I’ve found a website, the Webroot Software site, that will leave 90% of normal Internet users seething. The site, which features privacy protection software, reveals that software programs are secretly installed on most computers to monitor users’ behaviour and “lifestyle characteristics”.
Spyware includes key-stroke loggers and screen capture utilities that record what you type or what appears on your screen and could be used to capture passwords and other personal information. The broader definition of spyware includes adware, which monitors website use and runs ads for marketers.
Cookies, which most publishers use to track visits to their websites, are not nearly as dangerous as key-stroke loggers. That said, responsible publishers will have a privacy policy stating their use of cookies and agreeing not to use information irresponsibly.
To get on to your computer, spyware piggybacks on other software or files downloaded from the Internet, such as when you download MP3 files from popular peer-to-peer networks.
Webroot Software and United States-based Internet service provider EarthLink do ongoing research into spyware and recently announced that spyware applications are found on 90% of computers with Internet connections.
“Spyware has become prevalent locally — based on the fact that it is undetectable to users,” says Patrick Evans, regional manager at computer security firm Symantec.
“Users need to be aware of the fact that pornographic, gambling and marketing websites are especially prone to delivering malicious code that can easily infiltrate one’s system. These sites have tools that are specifically designed and aimed at obtaining one’s personal information and lifestyle characteristics,” says Evans.
Spyware is able to bypass normal security measures on your computer.
“Spyware bypasses corporate firewalls, because it is downloaded by legitimate users with the rights and privileges on the firewall rules set to do so,” explains Craig Reynolds, technical manager at Beyond Security SA. “And anti-virus software does not normally detect spyware, unless it contains a known virus code (signatures) or an automated process that behaves in a virus-like manner.”
Evans agrees that having anti-virus software is not enough. Computer users need a number of protective measures to secure their machines.
“The more comprehensive your protection, the less likely it is that malicious attacks and intrusion from spyware can occur,” says Evans.
Security measures should include anti-virus software and the correct configuration of security settings. (The default settings may not be high enough.)
Reynolds suggests that, before downloading software, a user needs to establish the source and nature of a program. For example, legitimate software tends to be supported by a comprehensive site with a privacy policy.
Read the privacy policy of legitimate software companies to ensure that your Internet activity won’t be monitored. And accept that if you use peer-to-peer networks you are at high risk — if you’re not sure, assume the worst.
“The Internet community is made up of every representative of the best and the worst of humanity,” says Reynolds.
You should also avoid using “auto-complete” functions in the browser and set your default cookie configuration to “prompt before accepting cookies”.
Evans notes that a company monitoring its employees on its own networks with spyware is considered “legitimate” — as are parents wanting to monitor their children’s Internet activities. But these are programs installed with the knowledge of the business owners or parents.
“It is astounding how much trust the average user places on companies and what they offer on the Internet, with little or no knowledge of the supplier, company or individual providing it,” says Reynolds.
“Spyware, adware, trojans and worms exist in most freeware and shareware programs, and can be inadvertently installed by the user when visiting a malicious or compromised website.”
Last year the US-based Centre for Democracy and Technology issued a report detailing the threats that users face from spyware. These, it says, are not limited to breach of privacy and security, but also reduce computer performance and system stability. Important issues such as transparency and control (who owns the right to your computer screen) also come to the fore.
The report found “combating the most invasive of these technologies will require a combination of legislation, anti-spyware tools, and self-regulatory policies.”
“Users should have control over what programs are installed on their computers and over how their Internet connections are used. They should be able to count on a predictable web-browsing experience and they should have the ability to remove for any reason and at any point programs they don’t want,” the report concludes. “A growing body of invasive applications takes away this control.”
Computer users need to regain control by using the tools available to them and by guarding their right to privacy both online and off.
Web guide
Centre for Democracy and Technology: www.cdt.org/privacy/Spyware/
SpyAudit: www.earthlink.net/spyaudit/
Webroot: www.webroot.com