Warding off PC spies

More than 400 software programs are believed to be infected with "spyware,"

malicious code that hides on your computer and watches what you do, without

your knowledge or explicit permission, and collects personal information

about you and your use of the Internet.

Often, companies are the ones collecting this information for the purposes

of targeting their advertising. Such information is valuable because getting

the seller's message to the people who are the most likely to buy a product

increases the value of advertising dollars.

Any program that uses HTML — including e-mail programs, word processors,

Internet Relay Chat software and so forth — can be infected with spyware.

When used with e-mail, spyware allows the linking of addresses with profiles

of individual users.

In this way, Internet surfing patterns can be linked to e-mail addresses.

Technology is intent-independent, and thus spyware could be used to collect

information for less wholesome activities than targeting advertising. Or

the information collected for targeting advertising could be appropriated

for nefarious uses.

Although each individual transaction may offer access to only a small

amount of information, it can be dangerous if it is your password or personal

identification number that is collected. Information could also be accumulated

to produce a dossier on you that you might wish were not in other hands.

The public outcry over RealNetworks Inc.'s monitoring of users through

a unique identifier assigned to copies of its software and DoubleClick Inc.'s

ability to correlate user profiles with user identities illustrates peoples'

displeasure and concern with invasive tactics.

Among the most insidious spyware are graphics called "Web bugs" that

are placed on Web pages. These tiny graphic images are only one pixel in

size, a mere dot on the screen, and are often the same color as the background

of the Web page, which effectively renders the bugs invisible.

When you request a Web page, these tiny spies come back along with all

the other graphics associated with the page. Code linked with the images

then collects your Internet Protocol address, operating system type and

version, browser type and version, and the last Web page you visited. It

also looks at the cookies stored on your workstation to ascertain your surfing

patterns.

Other Web bugs use Java-Script to collect information on applications

and devices installed on your computer. Unfortunately, simply turning off

cookies won't protect you. You have to turn off all graphics to prevent

the introduction of Web bugs. For most of us, that price is too high.

However, you can be selective about which companies you allow to place

cookies on your computer. You can delete junk e-mail without opening it.

You can use a proxy server. You should have a firewall; today, they are

inexpensive, easy to install and very effective. You can't protect yourself

100 percent, but you can take reasonable steps to control the information

that is captured by spyware.

—Ryan is an attorney, businessman and member of the George Washington University

faculty.