Tech Policy and Security: Ratting out Spyware --- David McGuire --- Online Security

Online Security, a global provider of computer forensics and information technology risk mitigation since 1997

Original Source: www.washingtonpost.com

Tech Policy and Security: Ratting out Spyware
Author: David McGuire

Ratting out Spyware

Spyware. Chances are you have heard of it. Chances are even better that you've had it show up on your computer. After all, it's rapidly assuming its position alongside e-mail spam and telemarketing calls as an annoying byproduct of the communications revolution.

Defining what it is, however, can prove difficult. Broadly speaking, it describes hundreds of different programs that are often surreptitiously installed on people's computers.

The most benign forms, known as adware, display advertisements based on the computer user's surfing habits. They come from companies that are, by and large, fairly legitimate -- though some resort to tricks to get people to download their software, such as cleverly worded pop-up ads or dialogue boxes. Another trick is to bury a consent agreement somewhere around page 19 of a 20-page privacy policy written in small, densely crowded typefaces.

Others are not so friendly.

Some spyware programs collect information about who's using the computer, sometimes using "keystroke loggers" that do just what they sound like they do -- keep track of what you're typing to get hold of personal identification numbers, passwords and other sensitive data.

Some spyware hijacks key computer functions in a form of electronic blackmail. One oft-cited example is the program that causes the computer's CD-ROM drive to open while the monitor shows a pop-up warning that the computer is infected with spyware. The authors of the ploy direct victims to buy a "cure" that turns out to be none other than... a spyware program. Then there's the "Beast," which can give its author complete control of someone else's computer.

The most aggressive programs go beyond the traditional definition of spyware and seize your Internet browser. There is little to separate those kinds of programs from computer viruses and worms, and their origins often are the same -- identity thieves and other kinds of online criminals.

With that in mind, here's what you can do to make sure that your computer does not turn into a spyware billboard:

* Prevention: Don't download free software that you don't trust completely. That includes peer-to-peer programs like Kazaa that people use to share files (like illegally copied music or bootlegged movies). File-sharing companies get a lot of money from companies that pay to have their spyware and adware piggyback on those programs;

* Get some protection: America Online and Earthlink, the nation's No. 1 and No. 2 Internet service providers, announced in early January that they would provide automated anti-spyware software to their services. That's for their subscribers only, of course;

* Fight back: Patronize your favorite antivirus company. Many of them offer optimal protection against adware and spyware. There also are many free downloads for real anti-spyware programs. Lavasoft's Ad-aware program is one such tool. Also try this site -- safer-networking.org. To eliminate some of the more aggressive programs, users may need a more specialized tool -- this site points computer users to a series of handy links and reviews;

- Take it to the Hill: Believe it or not, lawmakers in the U.S. Congress are well aware of spyware as both an annoyance and a security threat.

Here's one succinct statement from Sen. Conrad Burns (R-Mont.), who last week held a hearing on anti-spyware legislation he introduced with Sen. Ron Wyden (D-Ore.): "It's my computer. It is private property. I bought it and paid for it and for my use only, not some leech."

The SPYBLOCK Act, proposed by Burns and Wyden (the same duo who brought us the first national anti-spam law) would make it illegal to use the Internet to install software on people's computers without their consent, and require companies that offer software downloads to provide more disclosure about what the programs do and what information they collect. The bill also would require Internet ads generated by the software to be clearly labeled.

There's also action afoot in the House of Representatives, where Rep. Mary Bono (R-Calif.) is sponsoring a bill that would force companies to provide clearer disclosure before installing spyware on a user's computer. Rep. Jay Inslee (D-Wash.) has also announced plans to introduce anti-spyware legislation.

Spyware -- from the annoying to the dangerous -- is not a new revolution in the computer world, but something that slips under many people's radars. That's why it's equally necessary for everyone from your mother to a 20,000-employee mega-corporation to be constantly vigilant about computer security. Using some of the tips compiled here is a good first step.