Your computer may not be as secure as you think, thanks to 'spyware'

greenspun.com : LUSENET : Current News - Homefront Preparations : One Thread

Monday, October 28, 2002

By Rick Chernitzer, Stars and Stripes Pacific edition, Tuesday, October 29, 2002

YOKOSUKA NAVAL BASE, Japan — Spies could be lurking through the corridors of your computer, taking note of what you type, where you surf and with whom you talk online.

They could be reporting this information to numerous companies and individuals, amassing huge secret files about you and your family.

And possibly the most galling thing about this is that you may have given them permission to be there.

“Spyware,” as they’re called in computer jargon, are tiny programs that bury themselves deep in the recesses of your computer, not taking up much space but playing Big Brother to everything you do online.

Kevin Monis, a network administrator at Yokosuka Naval Base, Japan, said these programs, supposedly used for market research, can be utilized for darker purposes.

“The potential is there,” he said. “From the standpoint of a terrorist looking for information, if they were able to easily break into something, they could see what measures the base is taking to respond to a specific attack.

“If you disrupt the base communications … while at the same time maybe physically attacking the base, it could just be a catastrophe.”

Monis said the base network takes “very strong protective measures” to ward off such intrusive programs. He declined to specify but said the measures are “along the lines of what every company should be doing.”

But for the most part, Monis said, programmers tend to be more interested in information they can market to others, selling it to companies that have interest in your Web-surfing habits.

“I call it dishonest,” he said. “You think you’re getting this, but in reality, you’re getting that and some other things you didn’t want.”

Spyware’s advent really took hold when computer users began demanding more from Internet sites they visited, Monis said.

“The users have demanded whiz-bang interfaces … nice gee-whiz kind of screens like you might see on CNN.com … people want to see real-time information on their screens,” he said.

Among the easiest ways to do this is to create programs that interact with the Web browser or software that allows users to access the Internet.

Programs are downloaded that tell the browser what to do. They also can instruct other parts of your computer to do things, such as keep a log of your keystrokes, access records of Web sites you’ve visited and send that information through your modem or other Internet connection to specific Web sites.

“So I give permission for this program to be installed, but I didn’t read the fine print where it says I said it was OK to track my demographics,” he said.

The programs also use your Internet connection to transmit the information back to whomever is asking for it. This transfer takes up your bandwidth, which can slow Internet access.

“That’s the most insulting part of it,” Monis said.

He said it doesn’t usually happen on computers with network firewalls, which restrict access by allowing only certain information to pass and only through particular portals, or electronic routes that allow access, either to Web sites or individual computers.

“You got a much better situation when you’re behind the firewall,” Monis added.

But breaching a firewall does happen occasionally, he admitted, adding that many computer users are unaware of the dangers these programs can present.

“The average person takes no precautions whatsoever,” he said. “They don’t know there are ways to protect themselves against some forms of these programs.”

The simplest is to adjust your browser’s security level, he said: “When you go to the Web sites that have this type of spyware, because your security is closed tighter, it won’t be able to get into your computer.”

Another defense mechanism, if you use high-speed access such as DSL, is a network router, Monis said. It masks your computer’s “IP address,” an identifying number every computer must have to be recognized and allowed to connect to the Internet.

“It’s not foolproof but far and away one of the easiest ways to cut down your exposure to malicious attack,” he said.

Users also can delete the tiny bits of information some sites leave on your computer to remember you, called “cookies.”

On the surface, they are very convenient, Monis admits: They remember certain settings, or your name, thus speeding time needed to get what you want from the site — but the information also could be used to target you.

“I’m guilty of it myself … I hate like heck to dump my cookies, even though it’s a good idea to dump them every one or two weeks,” he said.

“If people used just a little bit of caution, they wouldn’t have all these problems,” he added. “There are lots of bright people out there who are trying to crash through your front door.”

-- Anonymous, October 29, 2002


Moderation questions? read the FAQ