Published June 2001

Beware: Spyware lurks
on software, the Web

By Debra Malmos
Columnist

What is spyware? Spyware is any software that employs a user’s Internet connection in the background — the so-called “back channel” — without the user’s knowledge or explicit permission.

Unsolicited e-mail (SPAM) is just the tip of the iceberg, as more and more sophisticated technologies are used to deploy back-channel programming as a means of marketing to consumers.

An example of this intrusion recently was experienced by a Web development client when, upon navigating to her own Web site, she started receiving the pop-up marketing messages of direct competitors.

“The bad thing for us, as a Web business, is that when a person clicks on one of our products, a similar product of a competitor will pop up as well. We didn’t build and copyright a Web site to advertise for whoever else,” said Phyllis Forister, President of FactsFinder.com, an Edmonds-based security products and services company.

Spyware may find its way to your computer’s operating system via installation of both freeware and purchased software that contain tiny spyware programs in their products.

Software manufacturers argue that the programs are geared toward improving advertising returns, and many freeware titles, including RealDownload, Intuit’s Quicken, Netscape’s AOL Smart Download, and NetZip’s Download Demon, now include advertisements within their program’s window.

In October 2000, Sen. John Edwards of North Carolina introduced the Spyware Control Act, one of a rapidly growing number of legislative initiatives addressing privacy issues.

“I have been closely following the privacy debate for some time now, and I am struck by how often I discover new ways in which our privacy is being eroded,” Edwards said in a speech introducing his bill. “Spyware is among the more startling examples of how this erosion is occurring.”

Under S. 3180, the Spyware Control and Privacy Protection Act, manufacturers that build spyware into their products must give consumers clear and conspicuous notice — at the time of installation — that the software contains spyware. Such a notice would describe what information would be collected and to whom it would be sent. The spyware would then be forced to lie dormant unless the consumer chooses to enable it.

Spyware also can be launched upon download of Web pages via your browser and e-mail programs.

In truth, marketers are the least of our concerns, since back-channeling technologies can as easily be used to transport computer virus programs. DSL connections are particularly vulnerable due to the permanent identity of a computer connection and the “always on” status of this type of connection.

What can we do about it? The effective means of control may be likened to chasing a “moving target.” There are some precautions that should certainly be taken to decrease the incidence of vulnerability.

• Install anti-virus software and maintain firewall protection if you are online via a DSL connection.
• Keep up-to-date on security fixes for your operating system and programs.
• Contact your local legislator and voice your support for consumer privacy issues as they relate to software and the Internet. Visit http://access.wa.gov to locate contact information.
• Review privacy statements that may be disclosed with software purchases and free software downloads.
• Report violations. If you suspect an online marketer of violating your privacy (i.e., if visits to a Web site result in unsolicited communications about related services), read the site’s privacy statement to see whether it has disclosed activities that may indicate the use of back-channel or spyware technologies.
• If your computer runs Windows, you should frequently check the Microsoft Windows Update (http://windowsupdate.microsoft.com) page. If you have Office 2000, you should check the Microsoft Office Update (http://officeupdate.microsoft.com) site.
• For Macintosh computers, a good source of security information and solutions can be found at MacInTouch Security Resources (http://www.macintouch.com/security.html).

Debra L. Malmos is President and CEO of iFULL Enterprises, an Internet services provider for access and hosting, Web site development and Internet marketing. She can be reached by phone at 360-321-6242. Her Web site is www.ifull.com.

Back to the top/June 2001 Main Menu