Spyware & Adware

In 2003, the proliferation of "spyware" and "adware" (sometimes together, with viruses, called "malware") became the latest negative part of the lives of Internet users. These software programs are employed by hackers and dubious entrepreneurs to spy on Internet users computing activities for equally dubious activities.Spyware is unintentionally downloaded software that monitors an Internet user's computing activities. Spyware can be used by hackers to steal sensitive information, such as Social Security and credit card numbers, or it can be used by companies to gather information about customers.

Although not as invasive as spyware, adware often goes beyond accepted e-commerce practices to gather information about Internet activities in order to target users with online advertising, such as spam and pop-up advertisement windows.

Spyware and adware practices are considered unethical because, it addition to the obvious privacy concerns, it can cause software on infected computers to malfunction. Often, the web browsers themselves are the targets.

Adware can cause computer screens to be flooded with ad pop-up windows and other unexpected changes, such as home pages being deleted in favor of a questionable website and website listings mysteriously appearing on Favorites lists. Often, the user's e-mail account will see an unexplainable spike in spam messages and messages sent without the user's knowledge, meaning the account is being used to further spam proliferation.

Even more serious, infected computers, whether they are offline or online, can behave erratically or run slowly when infected with adware or spyware. Sometimes, software programs open and close slowly or randomly, or a computer's hard drive will be at work grinding away when the computer is idle. These may be signs of "keyboard loggers," malicious programs that allow hackers to monitor keystrokes and capture sensitive information, such as usernames and passwords.

How bad is the problem? Microsoft claims that half of all computers crashes reported by customers are related to adware and spyware.

The problem with spyware is that it is hard for an Internet user to detect it. However, spyware and adware prevention has become an important consideration, as many Internet service providers (ISPs) including America Online (http://www.aol.com) and EarthLink (http://www.earthlink.net), among others, provide spyware and adware protection for free to their subscribers.

Third-party spyware and adware blocking software is also useful, with the most popular titles including Spybot (http://www.safer-networking.org/en/spybotsd/index.html), Ad-Aware (http://www.lavasoftusa.com/software/adaware) and PestPatrol (http://www.ca.com/products/pestpatrol).

Spyware and adware programs try to infect users' computers without their knowledge. One tactic is to prey on users' ignorance by bundling their programs with free software that users download from the Internet. No one would intentionally download these programs, so the spyware or adware is bundled with a free, useful program. This practice is rife in file-sharing programs, the backbone of many music-swapping applications.

Here's how the scheme typically works. Free software is downloaded, and an End User License Agreement (EULA) appears in a dialog box. Often, this is lengthy and convoluted legalese that must be agreed to by clicking the dialog box's "Agree" button to begin the downloading process. Many, if not most, users will skip over the legal mumbo-jumbo and click the "Agree" button without fully reading the EULA.

Users should be aware of warning phases in EULAs that may signal the presence of spyware and adware, such as "we may make your information available to third parties" and "you agree to allow third-party software to be installed into your computer."

This EULA verbiage can give the company permission to include the spyware or adware along with the free program. This "permission tactic" lends legal legitimacy to the practice, but the reality is that few users will read or understand the ramifications of the EULA.

A more sinister technique includes sending spam with an executable file (a file with an .EXE extension) attached. When the user double-clicks it, adware or spyware is unleashed. Another alarming technique is when malicious software code is embedded into a user's web browser when he or she simply visits a website or clicks a pop-up ad window. Many hackers use these techniques to exploit security holes in older versions of the Microsoft Internet Explorer web browser.

As an Internet businessperson, you need to be aware of adware and spyware. Not only must you protect your own Internet activities from this malicious software, you should realize that its use is considered an unethical practice that can damage your company's reputation and expose your company to litigation risks.