Hundreds of little brothers are watching you.
Once upon a time, the Web was a simple place. You used a browser to search text-based documents and link to still other text-based documents. For most people, however, the days of the text-based browser are long gone.
Web surfing today will bring with it a myriad of animated graphics, banners, and pop-up and pop-under ads. (A pop-up ad is launched on top of your current Web browser while a pop-under ad is started underneath your current browser so you will find it when you exit your Web browser).
Ever since the emergence of the commercial-use Web, online users have been inundated with company messages for various products and services. Online advertising is annoying no matter what you’re trying to do online, but what many online users don’t know is that today it is also dangerous and a huge invasion of privacy. How can this be so?
Simply put, businesses have found the Web a difficult place to make money, so they have begun taking more sophisticated approaches to grab your attention (and your wallet). Referred to both as spyware and adware, companies are employing all sorts of software tricks to track what you do online and collect as much personal information about you as possible. For example, companies routinely try to grab your TCP/IP address, your e-mail address–if you’ve defined it in your browser–as well as what kinds of sites you’re visiting online.
Security expert Steve Gibson of Gibson Research Corp. defines spyware as “any software [that] employs a user’s Internet connection in the background without their knowledge or explicit permission.” Many companies routinely use spyware or adware to gather information about you and your surfing habits.This allows them to create and distribute advertising that is targeted toward your tastes and lifestyle.
However, spyware and adware are not only used by businesses interested in making a buck. The hacking community is finding that the same mechanisms used by big business to make money are also useful for other purposes, such as identity theft. Cruising the Web without some protection against spyware or adware is like leaving credit-card receipts all over the place.
In the not-too-recent past, it was a common belief that you could only get infected with spyware or adware if you downloaded shareware programs or used file sharing or peer-to-peer client software. It is still true that you stand a higher probability of spyware infection if you use shareware, file sharing, or peer-to-peer software. However, merely surfing to certain Web sites now can also infect your system with spyware or adware. Writers of spyware and adware find it particularly easy to insert spyware and adware in your system when you use the Internet Explorer browser (though some other browsers are also susceptible). Once on your hard disk, the hidden spyware or adware software component or application reports on you and your online activities.
Take some action!
So what can you do as a personal user of the Web or as a business that performs work online? There are two key ways you can take action against spyware and adware.
First, consider your choice of browser. Make certain that your browser includes features that let you control your browsing experience. For example, Netscape 7, Mozilla 1.0 and Opera 6 all let you disable pop-up ads and control what script actions are allowed or disabled. Spyware and adware is often inserted into your system via a script that runs when you visit a Web site.
Second, begin to take spyware and adware just as seriously as you do computer viruses. Thankfully, there are several antispyware and anti-adware solutions out there (and the number of tools and supported platforms is growing). With costs ranging from free to around $50, obtaining and using these tools is a budget-minded affair. As with antivirus tools, antispyware and anti-adware tools should also be updated frequently so that you can keep up with the latest threats.
To give you an idea of just how serious the problem is, I ran a little test a few days ago. I surfed the Web as I usually would, except I used a Windows-based computer and the Internet Explorer browser (both of which I usually wouldn’t use). After surfing off and on for one half a day, I downloaded the LavaSoft Ad-aware tool.
This antispyware/adware solution scans your memory, Windows registry, and hard drives for spyware/adware and removes it at your request. After scanning my test system, Ad-aware found eight pieces of spyware that had installed themselves during my short test surfing the Web. Of course, I removed the spyware promptly.
For Windows users, another way to detect spyware is the Zone Alarm personal firewall from Zone Labs. The widely used firewall has always been good at detecting inbound connections to your computer, but it also can tell you if applications or software components are trying to make an outbound Internet connection.
When an outbound connection is made, Zone Alarm can notify you. Look at the name of what is trying to make an outbound connection. If it is a program or component that seems unfamiliar, do not allow it to make the connection. Afterward, go find the program in Zone Alarm’s programs list and note its location by examining the properties. Then, go to that location and remove the program or component.
With its most recent release, Zone Alarm also offers several other antispyware related tools. For example, it now lets you block pop-up ads while it also can stop spyware from ever getting to your hard drive.
Spyware doesn’t just target Windows-based systems either–it is platform-agnostic. Therefore, if you’ve joined the growing number of individuals or businesses who have switched to other operating systems, such as Linux, Macintosh, FreeBSD, or other Unix variations, you should not consider your system safe from spyware and adware any more than a Windows user should.
On my Linux and Unix boxes, I use JunkBuster and find that it does a great job of blocking spyware and adware. Using the tools supplied with the Netscape, Mozilla, and Opera browsers on these platforms also helps. However, those considering using JunkBuster had best consider themselves fairly technically savvy, because it does require some knowledge to configure.
If you’ve just made the switch to Linux and are gaining knowledge on the platform, a better anti-spyware choice might be Guidescope, which is an antispyware service that works with your browser. It is free for home users and costs $15 per year per person for business use.
Those using the Macintosh platform, as I do for some development work, will find ADGate up to the antispyware task. You can download it from Apple’s Web site or from static Cling. There are not yet as many choices for antispyware for platforms, such as Macintosh and FreeBSD, but the number of tools is growing, so keep abreast of what is available no matter which platform you choose.
The worst thing you can do is to take no action at all. As advertisers and hackers expand their tactics to invade your privacy, you need to get smarter about how you protect yourself and your computer(s) while online. Unless, of course, you don’t care who invades your computer to spy on you.