Deployed properly, defenseware will disable spyware.
“If they take up my time or use my personal information without my permission, I want to hurt them.” So said a friend of mine. We were talking about the various pop-up windows, those instantly irritating promotional devices that show up in our browsers without warning and without permission. Usually–in my case, always–we click them away, which takes attention and time. But of course, they also use bandwidth, since they often contain a lot of graphics. On a dial-up Internet connection running at the usual subpar speed, the hit is not insignificant. And it’s getting worse.
Right now there’s a cat and mouse game going on between the operators of Web sites, commercial advertisers, and the consumer. Everybody is trying to devise gimmicks to get your attention or get information about you. This isn’t much different than elsewhere (billboards, TV, telephone, junk mail), except that on the Web it takes more of your resources (time, effort, mental activity) because it’s so pervasive. It’s an assault on what I call the ignore-it factor. If it’s easy to ignore–like junk mail–then it’s no problem. If not–like telemarketers’ calls at dinnertime–then it’s costing you something.
In this game, it might seem that ignorance is bliss; just ignore the advertising tricks. Unfortunately, a brood of Web-based information vipers is happy to play under your radar. This brood creates what is called spyware, which includes various kinds of keystroke monitors (capturing what keys you press), bugs and Web trackers (recording wherever you go), and Trojan horses that ferret out information like passwords and send them to someone on the Internet. So besides the obvious and annoying advertising like pop-up windows and multimedia that takes over your computer, stealth is being used to gather information about you-up to and including identity theft.
The cookie jar
The repository for most of the information about your Web activity, and some of your personal information, is in cookies–small text files created by Web sites or other Web programs and stored on your computer’s hard disk. They are, for the most part, a necessary evil. Because the Internet does not retain information between sessions (it’s “stateless”), cookies are used to store all kinds of information that makes your browsing easier and better, such as shopping carts, various preferences, and passwords. This same information is a treasure trove for marketers and (sometimes) hackers. Most systems have hundreds of cookie files, and some are perfectly legitimate and useful while others are insidious and sometimes harmful.
The key point, however, is that you don’t know about the cookies. They’re made and used without your permission or knowledge. I suppose these days a lot of users are aware in general about cookies, but few are aware of just how many there are and what they specifically contain. (Did you know e-mail can make cookies?) If you’re interested, check out CookieCentral, which will tell you more about cookies than you ever wanted to know.
Principle and interest
How much information you want to give out, or more to the point, how much and when, is what the fuss is about. Much depends on your attitude toward cooperating with advertisers, vendors, and Web sites. If you’re buying something online, then you should trust the company, since you’re almost certainly giving up your name, address, phone number, e-mail address, and credit-card number.
Principle number 1: You are only as anonymous as you want to be. I’m not paranoid about privacy. There are certainly times when I’ll give up my name, e-mail address, even phone number when I have something I feel will give me good information, like my membership on the New York Times Web site. But you should be paranoid about giving up your social-security number and credit-card information.
Principle number 2: Demand an opt-in policy. Before anybody can do anything to your computer–download any software, transmit any information, put you on any service–they must spell out what it is they are going to do and obtain your explicit permission.
You can also fight the various intrusions with counter-technology, which I call defenseware. Here are the key things this kind of software needs to do for you:
Firewall your Internet connection. Just like the firewall on most corporate networks, this is part of the overall strategy of providing security for your personal computer or home network, right up there with antivirus software. The firewall blocks unwanted inbound Internet material, and most important, blocks outbound information that you don’t want sent out.
Symantec Inc.’s Norton Internet Security 2002 ($69.95) is a suite of programs that includes antivirus software, a personal firewall, and numerous other features. However, it is not–yet–inclusive of all the features outlined here. There are several other similar suites (McAfee, Ontrack, and others) that tend to leap-frog each other in the ratings from year to year. Kill the pop-ups. Unwanted pop windows and much of the advertising at Web sites can be blocked.
Among the several programs that intercept pop-up windows, banner ads, and other annoying advertising, WebWasher.com’s WebWasher (free for personal users) is the one most easily installed. While it’s not perfect, it generally blocks only the advertising you want removed. It can also be easily disabled temporarily to allow some scripting and advertising to run. Monitor the cookies. Rather than blocking all cookies, it’s important to be able to pick and choose which ones you’ll allow as they are being created. You can set your browser to alert you if a new cookie is downloaded to your hard drive.
Most browsers of recent vintage and a number of freeware programs allow you to review your cookie files. But Kookaburra Software’s Cookie Pal ($15) does the best job of selectively allowing or blocking cookies as they are being created. Find and root out the spyware. Under almost all circumstances you’ll want spyware located and removed.
Unfortunately, no one piece of software covers all the bases; it takes a combination of programs. However, I do research and testing like this for a living, and the preceding software recommendations–largely for Windows computers–are based on that work.
Similar in concept to antivirus software, Lavasoft Inc.’s adAware with RefUpdate (free) uses an updated reference list of spyware programs and will locate them in your registry and hard disk, giving you the option to leave or remove them. It works so well that the first use of this program is likely to be unsettling (I had 22 pieces of spyware on my system).
There are some important caveats about this collection of programs. Mixing cookie killers, personal firewalls, and spyware cleaners may not work in all computers. Because these programs set various ports and other subsurface values beyond the easy reach of an operating system’s user interface, they have the ability to step on memory locations and other critical settings. In short, they might lock up your system or cause other errors. As I tested a number of these programs, my computer system reacted so negatively that I had to resort to uninstalling the TCP/IP component and reinstalling it for a fresh start.
The caveats are not an indictment of the software. Individually they’re all good programs, but they operate in ignorance of each other. Someday, some company will consolidate the many aspects of personal computer security and privacy into a single user-friendly package. Until then, this is still a do-it-yourself arrangement. Undoubtedly many people will not want to, or can’t, go to this much effort, which makes them, unfortunately, prey.
The good news is that defenseware will help you get a grip on your computer and the swill that’s being poured into it from the Internet. The bad news is that you have to do this at all, and that the tools for doing so are uncoordinated and require conscientious effort to use effectively. It’s a lousy job but there’s satisfaction in seeing the work get done properly.