“The best advice I can give people is to check end-user licenses and privacy policies,” Howes says. “Most people just click through those things thinking they don't have to read every word. Users will know there's a problem right away because they'll see pop-up ads and additional tool bars and search bars to Internet Explorer.”
On the legislative front, federal spyware legislation failed to pass in 2004. A spyware bill passed last year in the House but stalled in the Senate. The bill aims to make spyware that hijacks a user's home page or tracks keystrokes illegal. The legislation also requires spyware programs to be easily identifiable and removable and allows for the collection of personal information only with the consent of the user. It also authorizes the Federal Trade Commission (FTC) to investigate violations of the law and impose fines of up to $3 million in the most serious cases. Expect Congress to take up the spyware legislation again during the first half of 2005.
The government will do its part to combat spyware by setting reasonably tough laws and prosecuting the bad guys, as exemplified in the FTC's recent case against high-profile spammer Sanford Wallace and his two companies, Seismic Entertainment Productions and Smartbot.net.
Builders, of all people, know, however, not to wait around for the government to do the job. Spyware has become so ubiquitous on the Net that builders have to be proactive. Our advice: Educate yourself, stay informed, and take steps to routinely scan and sweep out spyware (see “How to Beat Spyware,” above). It may take another two years or so before the computer industry catches up to the bad guys.
How To Beat SpywareHere are some tips on protecting your computers from spyware:
Download Anti-Spyware Programs On Your PC. The two widely recommended sharewares are Spybot Search & Destroy (www.safer-networking.org) and Ad-Aware (www.lavasoftusa.com). Lavasoft sells Ad-Aware SE Professional for $39.95; Spybot's product, which offers enhanced services such as analyzers and updates, is free, though the company does ask for donations. Another good program is Webroot's Spy Sweeper, which costs $29.95. (For information, visit www.webroot.com.)Use At Least Two Anti-Spyware Programs. Currently, the people distributing spyware on the Internet are winning, so you have to act accordingly. The best bet is to use at least two anti-spyware programs. We recommend spending the money on Spy Sweeper or SE Professional and using it in combination with one of the free shareware programs. Run each program at least once a week. When you run scans, most of the hits will be tracking cookies, which are fine to delete, but look especially to delete full files and registry keys. The registry keys install settings information to the Windows registry that lets spyware programs operate.Update Your Operating System And Web Browser Software. Download the free software patches offered by Windows. Some are designed to close holes in the system that spyware could exploit.Download Free Software Only From Sites You Know And Trust. It can be appealing to download free software games, peer-to-peer file-sharing programs, customized toolbars, and other programs that may change or customize the functioning of your computer. But be aware that some of these free software applications bundle other software, including spyware.Set Your Browser Properly. Make sure your browser security setting is set high enough to detect unauthorized downloads—for example, use at least the “medium” setting for Internet Explorer.Be Careful What You Click On. Don't click on any links within pop-up windows. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the “X” icon in the title bar. Also, don't click on any links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.Start Using An Alternative Browser. Many of the spyware attacks exploit vulnerabilities in Microsoft's Internet Explorer. Check out the free browsers at www.mozilla.com or www.opera.com, or just go back to using Netscape's browser. Most Web sites support Netscape, but many e-commerce and banking sites don't yet support Mozilla and other alternative browsers. Also, don't try to uninstall Internet Explorer if that's your main browser, because it's tightly coupled to the Windows desktop operating system; just launch the new browser from your desktop. It's fine to set the new browser as your default browser.Watch Out For Rogue Anti-Spyware. There's a lot of questionable so-called “rogue” anti-spyware software out there—even software that, in certain cases, has been known to release spyware attacks. If you're not sure about a product, visit www.spywarewarrior.com/rogue_anti-spy ware.htm. The Web site has a list of anti-spyware software to avoid and, better yet, lists the most reputable anti-spyware software. And as a general practice, take the time to read the end-user license before downloading any software. If the license is hard to find or difficult to understand, think twice about installing the software.Sources: Builder, Federal Trade Commission
CHEAP TRICK: A common spyware scheme entails displaying a message that appears to be official business for a network administrator or an Internet service provider but is actually spyware. Never click on these messages; they are trying to trick you into giving their creators access to your computer.