Truth 43 Somebody’s watching me
By now, you most certainly have heard the term spyware and might even know a little about it. But did you know that, in addition to showing you ads you didn’t want to see and collecting marketing information about your Web surfing habits, some spyware is malicious and identity thieves can use it to harvest your every keystroke, including your name, credit card numbers, and any other personally identifying information you type?
There are three main types of spyware.
The biggest problem with spyware is that most users install it without even knowing.
Information gatherer—This type simply runs in the background on your computer tracking your Web-browsing habits. Every site you visit is logged, and that information is relayed back to a master site on the Internet. This is all done transparently and, with the exception of slowing down your computer, most people never have any idea it is happening. In the “legal” version, this software should not transmit confidential information.
Ad generator—This monitors every site that you visit and generates pop-up ads when you visit certain sites. For example, if you visit a site selling gardening tools, the software might generate a pop-up for another site selling gardening tools. Most of the time users just assume the pop-up was generated by the Web page they were visiting and don’t realize it was really created by this spyware. In other cases, this software actually modifies Web pages as they are being displayed. When this happens, words throughout the Web page start becoming hyperlinks to other pages. For example, if the word tools is found in the text on the Web page, it now becomes a link that, when clicked, takes you to another site that sells tools.
Malicious spyware—While most spyware is annoying, this type is truly dangerous. This software is designed to capture your every keystroke. So when you visit an online banking application, the username and password that you type in are recorded. Or when you enter a credit card number to pay for a purchase online, that information is being recorded. Then that data is automatically transferred from your computer to a master site waiting to receive the data. This collection and transfer happens without your knowledge. Also, this type of software might search your hard drive looking for files known to contain confidential information and might even steal cookies from your computer, which contain personal information.
The biggest problem with spyware is that most users install it without even knowing. In Internet Explorer 6, when you visit a Web site that attempts to send you a software script known as ActiveX, you receive a security warning that tells you the site is attempting to install and run an ActiveX script and asks if you want to let it run. Often the developers of the spyware code it so that, instead of listing the name of the script being listed in the warning dialog box, they create a warning that reads something like this: “This program will allow you to visit this site securely; select Yes now to continue.” Most people agree to run the code without realizing they are giving permission to install software that might contain spyware. Users who are more paranoid may select No. In that case, the site has been designed to go into a loop bringing the user directly back to the security warning again. Each time the user selects No, the site just tries again. Because people can’t get out of the loop, they generally give up and finally select Yes. If you find yourself stuck in one of these loops, press the Esc key on your keyboard over and over while you click the No button on the screen to stop the loop.
In many cases, spyware is bundled with free software that you can download. Screen savers and peer-to-peer file-sharing programs often contain spyware. In fact, when it comes to screen savers, it’s rare that one doesn’t contain some type of spyware. And many times the spyware is truly malicious.
When it comes to peer-to-peer file sharing, there is often a level of deception that takes place. One of the most popular applications has a notice on the Web site that says, “No Spyware.” You might think this notice means they do not put spyware on your computer. In reality, however, if you read the fine print, you see that a number of programs are being placed on your computer that are defined by most as spyware. While I will give the application credit for listing what is being installed in the license agreement, it is still deceptive to the end user.
So what can you do to avoid spyware?
Whenever a Web site prompts you with a security warning to install and run software, you should always select not to install it unless you are absolutely certain what the software is doing. “No” should be your default answer for everything.
While some free software can be useful, much of the free software on the Internet is dangerous. It could contain malicious code, which might put your confidentiality at risk. If you are not certain about the software you are downloading, it is best to err on the side of caution and choose not to install it.
Now that I have turned you off of free software, let me tell you about two free applications that are truly great for removing spyware (although Microsoft does provide a free spyware blocking program—Windows Defender).
Spybot Search & Destroy—Searches through your computer, notifies you, and removes just about all potential spyware. It is highly recommended that you read the user manual before attempting to run this software. (www.safer-networking.org.)
Ad-Aware 2008 Free—Searches through your computer, notifies you, and removes all potential spyware. (www.lavasoft.com/products/ad_aware_ free.php.)