “spyware” or “adware” program on their computers. Even that statistic may be a bit conservative because it may have been the first time many respondents had even heard those terms and their definitions. Suffice it to say that unwanted spyware is still a big problem. Such a universal problem, in fact, that Congress is currently wrangling to pass some form of an antispyware bill.
Spying on Spyware in the U.S.A.
The legislative frontline in the battle against spyware is still forming, but the current bills are targeting software that intentionally accesses a computer system without authorization. While Congress explores the situation, the states are digging trenches as well. The great New York State Attorney General Eliot Spitzer brought a suit ( http://www.oag.state.ny.us/press/2005/apr/apr28a_05.html) this past April (2005) against one of the “nation’s leading Internet marketing companies” alleging that they had secretly installed spyware and adware on “millions” of home computers. Mr. Spitzer claimed that “these fraudulent programs foul machines, undermine productivity and in many cases frustrate consumers’ efforts to remove them from their computers.”
What kind of effect these shots will have on spyware is anyone’s guess, although the company involved in the New York suit (Intermix) is scheduled to settle and just recently was purchased by Rupert Murdoch’s News Corp. ( http://tinyurl.com/bfyha). Strange but interesting bedfellows indeed.
And back at the federal level, no one really know knows how successful the Congressional actions will turn out after they change and morph their way through the usual hoops on the Hill. The sole thread that weaves through all of this information is the fact that no one can really put a finger on exactly how spyware should be defined. And the so-called spyware companies couldn’t be happier.
Define and Be Kind
Googling a definition of spyware returns an overwhelming list of links. You’ll find an excellent and lengthy Wikipedia entry ( http://en.wikipedia.org/wiki/Spyware) and a couple of more concise definitions from Whatis.com ( http://searchcrm.techtarget.com/sDefinition/0,,sid11_gci214518,00.html) and Webopedia ( http://www.webopedia.com/TERM/s/spyware.html). One of my favorite explanations of spyware is from Spywareguide.com ( http://www.spywareguide.com/txt_intro.php).
The idée fixe that you’ll find in all of these definitions is that spyware is installed on your computer without your authorization. From there, the definitions branch out into subclassifications like malware and adware. The definition is so illusory, in fact, that the Anti-Spyware Coalition ( http://www.antispywarecoalition.org/) has just wrapped up a public comment period for their consensus document entitled “Spyware Definitions and Supporting Documents” ( http://www.antispywarecoalition.org/definitions.pdf) (comments were due August 12, 2005).
Although the “official” definition of spyware is still in limbo, many experts have generally agreed on some standard depictions. The actual term “spyware” is commonly used in a broad sense to cover a wide range of software that can be found on your computer. But the term “spyware” is better used only to address software that actually does some “spying.” Examples of this include software that can monitor activity on a PC, or a “keystroke logger” that can record everything someone types on a computer, including a password. In addition, spyware used in its narrower sense refers to software that secretly gathers this kind of information and either stores it for later viewing or sends it off to an interested party.
“Adware” is usually a little less malicious. Have you experienced numerous “pop-ups” when you surf the Internet in Microsoft’s Internet Explorer? Though we still may refer to those pop-ups as “spyware,” they are more legitimately called “adware” because they are usually hocking some product or service—an advertisement. Although this can be incredibly annoying, adware may not necessarily be gathering or sending information; unless you actually click on one of the advertisements.
Lastly, “malware” is just a shortened version of the phrase “malicious software.” The term is usually reserved for the most malicious and sneaky forms of spyware that cannot be traced or uninstalled from your system (even if you can find them and uninstall them, they can usually reinstall themselves on a reboot).
The Color of Spyware Is Green
There is one reason that spyware exists: it makes money. Even though it appears that 91 percent of Internet users today are more aware of spyware, people still click and install applications that bog down their systems and report their surfing habits to hungry advertisers.
