Consider my septuagenarian father-in-law Exhibit A in the battle against spyware the malicious software that operates on a computer without the user's informed consent. This past holiday season, I emailed him a link to the Apple Store, so that he could buy his beloved son an iTunes gift card. But when he clicked on the legitimate link, his computer took him to another website, where he forked over $40 for a $15 card. (He did actually get the card, but at an illegitimate $25 premium; Apple ships for free.)
Although my father-in-law is fairly new to computing, plenty of sophisticated surfers are falling prey to wide variety of spyware applications, according to the State of Spyware report released today by Webroot Software, the manufacturer of a leading anti-spyware application. Its survey of U.S. businesses found that over half of respondents had a spyware disruption resulting in lost revenue, and that 2005 was the worst year on record for data security losses. Webroot identified more than 400,000 sites last year that hosted spyware, and found that 30.5% of spyware exploits originated in the U.S., followed by China, at 30.3%.
Spyware can operate in a variety ways, from the annoying to the nefarious: It can generate pop-up ads and record which ones are clicked on; it can redirect searches; it can monitor a user's keystrokes in order to steal passwords and financial details.
Spyware usually gets onto a user's computer by hiding behind other software downloaded from the Internet. "The first ones we saw were attached to end-user license agreements,"says David Perry of Trend Micro, a computer security services provider with a presence in 26 countries. "You were unwittingly agreeing to it [by not reading the agreement]. But the vast majority of spyware today is installed entirely without your knowledge."
Technology analyst firm IDC estimates that two thirds of all PCs are infected with some kind of spyware. It's easy to check yours: a number of web sites, such as lavasoftusa.com, offer free scanning and removal of spyware. Microsoft is getting into the anti-spyware game, too, and its new technology is free during the testing period.
Of course the best cure, in computing as in health, is preventionstopping the stuff from ever being installed on your system. The National Cyber Security Alliance recommends that all computer users have a secure firewall, anti-virus and anti-spyware protection. And yet an alliance study, conducted last December in conjunction with AOL, found that 81% of home PCs were missing at least one of these three security components. Four in 10 lacked spyware protection.
IDC estimates anti-spyware revenues will skyrocket to $305 million in 2008, up from just $12 million in 2003. As companies rush to cash in on this booming market, which one should you choose? PC Magazine editors' current highest ratings are for Webroot's Spysweeper, Lavasoft's Ad-Aware Plus and PC Tools' Spyware Doctor, all priced under $30.
Whatever you do, watch out for spyware that's pretending to be anti-spyware. There are some 200 rogue anti-spyware applications out there, says Webroot CEO David Moll. Surreptitious software hijacks a user's computer, then pops up a little boxlooking for all the world like it's been generated by Microsoftwarning the computer has been infected. It then asks the user to click on a link to download anti-spyware. The money goes into the rogue's pocket, and the computer is still sick. "That's as sneaky as it gets," says Moll. "Spyware is advancing in sophistication, and is playing on weakness in the user. There's still a relatively low adoption level of anti-spyware products, and that means there's a tremendous opportunity out there for the bad guys."