June 24, 2004
There has been quite a storm over spyware and adware recently, and these have become even less unobtrsive now. Naturally, the anti-spyware and anti-adware software-whether free or pricey-is making news too. K-praxis takes note of some the issues.
A lot of spyware gets into one's pc because one is not literate enough, as far as sotware is concerned, or computer internals are concerned. One is usually illiterate in another manner as well: one rarely reads (almost nobody does) the full terms of service or conditions of license when one installs new software. A lot of spyware comes in through the main door. We opened it for someone we wanted, but that someone carried a little ferret in his/her bag, and now our browser homepage is changed, and now there are a number of pop-ups advertisements.
Some of the statistics on spyware are alaarming. It is reported here that out of 420,000 computers scanned, 134,000 had spyware or adware. It is also said commonly that a machine normally has about 28 spyware or adware programs.
Even if one's computer now hosts these, in principle, it should be possible to remove these. This is the other illiteracy that debilitates us: there are not very many users of Windows who are able to look into the registry and edit the correct HKEY_LOCAL_MACHINE settings for specific software (we are assuming that most people use the Windows® operating system and its versions). Moreover, a number of these spyware and adware programs populate our system in more than one ways, so even if one did edit the registry, often these live on, persistently and tenaciously.
There are also key-loggers, a kind of spyware that remember every key-press on one's keyboard, and pass that information on to interested parties. Does one remember the last time one typed out one's login and password?
Did You Let Your Computer Become a Zombie?
The net is rife with the discussion of the recent supposed DOS attack on Akamai (thus affecting its customers like Google, Yahoo! and a few others). Statements from Akamai suggest that the attack came through 'zombie' machines formed into a network.
There is a very short step from having unnoticed spyware on one's machine, espeically key-loggers, and one's machine getting itself turned into a zombie and used for some other purposes, while we type out our email, our manipulate data in our spreadsheets. Even as one works, someone else is controlling the computer (thus making it into a zombie). The potential damage here is not to one's owm machine merely, but to other machines, and other people's data or services.
There are several anti-spyware and anti-adware programs available. Some of these, like Spybot S&D (spybot search and destroy) are free (and the license makes interesting reading, as does the FAQ), some within the price range of 20-40 US$. These protect one's machine to a large extent. However, as with virus definitions, there is a renewed need for updates. It should be noted that these are anti-spyware programs, and need not, and do not prevent the zombifiying of one's machine.
In the US, an anti-spyware bill is on its way to the last stages of being passed. However, in a Utah spyware case a judge seems to given a ruling that slows down the passing of the state's anti-spyware law.
What Solutions Then?
If one waited for the state to pass laws that disallowed advertisers to put advertises on one's own computer without one's permission, that wait could still be a long one, in the US, and elsewhere too. The best solution seems to be:
a) Train, or force, one self to read licenses in full, look for those 'piggy-back' software things that come in through the main door.
b) Never click blindly on the 'next' button, but to check every message carefully.
c) Learn, however long it might take, to use registry editors. Begin to look at the registry at least.
d) Buy anti-spyware software. Keep upgrading every odd week. As of now spyware is slower than viruses (the industry around which is said to run into millions of US$).
e) Disconnect from the Internet when you are not using it (this does not mean merely shutting down one's favourite browser!).
Finally, perhaps the old Greek saying ("Know Thyself") needs now a slight modification: "Know Your Machine".