February 4, 2004 1:21 PM PST

Spyware cures may cause more harm than good

Related Stories

AOL fights spyware in coming software upgrade

December 2, 2003

'Spyware' steps out of the shadows

November 19, 2003

A secret war

February 24, 2003

Your PC's enemy within

June 26, 2002

PC invaders camp out in hard drives

April 18, 2002
Web surfers battling "spyware" face a new problem: so-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase.


What's new:
Web surfers battling "spyware" face a new problem: So-called spyware-killing programs that install the same kind of unwanted advertising software they promise to erase.

Bottom line:
Though the companies that fail to disclose this practice are facing an outcry from consumers and watchdogs, there is little people can do to defend their systems, security firms say.

More stories on this topic

Millions of computers have been hit in recent years by ads and PC-monitoring software that comes bundled with popular free downloads, notably music-swapping programs. The problem has attracted dozens of companies seeking to profit by promising to root out the offending software. But some software makers are exploiting the situation, critics allege, turning demand for anti-spyware software into a launch pad for new spyware attacks.

A small army of angry Web users has set up a network of Web sites where they post reports of anti-spyware programs said to prey on consumers by installing offending files. Some of these charges could get a hearing soon, as public-interest group The Center for Democracy & Technology plans to file complaints with the Federal Trade Commission against specific companies.

"If people feel as though their privacy has been violated by a company that claims to be protecting them, that clearly is an unfair and deceptive practice," said Ari Schwartz, an associate director of Washington-based CDT. "You would think that an anti-spyware company would hold itself up to the highest standards."

The boom in spyware, adware and other PC hijackers has led to increasing calls for regulation from lawmakers, including presidential candidate Sen. John Edwards, D-N.C., and from public-interest groups.

Many software makers have turned to advertising as a way to make money from consumers who are reluctant to purchase programs. The same approach has been taken by some anti-spyware companies, even though they promise that their products will root out unwanted advertising from others. But the failure of some to disclose their practices has raised the greatest outcry.

Like viruses, adware and spyware programs can sneak into a user's computer hard drive with little or no warning and can hide their tracks in ways that make it difficult for even the most sophisticated computer users to find and permanently delete.

As adware and spyware have spread, demand for applications that clean up infected hard drives has grown, drawing a large group of competitors eager to profit. More than 50 programs claiming to erase adware and spyware are available online, and many of these are offered as free downloads. Several major Internet service providers, including EarthLink and America Online, have also moved to provide spyware-removal applications to their subscribers.

But as these programs proliferate, some software makers face mounting criticism that their products install the very things they promise to defend against. Some anti-spyware companies have pointed fingers at rivals and have added competing programs to their list of applications that contain adware or spyware. These lists are used to identify and sweep out offending software during anti-spyware scans.

Keeping track of spyware
One such tool facing allegations of abuse is SpyBan, an anti-spyware program that has been downloaded some 44,000 times in the last four months, according to Download.com, a software download site owned by CNET Networks, the publisher of News.com. Download.com removed the software this week, noting that SpyBan had failed to disclose and explain all the software components included in its installation, a violation of the Web site's policies.

Numerous competing anti-spyware companies, including Spybot-Search & Destroy parent PepiMK Software and Sweden-based Kephyr.com, have identified SpyBan as a potential source of unwanted spyware--notably a program listed by many spyware cleaners as Look2Me. Download.com had also independently warned that Look2Me might be installed along with SpyBan.

"I classified SpyBan as a Trojan Horse, since it gives the impression that it will protect your privacy, but does the opposite--installs spyware," alleged Kephyr's Roger Karlsson in an e-mail interview.

A CNET News.com test of SpyBan on Jan. 29 found that the software did remove some adware components but also confirmed that it led to the installation of a file that Spybot and security firm Symantec identified as Look2Me. Symantec lists Look2Me as a spyware application, while its rival PestPatrol defines the same application as an adware program.

"Look2Me is a spyware program that monitors visited Web sites and submits the logged information to a server," Symantec reports on its Web site. According to PestPatrol, Look2Me is categorized as "software that brings ads to your computer. Such ads may or may not be targeted."

Who is SpyBan?
Information and links on SpyBan's Web site disappeared late on Monday, following inquiries from a CNET News.com reporter. An e-mail to a generic "info" address at the SpyBan Web site elicited an initial reply, but the company did not reply to questions about its software.

Prior to going dark, the SpyBan Web site contained no information about its corporate parent, and the domain name database--Whois--that typically contains contact information for companies contained none for SpyBan.

