- The Washington Times - Wednesday, June 9, 2004

George Washington University professor Lance Hoffman compares the current Internet climate to his earliest days behind the wheel.

“When I learned to drive a car, there were no air bags or seat belts,” says Mr. Hoffman, a computer science professor at the Foggy Bottom university. Enough accidents happened that the safety devices soon became a reality.

“We’re in the no-seat-belt age of the Internet. We don’t even have drivers licenses,” Mr. Hoffman says. “That will change.”

Proof of that is the continued onslaught of what some call malware, or malicious software.

These foul Web dangers include viruses, worms and other programs designed to tie up computer users’ Web surfing, or let others peek at where their Internet travels lead.

The term malware has been around for several years, says Mr. Hoffman, editor of the book “Rogue Programs: Viruses, Worms, and Trojan Horses.”

A particularly insidious strain has been dubbed spyware. These programs install themselves on a computer either without the user’s knowledge or because he or she inadvertently agrees to install them.

Spyware gathers information on the user, including his or her surfing habits or personal information such as passwords and e-mail addresses, and sends it back to the company controlling the spyware.

For advertisers, the information lets them program highly targeted advertising and is called adware. Should a computer user spend his days researching hot rods, for example, the next pop-up advertisement he sees could be from a used-car dealership.

More nefarious spyware might capture a user’s personal information via “keylogging,” a type of spyware that records every keystroke made.

One of the best ways to protect oneself is to bone up on the latest Internet and virus news. Sites such as www.getnetwise.org offer solid information toward that end, Mr. Hoffman says.

“You shouldn’t have to read a manual to learn this,” he says. “There’s a lot of good information on how-to-protect-my-privacy laws.”

At the minimum, he suggests downloading some free software programs. They can help protect those who otherwise aren’t aware of how complicated Web surfing can be.

“Nothing is perfect, but you’ll be in much better shape,” he says. “In general, the average person is getting smarter, but we’ve got a ways to go. We’re a pretty trusting people.”

Gerry Sneeringer, an IT security officer at the University of Maryland, says computer users themselves are to blame for some of the spyware running on their systems. They just don’t know it.

“Most of the adware you agree to put on the computer,” Mr. Sneeringer says. Many Web users have gone to a commercial site or signed up for a product where, at one point, he or she is confronted with a long page of “legalese” to be accepted or denied.

Sometimes, Mr. Sneeringer says, amid the fine print is material stating that by clicking “I accept,” the user agrees to let adware operate on the computer.

“It seems to have come to the forefront in the last couple of years,” he says of this practice. “Many people don’t know [about it] unless they run spyware software. It stays in the background and doesn’t use a lot of bandwidth.”

Another way for Internet users to make sure they don’t surf onto a duplicitous site is to look at the line of text at the bottom of their monitors when they pass the cursor over a link. Doing so will reveal the link in question in text form, he says. Sometimes, a link may say it will lead to one Web site, but it actually steers the user to another. Watching the type at the bottom of the screen before clicking on the link can ensure the surfer visits the intended site, he says.

A key way users open themselves to spyware technology is by engaging in file-swapping services such as kazaa.com. These peer-to-peer Web sites allow computer users to open their systems to one another to swap video or audio files.

“You don’t know if someone has deliberately placed some malware out there and named it something enticing,” he says. “Many of the recent computer viruses have had a peer-to-peer component to them.”

Randy Heffner, an analyst at Cambridge, Mass.-based Forrester Research, says his sister-in-law found out firsthand about another Internet concern, browser hijacking.

His relative doesn’t download programs from the Internet often, but somehow a hijacking program attached itself to her computer and couldn’t be disconnected, says Mr. Heffner, whose company covers all manner of technical and Internet issues.

Whenever she tried to remove the program, a message told her “you agreed to have this installed,” he says. “They’re hiding behind the complexities of reading a licensing agreement,” he says, echoing a concern Mr. Sneeringer shares about long legal data.

Fortunately, Mr. Heffner advised his sister-in-law to run a program called Hijack This by Merijn that restored her computer to its old self.

Consumers may bristle at the thought of software operating on their computers without their knowledge, but they aren’t nearly as bothered by “cookies” left on their machines. These data slices are used by Web sites to record information about users’ visits, often to allow these sites to load more quickly on subsequent visits or record site preferences.

Ari Schwartz, associate director of the District-based Center for Democracy and Technology, says cookies shouldn’t be confused with spyware.

“Cookies don’t execute themselves, it’s more like a file,” says Mr. Schwartz, whose nonprofit group helps the public deal with privacy issues and other complications stemming from our digital age. “Any piece of code is potentially software, but [a cookie] doesn’t execute itself, and you can look at your cookies.”

Not all spyware activities are illegal, no matter how frustrating they can be, Mr. Schwartz says. Any program that can’t be disconnected is illegal, but keylogging can be legal if consent has been made or, say, a parent wants to monitor how his or her children use the computer, he says.

For Web surfers who want a measure of security, Mr. Schwartz suggests tracking down free spyware-busting downloads on the Web. If people aren’t sure where to turn for what’s referred to as “freeware,” they should read reviews on available software packages from reputable sources, such as CNET (www.cnet.com). Major Internet companies including Yahoo.com, Earthlink and AOL also are preparing freeware programs to help their users blow the cover on various spyware programs.

Protecting computer

Computer users aren’t defenseless against the wave of spyware and adware from unsavory Internet-based operators. Your computer may be infested by spyware, which can allow third parties to know precisely what Web sites you visit, according to www.getnetwise.org, if it does any of the following:

• It’s reacting sluggishly.

• The list of “favorite” bookmarks suddenly seems unfamiliar.

• The default home page switches to a new Web site.

To avoid future spyware woes, make sure you:

• Never download free software unless you’re sure of the source.

• Heed those security warnings that occasionally appear while you are surfing online.

• Read any licensing agreements thoroughly.

Microsoft users also should visit that company’s Windows Update Web site and check if it features any “critical” patches that should be installed.

These preventative practices will also help reduce adware, which installs software that feeds additional advertising messages onto your system, from camping out on your home computer.



Click to Read More

Click to Hide