Experiencing computer trouble? Any crashes lately? It could be Gremlins. No seriously, it could! And the one we're talking about today comes with a name and a reputation that makes spam seem nothing more than a minor headache. We're talking… SPYWARE. Sounds a little spooky, doesn't it? Though it can come to us maliciously, it's usually a bit more subtle and hard to detect. Maybe that's why it also uses something a bit more innocuous and pleasant sounding such as the word, cookies. Before you start smelling the lovin' from the oven, let's take a look at what we're talking about. For certain, these are not the cookies you remember from home.

Cookies are small packets of information placed on your computer by web sites you visit. They may contain and provide identifying information about you to the web sites that place them on your computer, along with any other information the site wants to retain about your visit. To an extent, cookies allow us to traverse the internet with greater convenience and speed as it personalizes the visit. Passwords, preferences and personal information are stored and sent from your computer to the web site.

How are cookies used?
Typically, when shopping online, a product is selected and placed in the cart. Before completing the sale, the user may decide to price comparison shop at other sites. The online store can choose to save information about the products in the cart on the user's computer, so when they access the site later, they can finish the sale if they choose.

In the next example of how cookies are used, keep in mind this is where we lose consensus about the innocuous cookie, because the information gained about our preferences can be used for online targeting ads. It's rationalized that web sites must generate revenue to pay for its overhead expenses in order to continue to service users. Additionally, untargeted and obtrusive ad campaigns don't carry the same money making umph as targeted and directed campaigns. Though they may or may not know my name and address, they certainly know from watching where I've been and what I buy that I like Ray Charles--and they profit from this information. Garnering this information without my expressed permission is spyware.

John C. Dvorak, PC Computing, reported in his October 11, 2004 article that the House of Representatives had just passed the Internet Spyware Prevention Act. The proposed federal law will eventually make it illegal for companies to install spyware of any kind - in all its forms. I agree; it's convenient when my password pops up when accessing a site, but as Mr. Dvorak also underscores in his article, "Whose idea was this anyway?" A better solution exists. According to Ari Schwartz, Associate Director of the Center for Democracy and Technology, a privacy-advocacy group, "failure to properly address spyware and users will not want to use the Internet for commerce, for government services, for interaction with other people. We'll lose the great potential of the Internet."

What is Spyware?
Steve Gibson, Gibson Research Company, is to Spyware developers what Ralph Nader is to those that profit from polluting the environment. Steve's definition of spyware is the best I've read by far: "Spyware is any software which employs a user's Internet connection in the background (the so-called "backchannel") without their knowledge or explicit permission. Silent background use of an Internet "backchannel" connection must be preceded by a complete and truthful disclosure of proposed backchannel usage, followed by the receipt of explicit, informed, consent for such use. Any software communicating across the Internet absent these elements is guilty of information theft and is properly and rightfully termed: Spyware." Here's a few more examples of awful Gremlin names: Adware, Spies, Cookies, Key Loggers, Parasites, Trojans, Worms, Dialers, Browser Hi-jacks, etc.

Symptoms of computers infected by Spyware
America Online and the National Cyber Security Alliance conducted a study where spyware was found on 80 percent of participants' computers. According to Tim Lordan, staff director of the Internet Education Foundation, "Often, you don't just have one. You might have a half-dozen or even a dozen that can bring your computer to a screeching halt." Since Earthlink began offering subscribers free spyware scans, they found in the first 3 months of the offer, "scans of more than one million hard drives found an average of 28 spyware installations per PC." The most common type of spyware is known as adware and its main goal is to generate annoying pop-up ads. Another malicious type actually hijacks your browser setting and directs it to dubious search engines from which these developers derive commissions.

Symptoms:
--Endless pop up windows
--Browser is redirected to unwanted web sites
--Unexpected toolbars in your web browser
--New icons in your task tray
--The tab key may fail to work
--Random Windows error messages appear
--Computer crashes frequently
--System seems slow and sluggish to simple tasks

This general list was taken from http://www.spywareonline.org/ and provides you an idea of what to look for the next time you feel Gremlins have invaded. Before you take an ax to your CPU consider: spyware programs are often poorly written and contain bugs and are ever hungry for more of your systems' resources. So, what to do?

Protect yourself and be aware of the freebies
It holds true after all, there's no such thing as a free lunch. Spyware programs are creative and often look like our system files. The most common ways to pick up adware/spyware is to download file sharing software, screen savers, games, music and other free programs. Honestly, how many of you out there actually read the End User License Agreement and how many of you just click through it? Now you'll be encouraged to read carefully for certain. Otherwise, you may actually grant permission for the gremlin to enter by accepting the agreement that contains third party software may be installed wording. Be aware and suspicious anytime anything prompts you to download. Be sure to keep your antivirus updates current and ensure the program is running before you traverse through the Internet. And regularly update and run your spyware scans.

Gremlin search and destroy
Steve Gibson highly recommends Lavasoft who developed a freeware spy removal utility as well as offers a fully featured version by the name of Ad-aware. This was personally recommended to me a long time ago by my ISP's expert tech help at bluetie.com. There are tons of free spyware programs out there now--be careful which ones you choose--check them out first. Blue Tie's excellent customer assistance led me to the tucows.com site for the free download. It rates 4 cows! Here's the link to Lavasoft's free Ad-aware removal utility: http://www.tucows.com/preview/236049.html I know I said free and you should be aware, but tucows.com enables you to see who the freeware manufacturer is and provides a link to their site. You are your first line of defense. Check out the company and decide for yourself the level of risk you're willing to accept for the benefit of freeware and who it is you're willing to trust and at what cost. Ethical and business is not necessarily an oxymoron.

The spyware developers sure have created quite a market for clean and sweep programs. They know you're filtering and you can bet they're staying updated on the latest filters and changing their code accordingly. We have no choice but to remain vigilant until the Federal Laws catch up with technology. Even when change finally occurs, we are still our own first line of defense and nothing can take the place of vigilance, staying on top of the issues, good judgment and common sense.

Sources:

Bedell, Doug. Spying software increasingly invades computers. Knight Ridder News Service. The Oregonian 26, May, 2004.

Gibson, Steve. http://grc.com/optout.htm

Jesdanun, Anick. Aggressive spyware turning off some computer users, The Associated Press, The Oregonian, 1, November, 2004.

For more help staying on top of this issue, check out the following:

CNN: A spyware mystery - Who's behind it?
http://www.cnn.com/2004/TECH/internet/11/02/spyware.purveyors.ap/

Dallas Morning News
http://www.dougbedell.com/spyware.html

More on fighting spyware
http://www.pcworld.com/howto/article/0,aid,118058,00.asp

The Sun News: Kazaa contains spyware
http://www.myrtlebeachonline.com/mld/sunnews/business/5623961.htm