Spyware causing not-so-secret frustration

July 22, 2004|By MIKE HIMOWITZ

OVER THE PAST week I've learned more about the plumbing of Microsoft Internet Explorer than I ever wanted to know. That's because I had to spend entirely too much of my spare time exterminating spyware, adware and other kinds of malware from my son's laptop computer.

I mentioned the issue briefly last week when I thought I'd removed all the little devils.

But I was wrong - it took several more hours' work over the weekend to find the last browser hijacker and terminate it.

In the end, I had to use two general purpose spyware removers, one highly specific junkware nuker and a couple of utility programs designed for geeks who are willing to muck around in the Windows registry.

Frankly, I'm fed up with this garbage, and so are millions of others.

"It's definitely a growing concern," said David Loomstein, group product manager with Symantec Security Response, which monitors online threats.

Loomstein estimates that there are 3,000 to 15,000 malware threats floating around the Internet, depending on how you define the software (some adware programs install a dozen different components).

That's small potatoes compared to the 60,000 virus threats the company has identified over the years, but spyware is still in its infancy.

For those who haven't been infected yet - which is unlikely if you have kids who surf the Web - spyware is a generic term for programs that sneak onto your computer and play nasty tricks with Microsoft's Web browser.

Some track your surfing habits and use the information to bombard you with popup ads. Others literally hijack your Web browser, replacing your home page with their own and diverting legitimate Web searches to phony sites full of links to paid advertisers.

In the worst case, spyware can steal personal information such as passwords or credit card numbers or slow your computer to a crawl.

Although many users believe that traditional anti-virus software will keep spyware programs at bay, they're often wrong.

Spyware usually doesn't look or act like a virus, and only the latest versions of major anti-virus programs can detect them.

Some spyware is installed by advertising-supported programs that kids like to use, such as file-sharing software, cursor enhancers or Web browser toolbars.

When you click the "I agree" button on the End User License Agreement (EULA) that pops up the first time you use one of these programs, you're actually giving your permission to install this stuff.

The purveyors of these programs argue that they do give you a choice - after all, you don't have to click OK. But you may not notice the spyware language because it's buried deep in a 5,000-word legal document - and your average 12-year-old certainly won't bother to read it first.

"Some of them even have print that says, `We reserve the right to take anything from your computer that we want to'," Loomstein observes.

Other spyware installs itself surreptitiously. It might happen when you click on an annoying popup window, or visit a boobytrapped Web page. With those there's no warning or chance to opt out.

And yes, you can blame Bill Gates for this mess, in part.

Unlike viruses and trojan horses, which typically exploit previously unknown security holes in Microsoft Windows, most spyware programs use a feature that Microsoft built into IE to allow developers to write legitimate enhancements for the browser.

Known as Browser Helper Objects (BHOs), they're little snippets of code that load when Windows starts up. They can affect virtually every aspect of Internet Explorer, and not all of their uses are nefarious.

For example, the Google and MSN Toolbars that help you search the Web and block popup ads are BHOs. So are plug-ins that display Adobe Acrobat pages, Microsoft Word documents and Excel spreadsheets in a browser window.

To get Internet Explorer to load BHOs, the authors create entries in the Windows Registry - that arcane database of settings that the operating system uses to manage itself.

For most users, the registry is a mystery, and it provides an excellent place for malware BHO entries to hide.

As a result, getting rid of spyware is a nightmare. The worst offenders stash program files in multiple places on your hard drive, often under random names. They automatically reinstall themselves after you think you've removed them.

Not surprisingly, one of the software industry's fastest-growing niches in the software industry is spyware removal. Unfortunately, compared to viruses, spyware has been around a relatively short time.

Spyware removers were largely developed by individuals or small start-up publishers. They aren't as comprehensive or thorough as the major anti-virus programs - which means that it may take two or three different programs to clean up a badly infected computer.

Look around tech-oriented chat rooms and help forums on the Web and you'll get a sense of anger this produces. Even many Web advertisers hate the stuff, because spyware-generated popups hide or compromise their legitimate ads.

Baltimore Sun Articles
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.