Consumer Reports: 'Spyware' keeps an eye on your computer activities


September 5, 2004

Despite recent federal legislation limiting it, the junk e-mail known as spam is increasing. When we conducted a nationally representative survey of more than 2,000 e-mail users, 47 percent said they were receiving more spam three months after the Jan. 1, 2004 enactment of the so-called "Can-Spam" Act than before.

Viruses, too, are on the rise, spreading from computer to computer, causing problems as they infect their hosts. In another nationally representative survey, 64 percent of more than 2,000 households with at-home Internet access told us they had detected a virus on their computers in the past two years. The activity shows no signs of abating.

Now comes another online plague -- sneaky programs called spyware that can implant themselves on your hard drive as you download otherwise benign software. Most consumers, we found, don't do enough to fend it off.

Spyware isn't a single type of software. The term covers a diverse range of applications. A few, indeed, spy by logging your every keystroke and transmitting it over the Internet. Others run covertly, seizing control of your browser's home page (a common symptom), imposing pop-up ads, or redirecting you from Web sites you select to their competitors.

 

And it's pervasive. Published in May 2003, an in-home study conducted by AOL of 120 American families with broadband access found that 91 percent had spyware on their computers.

One of the reasons spyware proliferates is that it's an inexpensive way to target ads to consumers. Like spam, spyware is often used by third-party marketers associated with reputable companies whose products they are hawking.

One difficulty in trying to limit spyware is disagreement over what it is. Surveillance software that records everything you do is clearly a no-no, as is malicious software that disrupts a computer. Those already fall under the jurisdiction of federal and state laws covering computer fraud and abuse. But what about adware, which can violate your privacy by disclosing your Web activities?

Earlier this year, Utah became the first state to pass a law regulating spyware, and other states are considering similar legislation. Until such laws are in place, however, you can fight spyware by observing some safe online practices. Among them:


Download and install software only from online sources you trust. Be wary of free music and movie file-sharing programs.

Exercise caution with ad-supported applications, particularly if a third party provides the ad component.

 

 

 

 

 

 

 

 

 

 

 

Asbury Park Press

 

Close windows containing pop-up ads or unexpected warnings only by closing the entire window, not by clicking within the window.

Adjust your Web browser software's security settings. If you use Microsoft Internet Explorer 6, keep its security level at medium or higher to block Web sites from downloading a file without your authorization. That also prevents Web pages from automatically running Windows active scripts.

Although our survey of wired households indicated only about 41 percent use it, updated antispyware software is the most obvious step to combat the problem.

If you want maximum spyware detection, we recommend Lavasoft Ad-aware 6 Standard. It's a free download www.Lavasoft.org, but doesn't include real-time protection, which thwarts spyware before it implants. For that, you need to buy Ad-aware Plus, priced at $27. Another good performer is PestPatrol. It does offer real-time protection, but costs $40 www.Pestpatrol.com and its user interface wasn't as intuitive as Lavasoft's.

If you want a free product with real-time protection, try Spybot-Search & Destroy www.safer-networking.org. It wasn't quite as adept at detection as the other two products, but it's the only free software we tested that can ignore cookies when performing a hard-drive scan. That speeds up the scan and makes it easier to spot spyware programs.