September 04, 2003
Heart of Darkness, on a Desktop
KATIE HAFNER with MICHAEL FALCONE, New York Times, report:
[..] The alien programs extend well beyond viruses and worms - so named because of the way they spread, as the most familiar carriers of malicious code - to new categories known as spyware and adware. Indeed, the number of home PC's that are infested with alien software that comes in over the Internet and installs itself without the knowledge or consent of the PC user is increasing at an alarming rate.
Richard M. Smith, a computer security expert in Brookline, Mass., estimates that one in every two Windows computers has unsolicited software lurking within. [..]
Vulnerabilities in Microsoft software have only made matters worse. People who use the Macintosh or Linux operating systems are safer, as are those who use Netscape Communicator. Some spyware exploits security holes in Internet Explorer, both because it has more flaws, said Mr. Smith, the computer security expert, and because it is the most widely used browser on the market. [..]
Mr. Kibler's wife, Stephanie, said that it was hard to keep up with all the new threats, and that computer companies did not make it simple enough for the average user to deal with problems like the ones that afflicted her family's machine.
"When you give someone the car keys, you also teach them how to drive," she said. "How could you expect regular everyday users to be able to figure this out The expectation is not reasonable."
The Kiblers of Santa Clara, Calif., thought they were doing everything right. Bill Kibler, a product manager in Silicon Valley and the unofficial system administrator for his family, was nothing short of diligent about running antivirus programs. He had also erected a software firewall to shield his computer from intruders, and he regularly downloaded patches to inoculate his PC when he heard about new viruses.
But over the course of six months this year, the Kiblers noticed their computer displaying some odd behavior. The automatic weekly scans by Norton AntiVirus mysteriously stopped, and when Mr. Kibler tried to run the software manually, the program would shut down before he could execute commands.
By the middle of the summer, the Kiblers' computer had grown so phlegmatic that the family considered replacing the machine, a powerful Compaq desktop of recent vintage, with a new one.
After many hours of computer forensic work performed by a friend, it turned out that a virus program called Klez was sapping the computer of 90 percent of its processing power. Adding to the burden was a host of strangely named files discovered on the list of programs installed on the hard drive. All of them had entered the machine from the Internet, producing a blizzard of pop-up ads.
The Kiblers' experience is hardly a rarity. More and more PC owners are discovering software lurking on their computers that they had no idea was there - software that can snoop, destroy or simply reproduce itself in droves.
The SoBig and Blaster worms that have been invading computer systems worldwide for several weeks are slowing down. But the two intruders left behind software that could linger undetected for months.
"Both SoBig and Blaster have components that are actively trying to communicate or reach out to master servers without the knowledge of the user," said Vincent Weafer, a senior director at Symantec Security Response, part of the software company that makes Norton AntiVirus.
The alien programs extend well beyond viruses and worms - so named because of the way they spread, as the most familiar carriers of malicious code - to new categories known as spyware and adware. Indeed, the number of home PC's that are infested with alien software that comes in over the Internet and installs itself without the knowledge or consent of the PC user is increasing at an alarming rate.
Richard M. Smith, a computer security expert in Brookline, Mass., estimates that one in every two Windows computers has unsolicited software lurking within.
"I'm the official computer maintainer in my extended family, and I have seven computers to keep up and running," Mr. Smith said. "With the exception of my computer, they've all been whacked." He was spared, he says, only because of his extreme vigilance.
The programs hide in the recesses of the machine and seldom announce their presence. They can enter the machine by way of a virus that has attached itself to an incoming file. Or they can be downloaded unawares by simply clicking on, say, a pop-up ad. Mr. Smith said such assaults were called "drive-by downloads."
"These programs are small and can be downloaded within seconds on a broadband connection," he said. "Once it's started, there's no way to stop it."
Until symptoms appear, the user knows nothing of the unwanted software's presence. Spyware, which may piggyback on another downloaded program, often operates in the background, sending information back to a remote site and displaying pop-up ads tailored to the user's online habits, or harvesting e-mail addresses to sell to spammers.
Adware is similar but more benign, or at least better encased in euphemism; its defenders say that it is something that consumers consciously agree to download. More insidious programs, perhaps better described as annoyware, redirect the computer's browser to pornographic Web sites, often to pump up those sites' traffic figures or commandeer the machine's modem to dial 900 numbers at the computer owner's expense.
PC owners are just beginning to become aware of the extent of such lurkware, and antivirus companies are beginning to expand their products to notify users of its presence.
McAfee Security, a division of Network Associates that makes antivirus products, estimates that 60,000 viruses are in circulation, and some experts say that perhaps 200 new ones are created each month. No comparable figure is available for spyware and adware, said Bryson Gordon, a senior product manager at McAfee, but their growth has mirrored the surge in spam and in music-file-sharing programs like Napster and KaZaA, which link the hard drives of thousands of users into something resembling one big co-op.
Spyware programs are easier to create than a virus, Mr. Gordon says, and some Web sites even offer spyware and adware toolkits.
Some software requests the user's permission before installing itself. Such is the case with the Gator Corporation, a company in Redwood City, Calif., that delivers Web advertising to people who click on an end-user license agreement in which they agree to receive the ads in exchange for a free program. This can include Gator's own e-wallet (a program that automatically fills in Web forms with log-ins and passwords), the downloadable DivX video player or a simple calendar program.
About 100 million copies of Gator have been downloaded to date, said Scott Eagle, chief marketing officer at Gator. He and other Gator officials make a point of insisting that their product is adware, not spyware, and that the distinction is crucial.