We used to be so concerned with viruses. And although everyone that surfs the Internet should absolutely be running antivirus software, spyware has become the latest obsession. One of the main reasons is that people really don’t make money on viruses—it’s more a show of power than anything else. But when cyberpunks use their virus-writing skills to help get spyware installed on computers “under the radar,” it can be a money-making situation for both sides. Hidden spyware applications that can stealthily report back where users surf the Internet become goldmines for advertisers anxious to get their products in front of the right people.
What incentive, then, do spyware hustlers have in agreeing on a definition of spyware? They are safe as long as they claim that they are involved in legitimate marketing techniques. But the minute that someone defines spyware as unlawful, they see their profit margins dropping considerably. To their credit, some “known” spyware companies are starting to turn a new leaf and have started informing users about their hidden software. As you can imagine, their user base drops quickly when this happens. They are shooting themselves in the feet, and I suspect that not every spyware company is going to follow suit.
Protect Your Cyber Borders
Contrary to the belief of many “innocent” PC users, spyware rarely installs itself by magic. It arrives on your computer because you visited an infected website without protection; you downloaded a file sharing application or some cute smiley-face icons; or you clicked on a pop-up that said you were infected with spyware and you should click “here” immediately to clean it off. And while there will never be a foolproof way to protect your computer from user ignorance, there are several fixes for the main issues mentioned above.
First and foremost, you could just stop using Microsoft Windows. Other operating systems like Apple and Linux don’t have to deal with the same cornucopia of spyware issues that Windows has to face every day. While I don’t think junking Windows is the ultimate answer, I had to put in a plug for the alternatives.
If you are using Windows, there’s a good bet that you surf the Internet on Microsoft’s Internet Explorer. The latest version includes a built-in pop-up blocker ( http://www.microsoft.com/windowsxp/using/web/sp2_popupblocker.mspx). It’s not the most advanced utility, but it sure helps a lot. To get it, however, you have to make sure your computer is upgraded with the latest fixes and security patches from Windows Update ( http://windowsupdate.microsoft.com). Internet Explorer’s pop-up blocker will decrease the number of devious pop-ups that you may see, but I would still never recommend that you click on any pop-up box. If it’s an interesting ad from JC Penney, then close the pop-up box and manually go to JC Penney’s website on your own.
As far as downloading file-sharing applications or other miscellaneous software—do so at your own risk. The fabled Kazaa music and file-sharing application had its heyday in the aftermath of the Napster takedown, but many users did not know that Kazaa secretly installed spyware on their machines. You can read a personal account of dealing with Kazaa on the New York Times website ( http://tech2.nytimes.com/mem/technology/techreview.html?
While you are becoming hyperconscious of your surfing habits, purchase a good firewall application (even if you have a hardware firewall in your network router). Good firewalls can be found in a variety of so-called “Internet security suites” from Symantec (Norton) ( http://www.symantec.com/sabu/nis/nis_ase/) and McAfee ( http://us.mcafee.com/root/package.asp?pkgid=144&cid=12155). One of my favorites is ZoneAlarm ( http://www.zonelabs.com/store/application?namespace=zls_
One of my favorite articles on shooting down spyware is from columnist Steve Bass at PCWorld.com. His “Spyware Wrap-Up” article ( http://www.pcworld.com/howto/article/0,aid,118215,00.asp) highlights a few of the “big hitters” in the antispyware world, including Ad-Aware ( http://www.lavasoft.com/) and Spybot Search and Destroy ( http://www.safer-networking.org/en/index.html).
Be Safe and Spyware Free
Unfortunately, you have to deal with spyware if you surf the Internet. Knowledge is power, however, so take some precious time to educate yourself on how to recognize spyware and how to rid your poor computer of the plague. You may not even know that you are infected until you notice that your computer has become despairingly slow or you can’t surf the Internet because of all the pop-up boxes. Whatever the case, it is worth your time to do a little research to know the risks you face and how to fix your computer when the worst happens.
Brett Burney is the practice support technology supervisor at Thompson Hine LLP ( http://www.thompsonhine.com) in Cleveland, Ohio. He authors monthly legal technology columns for LLRX.com and Law.com, and regularly reviews products for Law Office Computing magazine. You can email him at Brett.Burney@ThompsonHine.com.