Is your computer spying on you?
It's sometimes called the "new spam." It slips right through firewalls and antivirus programs, riding the coattails of legitimate programs you've chosen to download from the Internet. In its more common and benign forms, it will send you pop-up ads targeted to your interests and clog your computer's memory. At its most malicious, it can steal your passwords and credit-card numbers, maybe even let a remote user take over your computer.Skip to next paragraph
Subscribe Today to the Monitor
It's spyware, a broad term for programs that hide on users' computers without their knowledge. It has become so pervasive that both federal and state governments are looking into ways to prevent or at least regulate it.
While it's hard to tell the share of computers that have been infected with spyware, estimates run as high as 95 percent. One popular spyware detection program, Spybot Search and Destroy, lists nearly 800 spyware programs that it can find and remove.
While most of the spyware found on computers appears relatively benign so far, experts suggest users take measures to protect themselves (see list page 17).
Children online can be especially vulnerable because they may have less technical savvy and frequently download so-called peer-to-peer software from the Internet, often called freeware or shareware.
"One of the ways these programs end up on people's computers is that they can be bundled with other free applications they download, which can include file-sharing applications, screen savers, or other kinds of free utilities," says Michael Steffen, a policy analyst at the Center for Democracy and Technology (CDT) in Washington, D.C.
Kazaa, a widely used music- swapping program that has been downloaded 270 million times, has carried at least 12 kinds of hidden spyware at various times over the past two years, according to a recent study at the University of Washington in Seattle.
But with the exception of pop-up ads or slower operations, users may not notice anything happening when spyware programs are present, experts say. And the programs often apply a legal fig leaf by asking for consent to be installed as part of a lengthy EULA (End User License Agreement) that many users OK without reading.
In Congress, a bill to battle spyware sponsored by Sens. Barbara Boxer (D) of California, Ron Wyden (D) of Oregon, and Conrad Burns (R) of Montana recently joined one filed in the House last July by Rep. Mary Bono (R) of California. They aim to ensure that users know when programs are being installed on their computers, so that they can refuse them if they wish, and that spyware that is installed is just as easily removed. The Federal Trade Commission would enforce compliance.
The FTC has already announced that it is holding a spyware workshop in Washington on April 19 to gather information about the problem.
In addition, the Utah legislature has sent a bill regulating spyware to the governor for his signature. Iowa and California have also considered bills to prevent spyware.
"The Internet is a window on the world, but spyware allows virtual Peeping Toms to watch where you go and what you do on the Internet," Senator Wyden said in a statement about the Senate bill, called the Spyblock Act.
"The FTC is beginning to look at the extent to which these applications are unfair and deceptive, and we think that's a really good thing," Mr. Steffen said in phone interview. "We think a lot of these [spyware] programs already represent violations under existing fraud statutes or under other laws."
Although new legislation may have a role to play, Steffen says any solution must also include educating the public, and self-regulation within the industry.
"The spyware and adware stuff comes in from all over, and it's really as dangerous as a virus," says Roger Thompson, vice president for product development at PestPatrol in Carlisle, Pa., a maker of antispyware software.