July/August 2003  Volume 29, Issue 5
July/August 2003 Issue
   Format for Printing        Send Feedback
e-Definitions with Mark Tamminga: Invasion of the Computer Snatchers
Pestilential programs are turning the Web into a toxic swamp for the unwary.

So, you're cruising around the Web, minding your own business. You poke around half a dozen sites. Exploring. Following your whims. Perhaps even sparing a moment to marvel at the sheer technical triumph of it all. Or maybe not. Whatever. It just seems to work.

Until one day you find that your Internet Explorer home page has been changed to what purports to be a search site and a weird new toolbar has been added to the top of your browser. That's odd, you think. Wonder how that happened? You change your home page back to what it was. But the fix doesn't stick and, strangely, pop-up and pop-under ads now proliferate like some freak illness. You put up with it for a while, puzzled about this ominous turn. Then things get really bad. Your browser sessions crash routinely and, eventually, your whole system becomes a rickety, unreliable mess. You plunge into uncomprehending despair, trapped in a world you never made.

You've likely caught a case of Xupiter, a reprehensible, scurrilous, vile piece of software that has slipped its foul code onto your system. Not satisfied with simply hijacking your browser, Xupiter also tracks your habits and sends private information about you back to the pit from whence it came.

It also tries to make itself fiendishly difficult to uninstall, but more about that later.

Driveby Downloads
How could this happen? How could something so nasty invade your machine without you knowing about it? Simple: Your operating system and browser were built from the ground up with little regard for security. Xupiter's demented, but very bright, designers exploit the fact that Microsoft Windows and Internet Explorer come with weak and confusing default security settings that open the door wide to abusive code. From the malicious programmer's perspective, it's almost like you're asking for it.

All it takes is a visit to a confederate Web site or the opening of a Xupiter-laced pop-up ad for Xupiter to slip an ActiveX control onto your machine. ActiveX controls are little programs that can assist greatly in making the Web a lively, interesting place. But they can also really make a hash of things because, in the end, they are programs -- and programs can do anything their programmers design them to do, like take over your whole freaking machine.

So take a moment to override some of the Internet Explorer defaults. Open up Internet Explorer, go to Tools-Internet Options and hit the Security tab. Then press the Custom Level button. Now, make sure "Download signed ActiveX controls" is set to Prompt. The next two options, "Download unsigned ActiveX controls" and "Initialize and script ActiveX controls not marked as safe" should both be set to Disable. You may get some squawking from IE (it wants to run those ActiveX controls and may throw pesky little messages at you), but be firm. This isn't the full solution, but it will help.

Pests: Malware/Adware/Spyware
First it was viruses, then spam, now this. Malware, malicious software, is metastasizing alarmingly. Our wonderful information playground has been turned into a toxic swamp of tacky carnival barkers and traps for the unwary. Of course, this kind of malignant cleverness isn't exclusive to Xupiter; this stuff is lurking all over the Net. Generically referred to as pests, malware differs from viruses in that it can be even sneakier and is designed to steal data rather than destroy it.

Gator, for instance, slinks onto your system and then helpfully offers to remember your username, password and credit card number. Some of this personal data is aggregated and sold. Gator also installs OfferCompanion, spyware that silently tracks your browsing behavior and adjusts its assault on your privacy accordingly.

Almost everyone is affected by this wretched stuff (though Mac users are spared the worst of it). Indeed, if you have teenagers in the house and you've let them loose with your computer, chances are that they've eagerly downloaded one of the peer-to-peer file-sharing utilities like Kazaa, Grokster or Morpheus in order to score pirated music. It's just what kids do. These products are riddled with ride-along malware that gets downloaded when installing the software. So intertwined is some of this noxious code that any attempt to remove the malware can actually disable the file-sharing utility. But, hey, it's just file-sharing companies trying to make a buck.

It's likely that just about any Internet-connected system has some kind of malware infestation aboard. If you care about your privacy or the health of your computer, you're going to want to get rid of it. A Google search on "malware" will give you dozens of helpful step-by-step remedies for pest removal, but most of these self-help fixes require mucking around in the Windows Registry, which is a lot like sticking a fork in a live toaster.

This is a job best left to the pros. And there are plenty of pros out there that can safely wipe out pestilential software. Ad-aware ( www.lavasoft.de/software/adaware), PestPatrol ( www .pestpatrol.com) and Spybot ( http:// security.kolla.de) are good examples of free spyware removers that rapidly examine your entire system looking for known offenders. They then offer to either quarantine or kill the reprobates. Each remover is fairly effective, but because malware is mutating so ferociously, you might want to try several different applications. And because it's an arms race, you'll want to keep your anti-malware tools updated.

The alternative is an invasion of the computer snatchers.

Mark Tamminga ( mark.tamminga@gowlings.com) practices law and fiddles with software at Gowling Lafleur Henderson LLP in Toronto. He is the coauthor of The Lawyer's Guide to Extranets (ABA, 2003).