Warding off PC spies
- By Dan J. Ryan
- Aug 07, 2000
More than 400 software programs are believed to be infected with "spyware,"
malicious code that hides on your computer and watches what you do, without
your knowledge or explicit permission, and collects personal information
about you and your use of the Internet.
Often, companies are the ones collecting this information for the purposes
of targeting their advertising. Such information is valuable because getting
the seller's message to the people who are the most likely to buy a product
increases the value of advertising dollars.
Any program that uses HTML — including e-mail programs, word processors,
Internet Relay Chat software and so forth — can be infected with spyware.
When used with e-mail, spyware allows the linking of addresses with profiles
of individual users.
In this way, Internet surfing patterns can be linked to e-mail addresses.
Technology is intent-independent, and thus spyware could be used to collect
information for less wholesome activities than targeting advertising. Or
the information collected for targeting advertising could be appropriated
for nefarious uses.
Although each individual transaction may offer access to only a small
amount of information, it can be dangerous if it is your password or personal
identification number that is collected. Information could also be accumulated
to produce a dossier on you that you might wish were not in other hands.
The public outcry over RealNetworks Inc.'s monitoring of users through
a unique identifier assigned to copies of its software and DoubleClick Inc.'s
ability to correlate user profiles with user identities illustrates peoples'
displeasure and concern with invasive tactics.
Among the most insidious spyware are graphics called "Web bugs" that
are placed on Web pages. These tiny graphic images are only one pixel in
size, a mere dot on the screen, and are often the same color as the background
of the Web page, which effectively renders the bugs invisible.
When you request a Web page, these tiny spies come back along with all
the other graphics associated with the page. Code linked with the images
then collects your Internet Protocol address, operating system type and
version, browser type and version, and the last Web page you visited. It
also looks at the cookies stored on your workstation to ascertain your surfing
Other Web bugs use Java-Script to collect information on applications
and devices installed on your computer. Unfortunately, simply turning off
cookies won't protect you. You have to turn off all graphics to prevent
the introduction of Web bugs. For most of us, that price is too high.
However, you can be selective about which companies you allow to place
cookies on your computer. You can delete junk e-mail without opening it.
You can use a proxy server. You should have a firewall; today, they are
inexpensive, easy to install and very effective. You can't protect yourself
100 percent, but you can take reasonable steps to control the information
that is captured by spyware.
—Ryan is an attorney, businessman and member of the George Washington University