A Look2Me license agreement found on a cached Google Web page identified Minneapolis-based NicTech Networks as the software's "owners/authors."

A trace of SpyBan.net's Web domain name late on Tuesday showed that the site was hosted at the same Internet address as NicTech Networks. The SpyBan e-mail also originated from that IP address. Repeated calls to NicTech were not returned.

A question of trust
The effects of spyware and adware programs vary. Some spyware programs run quietly in the background, sometimes capturing what a computer user types or what Web sites are visited. Some of these applications, which are called keystroke loggers, are so potent that they can record user names and passwords for the most closely guarded Web sites, including online banks.

Far more common are "adware" programs, which can operate unseen in the background. These periodically pop up windows with advertisements, change a Web browser's home page, install unwanted search toolbars or add bookmarks to a browser. Many of these software programs track Web surfers' habits online and send the data to their parent companies.

Security experts say it is difficult to keep up with spyware programs, which constantly shift their way of working inside a computer to evade detection and which generally contain many times more programming instructions than an average virus. The confusion is underscored by differences in how security firms describe specific programs.

"I doubt anyone knows precisely what these things do, apart from the authors," PestPatrol researcher Roger Thompson said. "They are really complex. Viruses are easy compared to these things."

There is little doubt that millions of PCs have been infected with spyware and adware programs.

A recent unscientific EarthLink survey gives some indication of the spread of the problems. The company offered its subscribers a free online spyware-scanning tool, similar to an antivirus scan program. In the course of 426,500 scans, EarthLink found more than 2 million adware files installed and more than 9 million "adware cookies"--a type of cookie that tracks people's surfing habits.

A few independent anti-spyware companies, such as Lavasoft's Ad-Aware and Spybot, have been around long enough and have been used by enough people to have gained a reputation as safe.

For the most part, Net experts warn consumers simply to be careful, to make sure that they trust the source of any software they install on their computers and to contact authorities such as the Federal Trade Commission if they think that their privacy has been violated.

"My first advice, if you get spam advertising a piece of software: You should really think twice before downloading that program," the CDT's Schwartz said.


Join the conversation!
Add your comment
Lied to again, Surprised?
Should it really surprise us that software companies would use our fears against us, make us purchase their software, and attempt to hide the truth about what there software really does to our computers? In an age where our fears have been used against us to hide many lies and deceptions, we shouldn't be surprised. After all, SpyBan was just following the most excellent examples of Enron, Tyco, Halliburton and the Whitehouse.

SpyBan was obviously caught with its pants down, and that is why it has disappeared. Hopefully, in the future people will spend some more time researching software before they use it. Better yet, stop using Windows altogether, at least at home. As an IT Manager, I am so happy when my users have Macs at home or on the road, because I know they won't be plagued with Spyware, Adware, Viruses, and Trojan Horses. Furthermore, I know they won't be propagating those things through the rest of the network.
Posted by (1 comment )
Reply Link Flag
then thay wonder why i cant stand the inter net!!!....every anti vires and trojan and adwere programs do this..thay all want to charge you something for there SO CALLED WORK to help you but all your info is going to a nother web sight to try to sell you something or your credit is real bad you have to make it right..it go's on and on ..no sight is right!!! thay work as a team to mess up your computer..clog it down with there trash!!! and to make it look like the user is at falt!!! and the sad thing is its been going on for YEARS!!!...all is hand in hand ..I have been on computers for years and rember running abasic and qbasic the first computer i had of my own was a commadore 14 computer you hooked up to your tv set...then i went on to the I.B.M.xt..commadore 128..amiga 500..up and up i went and the web got worse and worse..now i run a monster!!! of a system..that would be called a super computer..will it ever end???...how big and powerful do you have to be before you run the world???..
Posted by Robin DeArcos (31 comments )
Reply Link Flag
I recently noticed that it was taking 3 times longer for any video file to open on my PC. I also noticed network traffic every time I opened a video file. I traced the activity to the 'Cloud' Data collection comapany' called Akamai. I deleted, removed, and uninstalled anything I could think of that could be the culprit but the activity continued. I put Akamai on my Trend Micro Titanium Internet Security 'block' list, but it wouldn't block the connection to Akamai. Then, the light bulb went on. I turned off my Trend Micro and guess what; video files opened quickly and normally, and there was no network traffic. Trend Micro is obviously the culprit here. I am outraged and am awaiting an answer from them now.
Posted by richunderstans2 (4 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.