Print

Print


[log in to unmask] has recommended this article from
The Christian Science Monitor's electronic edition.


Click here to read this story online:
http://www.csmonitor.com/2004/0329/p14s02-stin.html

Headline:  Is your computer spying on you?
Byline:  Gregory M. LambBy G.M.L. Staff writer of The Christian Science
Date: 03/29/2004

It's sometimes called the "new spam." It slips right through firewalls
and antivirus programs, riding the coattails of legitimate programs
you've chosen to download from the Internet. In its more common and
benign forms, it will send you pop-up ads targeted to your interests
and clog your computer's memory. At its most malicious, it can steal
your passwords and credit-card numbers, maybe even let a remote user
take over your computer.

It's spyware, a broad term for programs that hide on users' computers
without their knowledge. It has become so pervasive that both federal
and state governments are looking into ways to prevent or at least
regulate it.

While it's hard to tell the share of computers that have been infected
with spyware, estimates run as high as 95 percent. One popular spyware
detection program, Spybot Search and Destroy, lists nearly 800 spyware
programs that it can find and remove.

While most of the spyware found on computers appears relatively benign
so far, experts suggest users take measures to protect themselves (see
list page 17).

Children online can be especially vulnerable because they may have less
technical savvy and frequently download so-called peer-to-peer software
from the Internet, often called freeware or shareware.

"One of the ways these programs end up on people's computers is that
they can be bundled with other free applications they download, which
can include file-sharing applications, screen savers, or other kinds of
free utilities," says Michael Steffen, a policy analyst at the Center
for Democracy and Technology (CDT) in Washington, D.C.

Kazaa, a widely used music- swapping program that has been downloaded
270 million times, has carried at least 12 kinds of hidden spyware at
various times over the past two years, according to a recent study at
the University of Washington in Seattle.

But with the exception of pop-up ads or slower operations, users may
not notice anything happening when spyware programs are present,
experts say. And the programs often apply a legal fig leaf by asking
for consent to be installed as part of a lengthy EULA (End User License
Agreement) that many users OK without reading.

In Congress, a bill to battle spyware sponsored by Sens. Barbara Boxer
(D) of California, Ron Wyden (D) of Oregon, and Conrad Burns (R) of
Montana recently joined one filed in the House last July by Rep. Mary
Bono (R) of California. They aim to ensure that users know when
programs are being installed on their computers, so that they can
refuse them if they wish, and that spyware that is installed is just as
easily removed. The Federal Trade Commission would enforce compliance.

The FTC has already announced that it is holding a spyware workshop in
Washington on April 19 to gather information about the problem.

In addition, the Utah legislature has sent a bill regulating spyware to
the governor for his signature. Iowa and California have also
considered bills to prevent spyware.

"The Internet is a window on the world, but spyware allows virtual
Peeping Toms to watch where you go and what you do on the Internet,"
Senator Wyden said in a statement about the Senate bill, called the
Spyblock Act.

"The FTC is beginning to look at the extent to which these applications
are unfair and deceptive, and we think that's a really good thing," Mr.
Steffen said in phone interview. "We think a lot of these [spyware]
programs already represent violations under existing fraud statutes or
under other laws."

Although new legislation may have a role to play, Steffen says any
solution must also include educating the public, and self-regulation
within the industry.

"The spyware and adware stuff comes in from all over, and it's really
as dangerous as a virus," says Roger Thompson, vice president for
product development at PestPatrol in Carlisle, Pa., a maker of
antispyware software.

Along with imposing pop-up ads and collecting data about users, spyware
can change computer settings without users' consent, change users'
Internet home pages, or send them to counterfeit versions of familiar
websites, where they are enticed to give out personal information.

"Keystroke loggers" record and transmit every key hit by the user,
which could include such sensitive items as passwords and credit-card
numbers. And they may have a "backdoor" capability, that allows an
outside party to plant new programs on the computer at any time, Mr.
Thompson says in a phone interview.

Perhaps most insidious, some spyware comes attached to programs
advertised to remove spyware from a computer. That's why it's important
to obtain antispyware programs from a reputable source, experts say.
The CDT has sent a letter of complaint to the FTC against one company
that it says was using spyware to change computer users' home pages
without their consent and then telling users that they should buy an
antispyware program to protect themselves.

Spyware is sometimes confused with cookies. Cookies are pieces of data,
not an application, used by a website to record information about
users' visits. Most browsers on most computers have cookies installed
by sites to help them access the sites more easily and quickly, such as
remembering login or registration IDs, user preferences, or "shopping
cart" information. Cookies can raise privacy issues, but they are not
considered spyware.

But even relatively innocent programs that only display ads can be the
source of more serious problems. The University of Washington study
looked for just four of the most common spyware programs - Gator,
Cydoor, SaveNow, and eZula - on 31,303 computers on the university's
system. It found that 5.1 percent of the computers had at least one of
the four installed on it, despite the fact that the vast majority of
the machines were protected by a network firewall intended to keep out
viruses and other malicious intruders.

The study also found security flaws in Gator and eZula that meant they
could be "hacked" into by a third party to become more malicious and
possibly even take control of a computer.

"This potentially means that there are tens of millions of computers
with these programs on them that might be vulnerable to ... attacks,"
says computer scientist Steven Gribble, who helped conduct the study.
Gator has since patched its program to prevent such an attack, he says.

"I'm glad the government is getting involved," Gribble says by phone.
"I'm optimistic that legislation will help, but I'm pessimistic that it
will solve the problem. My suspicion is that it's going to get worse."

How to protect yourself from spyware

Future legislation may help reduce spyware. But computer users can also
take action now to protect themselves. Among the suggestions from
experts:

* Think before you click. Download software only from sources you
trust. Never download programs offered in pop-up ads.

* Understand what you are downloading. Read the End User License
Agreement or other explanatory material, which may contain wording that
gives your consent to spyware being loaded onto your computer.

* Install and run trustworthy anti-spyware software. Spybot Search and
Destroy is one favorite of experts and is free at www.download.com.

The Center for Democracy and Technology also mentions AdAware (also
free at www.download.com), Spyware Eliminator, and BPS Spyware/Adware
Remover.

Other reliable products such as PestPatrol (www.PestPatrol.com, $40)
may cost money (though PestPatrol has a free trial version that will
detect, but not remove, spyware). Internet providers such as Earthlink
and AOL are also beginning to offer antispyware programs to their users.

* If you encounter spyware that bothers you, report it to the FTC.

SOURCES: CDT, Monitor research





(c) Copyright 2004 The Christian Science Monitor.  All rights reserved.

Click here to email this story to a friend:
http://www.csmonitor.com/cgi-bin/send-story?2004/0329/p14s02-stin.txt

The Christian Science Monitor-- an independent daily newspaper providing
context and clarity on national and international news, peoples and
cultures, and social trends.  Online at http://www.csmonitor.com

Click here to order a free sample copy of the print edition of the Monitor:
http://www.csmonitor.com/aboutus/sample_issue.html

_________________________________________________________________________

                    -- ADVERTISEMENT --

Sign up for the Monitor News Alert to be notified of special war coverage.
http://www.csmonitor.com/email