"Spyware is stuff that you don't know how it got on your computer and it doesn't add value," Mr. Eagle said. "It could be a program that's specifically designed to seek out information like credit card information or e-mail information but you have no idea how you got it, there's no permission and there's no way of removing it."
Adware, on the other hand, Mr. Eagle said, is something that consumers agree to download. Once Gator is installed, it tracks a user's Web travels and delivers what he called "highly relevant, highly branded" ads. "Users are very much aware that they have this ad-supported software on their computer,'' Mr. Eagle said.
Yet the line between informed consent and naïve clicking can be thin. Although Gator requires permission from users before it is downloaded, people often have no recollection of having agreed to its terms.
One of the programs Mr. Kibler had on his computer was Gator, which he did not recall having consented to.
Lavasoft, a company in Sweden that makes security software, sells a popular program called Ad-Aware, which alerts users to the presence of programs like Gator, as well as others that track Web browsing habits and collect information to use for targeted advertising.
Mike Wood, a spokesman for Lavasoft, said that most PC users fail to take the time to understand exactly what was being downloaded to their machines and frequently click straight through the fine print of end-user license agreements.
Those who fight spyware and adware engage in escalation wars similar to the ones facing antivirus companies. No sooner do Lavasoft and others discover a new form of adware and spyware than the makers of such software turn around and develop another one.
"It's turned into something of a minor cold war," Mr. Wood said.
Mr. Kibler suspected that his 14-year-old daughter, Carly, and her frequent use of the free version of KaZaA, known for installing adware on people's computers, might have had something to do with the problem.
"The minute you install KaZaA you have three or four questionable things on your computer," Mr. Smith said.
In the end, the Kiblers theorized that the troubles may have originated with a program attached to one of Carly's MP3 files. Or it could have been a malicious file sent as an e-mail attachment and downloaded accidentally by any member of the family.
Douglas Berman, a computer specialist in Berkeley, Calif., who works in health care, said he noticed a few months ago that whenever he used his home PC to do a search on Google, a different screen appeared underneath the Google page. The unsolicited page offered up an entirely different set of search results, all of them ads thinly disguised as Google pages.
When Mr. Berman examined the contents of the machine more closely, he found a half dozen or so Gator files on the hard drive.
The Berman family computer resides in the kitchen, perhaps the most heavily trafficked room in the house. Not only do Mr. Berman, his wife and their 10-year-old daughter use the computer, but visiting neighbors, relatives and house guests often gravitate to it as well.
Although Mr. Berman has no doubt that someone at some point gave permission for the software to be installed, he wanted it off the computer.
"I'm not conscious of any benefit I'm getting from having it," he said. "Then there's the question of, 'What's it opening the door for' " With a few simple instructions from Gator, Mr. Berman was ultimately able to remove the software that created the Google look-alike pages.
Todd Jones, a senior at the University of California at Berkeley, also found himself plagued by spyware. The programs reconfigured his computer, changing his toolbars and installing new favorites in his browser and shortcut icons on his desktop, all of which linked to adult Web sites.
"I thought that in order for you to have a program on your computer, you had to install it yourself," Mr. Jones said. "Now I know that's obviously not true."
Vulnerabilities in Microsoft software have only made matters worse. People who use the Macintosh or Linux operating systems are safer, as are those who use Netscape Communicator. Some spyware exploits security holes in Internet Explorer, both because it has more flaws, said Mr. Smith, the computer security expert, and because it is the most widely used browser on the market.
Microsoft officials say it is not the holes in its software but the people who write spyware and viruses that are the problem. The end user, they say, is ultimately responsible for what gets downloaded onto a hard drive.
"We need to do everything we can to make our software more secure than it is," said Amy Carroll, the director of product management in Microsoft's security business unit. "We are constantly addressing the core software. But the Internet is a really powerful tool, and there are bad actors out there who will take advantage of that."
The antivirus companies, meanwhile, are adding to their quarry. The latest version of the Norton program, called Norton AntiVirus 2004, scans for a host of so-called "expanded threats," or security threats that are not necessarily viruses. The new Norton program also scans for adware like Gator.
And last month, McAfee released a version of its VirusScan software that includes spyware and adware detection. Since then, the program has found that results from 660,000 computers using the new version showed spyware on 20 percent of the machines, said Mr. Gordon, the McAfee product manager.
But that kind of help came too late for John Harrington, a semi-retired communications consultant in Fairfax, Va.
All the recent news about the Blaster and SoBig worms prompted Mr. Harrington to run his McAfee program. It identified not those particular scourges, but nearly a dozen others, with names like adware-wind.dr.
The McAfee program was unable to delete the files, and a call to the support line did no good.
"She asked me if I had heard of spyware or adware, and I said no," Mr. Harrington said.
Mr. Harrington eventually downloaded the Ad-Aware program from Lavasoft, and it removed the files.
"I was surprised they were on my computer because I thought I had perfect protection through McAfee," he said.
Even with the additional help, people feel overwhelmed by the abundance of software they have not asked for, especially when it comes to monitoring, managing and safeguarding against it.
Mr. Kibler's wife, Stephanie, said that it was hard to keep up with all the new threats, and that computer companies did not make it simple enough for the average user to deal with problems like the ones that afflicted her family's machine.
"When you give someone the car keys, you also teach them how to drive," she said. "How could you expect regular everyday users to be able to figure this out The expectation is not reasonable."
Copyright 2003 The New York Times Company
dfdgsdfg
Posted by: at November 27, 2003 05:44 AM