|
BOOT CAMP 184 (19/07//01)
SPYWARE
Its friends – and there's precious few of them -- call it
Advertising Supported Software or Adware; many of those who know it prefer the
term 'Spyware', which as the name suggests is software that can secretly gather
data from your PC and transmit it back to a company or individual.
If you are a regular web user there is a very good chance
that you have at least one item of adware/spyware hidden on your PC, using your
Internet connection -- without so much as a by-your-leave -- to send back the
information it has collected to its masters. Adware programs can get onto your
PC in a variety of ways but the most common route is via 'freeware' and
'shareware' programs, or just clicking on a banner ad on a web page
The idea is simple and from the outside it all sounds quite
reasonable. Adware enables software authors to make money from 'freebie'
programs by allowing companies to embed adverts into their products in return
for a share of the income or marketing statistics they generate. Everyone is
happy, we get genuinely useful, well-featured programs for nothing and
advertisers get to promote their products or services. If honestly and openly
implemented it is likely that few people would object to the concept.
The trouble is that in a lot of cases it is not open or
honest and any mention of the adware element's presence is usually hidden away
in a weasely statement or a densely worded licence agreement. Phrases like
'integrated sponsored messaging technology', and '…includes software that will
occasionally notify you of important news', are unlikely to ring alarm bells for
most PC users. Those responsible know full well that few people ever bother to
read, let alone attempt to decode these documents. What makes the whole business
even more worrying is that some spyware programs can continue to function even
if the 'host' software it came in on is deleted and there has also been at least
one case of an adware program that can disable the PCs Internet connection if it
is removed.
Ostensibly the purpose of adware is to gather demographic
information and usage statistics for advertisers. A typical example of how this
works in practice is the Aureate DLL program, which is embedded in hundreds of
shareware and freeware programs. When the host program is running Aureate
automatically downloads banner adverts from its home site. It records and
reports back which ones have been displayed and clicked on. This information is
assigned a unique identity number, which is then used to tailor the selection of
ads sent to the users PC. It sounds innocent enough but this effectively opens
an insecure back door into the PC concerned that could be exploited for
nefarious purposes.
Proponents of adware claim that the data sent back to them
contains no personal or private details that could be associated with the user.
That is undoubtedly true in a lot of cases, nevertheless there are plenty of
well documented cased where a users email address and name has been discovered
in spyware uploads. The fact is these programs have the potential to do a great
deal more than just report on a user's ad clicking habits but the key point is
that it is done covertly, the PC owner has no way of knowing what sort of
information is being revealed, or indeed that it is even happening in the first
place.
Adware programs are executable files that can do anything a
normal program loaded onto a PC with the owners permission is allowed to do. It
is certainly possible for such a program to scan and access files on the hard
disc, change settings, monitor keystrokes and chat-room messages and write
information to the hard disc. Several spyware programs have been blamed for
causing browser and system crashes and instability.
At the moment almost 1000 programs and utilities are
classified as having a spyware element (see Links), there could be many more,
and some big names have been implicated, including Mattel, Netscape and
RealNetworks. Internet guru Steve Gibson's web page at Gibson Research (see
Links) gets a bit technical in places but it is definitely worth reading.
So what can you do about it? The first thing to do is
actually read licence agreements on any freeware and shareware software you
download onto your PC, before it is installed.
Don't just click the 'agree' button, look out for tell-tale phrases, like
'information may be gathered during your use of this product', 'integrated
tracker software', 'sponsored messages', 'background use of your Internet
connection…', or 'tracker or locator information may be used to forward product
information to you'.
You should review your Internet browser program's security
settings to make sure that ActiveX controls cannot be loaded without your
permission. In Internet Explorer go to Options on the Tools menu, select
Security and click Custom. At the top of the list make sure the 'Prompt' box is
checked next to the item: 'Download signed ActiveX controls'. If you're feeling
particularly paranoid you might want to set 'Run ActiveX controls and plug-ins'
and Script ActiveX controls marked safe for scripting' to Prompt as well. This
will result in an increase in pop-up confirmation boxes when you are surfing,
but better safe than sorry…
Better still, install some protective software (see also Top
Tip) that will stop your PC's browser making unauthorised calls to web sites.
One of the most effective programs in this respect is our old friend ZoneAlarm,
the superb free (to home users) Firewall program from Zone Labs. In addition to
Zone Alarm's essential Internet intruder blocking facilities it will also tell
you every time a program tries to send data.
SPYWARE WEB LINKS
http://grc.com/downloaders.htm
http://www.infoforce.qc.ca/spyware/
http://www.spychecker.com/
http://www.cexx.org/spysites.htm
Zone Alarm
http://www.zonelabs.com/
Next week – Top ten
PC gadgets
JARGON FILTER
ACTIVEX
Powerful programming tools used to add multimedia components
and features to Internet web pages
BANNER ADVERTISING
Advertising graphic on a web page that when clicked will take
you to the company's web site
FIREWALL
Program that monitors an Internet connection, preventing
unauthorised access to files on your PC whilst on-line
TOP TIP
Is there any adware or spyware programs lurking on your PC?
One easy way to find out is with a program called Ad-Aware. It's freeware and
the file is around 860kB in size so it should only take a few minutes to
download. Once installed it is very simple to use and normally takes just a
couple of minutes to scan a 10Gb hard disc drive. If it finds any adware files
it offers to safely isolate and delete them. Ad-Aware is routinely featured on
PC magazine cover-mount discs but I recommend that you use the latest version
(v5.5), which is now available from: http://www.lavasoftusa.com/
|