What's Lurking In Your PC?

How to keep spyware from tracking your habits -- or hijacking your computer

At first I was just mildly irritated when my Internet browser opened up to a strange Web site rather than to my regular home page. I figured I must have inadvertently hit a wrong key. When I tried to reset it, nothing happened. Again, I thought I must be doing something wrong. But since the problem didn't prevent me from using my computer, I decided to deal with it later. Big mistake. Just weeks after my home page was hijacked, I got hit with an onslaught of pop-up ads. Then I was unable to complete a Web search. Despite typing an address dozens of times, I always ended up somewhere else. Time to call a computer expert. His diagnosis? Spyware. As it turns out, one-third of Internet users have been similarly afflicted, according to a recent survey by Consumer Reports. "Spyware, without question, is on an exponential rise over the last six months," says Alfred Huger, senior director of engineering with Symantec Security Response (SYMC ), the maker of Norton security software. Microsoft (MSFT ) reports that spyware was the cause of one-third of all computer crashes in the past year.

Because it's so new and still evolving, many computer users don't understand spyware. Here's a quick tutorial to bring you up to date on this insidious problem.

What is spyware?

It's a broad term for deceptive software that surreptitiously installs itself on a computer via the Web. Once it lurks on your PC or laptop, it allows an outsider to harvest your personal information, which can be used for many purposes. In its most benign form, a kind of spyware known as adware tracks Web surfing or online buying so marketers can send you targeted -- and unsolicited -- ads. Other spyware may have a more malicious intent, such as stealing passwords or credit-card information. Having a number of unauthorized programs running on your PC at once makes it sluggish, unstable, and, ultimately, more likely to crash.

How do you know if your computer has been infiltrated with spyware?

Unlike viruses, which are often invisible, spyware exhibits a host of signs that "take away a user's ability to control the computer," says Michael Steffen, a policy analyst at Center for Democracy & Technology in Washington. Hijacked home pages, redirected Web searches, and a flood of pop-up ads are common complaints.

How does spyware sneak on board?

Simply clicking on a banner ad can install spyware, says Dave Methvin, chief technology officer at PC Pitstop, a system diagnostic and tune-up site. Worms, which are self-propagating viruses, can also carry spyware. They search for machines that don't have up-to-date security patches and install the nasty software, says Firas Raouf, chief operating officer for eEye Digital Security, a network-security software developer. Spyware is also spread by e-mail.

Sometimes spyware is secretly bundled with free software you download from the Internet. Sites that offer music-sharing, videos, weather data, games, and screen savers often are paid to distribute adware. When you install the software, you might see a pop-up window that asks you to agree to certain conditions. Most users just click "I agree" without reading the fine print. Often they are authorizing the installation of additional data-collection and ad-serving software that can muck up their PCs.

Another deployment method is to "trick users into consenting to a software download they think they absolutely need," says Paul Bryan, a director in the security-and-technology unit at Microsoft. You might also encounter what experts call "unsolicited downloads" while you surf the Net. In such cases, your browser will warn you that a file is being downloaded. You can choose to accept the download or not, but it will keep nagging you to say yes. Keep clicking no and the messages will eventually stop.

Is spyware legal?

With adware, which collects data on your buying habits, there's a fine line between what's legal and what's not. Marketers that use adware claim to get the consumer's consent to download the tracking software. But some experts say their tactics are deceptive. Those interested in identity theft -- or geeks who simply want to wreak havoc on people's computers -- are clearly engaged in illegal activities.

How do you get rid of spyware?

To eliminate it, you must track down every file and completely erase it. That can be tough since spyware hides inside your computer's operating system, making it difficult to find.

Internet service providers, such as EarthLink (ELNK ) and AOL (TWX ), offer scan-and-removal tools. For extra protection, you should also employ specialty anti-spyware software. Be careful about the programs you choose -- they may be spyware disguised as spyware cleaners. Use a well-known program that scans for a regularly updated list of privacy threats. McAfee Anti-Spyware, Spysweeper, Lavasoft's Ad-aware, and Spybot Search & Destroy are all good choices. You can download the last two for free from download.com. Scan your hard drive at least once a week with two or more anti-spyware programs because each is likely to find files the other overlooks. For files that can't be deleted, contact a computer consultant.

How do you protect your computer in the future?

Protection is an ongoing process since spyware makers are constantly creating new threats. First, install a personal firewall and an anti-virus program. ZoneAlarm from Zone Labs is a free basic firewall. Symantec and McAfee sell popular personal firewall and anti-virus software. Until the anti-virus programs become more thorough in blocking spyware, which should be within the next year, it's imperative to use a separate anti-spyware program.

Next, set the computer's operating system for daily security updates. Also set the Web browser to a medium- or high-security level. For Windows, go to Microsoft's Web site for instructions. Windows XP users should install Service Pack 2, which makes it close to impossible for software to be downloaded without your being alerted. Consider switching to a Macintosh computer or a browser less popular than Internet Explorer, such as Mozilla Firefox (mozilla.org) or Opera (opera.com). They are less likely to be attacked.

Finally, practice safe surfing. That means downloading only trustworthy software, reading licensing agreements, avoiding banner ads, and deleting spam. In other words, just say no.

By Toddi Gutner

    Before it's here, it's on the Bloomberg Terminal.