Beware programs that nest in your hard drive and gather personal information
Be honest: How often have you read the end-user license agreements (EULAs) that pop up whenever you install a new piece of software, download a program from the web, join a multi-player game, or even just try to access some online content? If the research is correct, you almost never do. You just click “I agree” and get on with whatever it is you really want to do.
Here’s some bad news: You may be saying OK to the worst kind of spam imaginable. This isn’t just the kind that irritates you to the point of frustration and wears out your fingers from pushing the delete button. This is the breed of uninvited software known as spyware or adware.
At its best—and that’s a relative term—the software in this category inundates your PC with pop-up ads. More ominously, it makes a home on your hard drive and collects hard data on your browsing patterns and online buying habits, which it then sends back via your Internet connection to a marketing or research company that turns around and sells the data to any vendor willing to pay for it. Then the vendor uses the information any way it wants, including bombarding you with even more ads.
It gets worse. One recent breed of adware, known as a browser helper object, attaches itself to the browser just like a standard plug-in. Some of these programs then change your default page or favorites listings, while others automatically redirect the browser to sites you may not want to visit, such as those with adult content. Others embed themselves in the most common software applications, causing it to use up your memory or drive space, and even crashing the entire PC.
Sadly, it’s not illegal since you clicked, “I agree.” Of course, sometimes the software doesn’t even ask for your consent. It instead is automatically installed when you open a spam email or visit certain web pages. This is a technique known as “drive-by download,” and while its legality is debatable, its frequency is increasing. Another method growing in popularity with hackers is called “mousetrapping,” in which one pop-up window after another opens up on your PC faster than you can shut them down. These pages start to launch usually when you exit the site you originally visited.
The technology used in these attacks on your PC isn’t new, but it has gained momentum with the sudden popularity of file-swapping sites. Most of these services are ad-supported, and bundling these programs is the only way they can survive. It’s possible to believe that the programs were launched with the best of intentions and legitimate advertising partners. However, as the data collected from each user does the rounds, the ads popping up seem to be of more and more dubious quality.
As the concern over spyware has mounted, some name-brand companies have come under fire for using similar techniques to protect their copyright. For example, message boards were buzzing earlier this year with news that Intuit, maker of top-selling personal finance applications such as Quicken, had installed user-monitoring tools on its program TurboTax. The fears were unfounded: Intuit did include a product activation code that “locked” the program to a single PC, but it didn’t monitor user patterns, and certainly didn’t collect and disseminate personal financial data, as some rumors suggested.
Still, the code uses up memory and is hard to remove, and the company was forced to hire an independent testing firm to verify its actions. Stung by the PR battering it took from some of its most loyal users, Intuit says it will remove some of the more distasteful aspects of the program from next year’s version of TurboTax.
Not surprisingly, the federal government is in on the action or considering it. Earlier this year, the Department of Justice incensed the famously libertarian geek community with an under-publicized proposal—described as a “work in progress”—known as the Domestic Security Enhancement Act. If passed, it would give the government freer rein to monitor which sites users visit, what they search for on Google, and what they write in their emails. The proposal also resurrects fears of the FBI’s Magic Lantern spyware, which uses old technology to track users’ keystrokes, and the more recent Carnivore surveillance system.
What’s a consumer to do?
First, it’s important to understand that the Internet has grown very big, very fast, which means there’s an entire generation of PC users who are proficient at only that—using PCs. Once these spyware and adware programs have embedded themselves in the PC registry, only a sophisticated technician can remove them, sometimes needing a generous helping of luck.
Most ISPs and companies put up firewalls, but these typically keep viruses from coming in, not information from going out. When these programs piggyback onto a legitimate program to invade a consumer’s machine, they’re home-free inside the network. And, as with all spam battles, the spyware and anti-spyware programs will keep trying to outwit each other.
So, use common sense—read the EULA before signing on, and never, ever open unsolicited email. And use the best comprehensive security software available: McAfee® Internet Security. It secures your personal information while providing greater control over your family's Internet experience. McAfee Internet Security Suite ensures that you don’t expose confidential information to online threats while protecting you and your family from inappropriate online content.
To download or learn more click here: McAfee® Internet Security.