Such programs, called spyware, run on your PC behind the scenes and perform a range of functions, from the nasty to the merely annoying. Some versions of spyware, called adware, monitor surfing habits and report back to advertisers; others insinuate themselves as browser toolbars and deliver "search results" that favor marketers. And then there are the keyloggers, which are designed to record your keystrokes as you type, potentially collecting your bank account passwords and credit card numbers and transmitting them back to a central server. "The amount of spyware out there has grown significantly, and it's gotten more malicious, and trickier to stop," says Forrester analyst Natalie Lambert.
According to research by the Pew Internet & American Life Project, 43% of home Internet users, or 59 million American adults, have had spyware or adware on their home computer; 68% reported at least one computer problem in the last year that was consistent with those associated with spyware or viruses.
Aluria, a security software manufacturer owned by Earthlink, recently found dozens of examples of holiday-themed websites that either directly or indirectly distribute spyware. "Sites offering 'holiday downloads' are rife with this stuff," says Aluria vice president Rick Carlson.
It's not always the website's doing. Sometimes it's an advertiser that delivers spyware through banner ads or pop-ups, and you'd only get infected if you take that bait. Sometimes hackers embed spyware traps in a website's code. But it's also not uncommon for spyware to ride into your machine on the back of something you actually wanted, nor is it uncommon for the offending programs to be mentioned by name in the end-user license agreement—something you have to agree to before proceeding. (Kazaa, for example, was notorious for bundling spyware with its popular file-sharing program.) "Who's going to read a 65-page EULA?" Lambert says. "It's not going to happen."
Even the most benign spyware isn't healthy for a PC. It tends to conflict with other applications and otherwise weaken performance. Here's how to protect yourself:
1. Beware of pop-up ads that ask you to "click here." Just clicking on a link embedded in an ad can trigger a spyware download and installation, a delivery method known as a "drive by".
2. Bump your browser's default security settings from "medium" to "high" or higher. This way you'll receive an alert any time you're about to download something, which will give you a chance to back out before the damage is done. In Internet Explorer, select Tools from the top menu; under Internet Options, choose Security, then Custom Level.
3. If you're playing around with something online and a security warning pops up, take it seriously. Read the dialogue box. "OK" isn't always the best answer for everything.
4. Many free downloads are aimed at kids, so if you have some, consider making this a rule of the house: no downloads without your approval.
5. If you are asked to fill out a form in order to get that screensaver or play that game, know that in doing so, you are probably adding yourself to a spam list. Consider creating a second email account (there are many free Web-based services to choose from) and put that address on these forms to deflect unwanted email from your primary account. This is also helpful if you are an avid online shopper.
6. Install an anti-spyware program like Spyware Doctor or Spy Sweeper that not only seeks and destroys offending programs, but also detects incoming spyware before it loads and blocks it. If your PC starts acting funny, run a system scan and remove any suspicious files. If you are an active Internet user, set your anti-spyware program to do a full system scan at the end of each day.
7. Before you purchase an anti-spyware program, check whether your Internet service provider offers one. If so, you probably just have to activate it. (Go to the vendor's home page and look under Security.) "If your ISP doesn't offer it now, it probably will soon," Lambert says. You can also download Microsoft's Windows AntiSpyware program, an early version of the upcoming Windows Defender, by clicking here.