HOME BUILDERS ARE NOT KNOWN FOR their affinity for computers, but they still need to care enough to protect their machines from spyware, an insidious type of software that can invade a computer without a user's knowledge and create all kinds of confusion and unpleasantness.
The problem is a common one. Many builders we've talked to have experienced serious slowdowns or have had to scrap their computers altogether because of spyware invasions. Even some of the most tech-savvy users were unaware of the issue and unsure how to guard against such attacks.
The Gartner Group, a leading information technology consulting company in Stamford, Conn., defines spyware as software that spies on a user's Web activities through a combination of cookies (software that lets Web sites keep track of users and their preferences), files, and processes that are placed on a user's PC through a browser such as Microsoft's Internet Explorer. The spyware then reports this information back to Internet sites and often interferes with the user's browsing experience. In numerous cases spyware so thoroughly infects a user's PC that the machine becomes unusable or even unfixable.
The truth is that anyone browsing the Internet on a personal computer with Internet Explorer is a potential target. Most spyware seeks to exploit vulnerabilities in Microsoft Windows and Internet Explorer, the most popular operating system and browser, respectively, and the low-cost computing options used by many home builders. Mac users are not immune, but they are much less vulnerable.
According to the Spyware Research Center managed by Giant Company Software, in Redmond, Wash., spyware ranges from adware, covertly installed by online advertisers, to extremely malicious key loggers, which record all the keystrokes made by a user. Adware can generate a stream of unsolicited ads and pop-ups that can clutter a PC desktop and affect productivity. The goal of the key logger, meanwhile, is to steal credit card, bank account, and other personal or corporate financial information. Browser hijackers—intrusive programs that change a user's Web browser settings, altering designated default start and search pages—are also a form of spyware.
“It got really bad about five or six months ago,” says Geoff Meiteen, president of Master Builder, a custom home builder in the Austin, Texas, area that depends on three stand-alone PCs in a home office. “We got inundated to the point where our systems couldn't function, so we brought someone in to run sweep software.”
Meiteen says he paid about $150 to have a local information technology (IT) consultant clean out the system. Now, Master Builder uses shareware (free software available on the Internet) from Spybot Search & Destroy and Lavasoft's Ad-Aware 6.0 to help manage spyware. The company also added Norton Internet Security, which protects the company from common viruses, spam, and hacking attacks.
Some other builders have taken action as well. John Pizzo, a consultant who manages information technology for Artery Homes in Bethesda, Md., installed Spybot Search & Destroy shareware on all of the company's 50 PCs.
“The best way to think about it is this is where we were with viruses a couple of years ago,” says Pizzo, adding that when an Artery computer user complains that a computer has slowed down or is inundated with pop-up ads, the anti-spyware shareware does a good job of identifying and cleaning out the files and programs that don't belong.
“For the most part, the Spybot protects the users pretty well,” Pizzo says. “We're kind of on a budget, so for now, this works well.”
Corporate SpywareExecutives at big builders who think spyware is a threat only to small companies and home users need to take a closer look.
“Spyware has become a huge corporate IT issue,” says Lydia Leong, a Gartner Group analyst who specializes in security and spyware issues. “Cleaning out spyware and adware alone takes 25 percent of an enterprise's help desk time today.”
Leong says large builders with corporate IT departments need a multitiered solution that includes a desktop anti-spyware product, a personal firewall, and a gateway URL filter. Users running PCs on a network with a gateway URL filter receive “denied access” messages when they attempt to browse a site that is classified as having spyware. The two URL filters most consultants recommend are from Websense and SurfControl.
Mark Piccolo, director of information systems at Maronda Homes, based in Pittsburgh, says the company signed on with a 500-user license of SurfControl about a year ago for the company's internal users.
“Some of our employees got hammered with spyware to the point where it would make the machines not function,” says Piccolo. “It would take our techs hours to clean it, they would have to wipe out the hard drive and reload the operating system. ... It put the employee out of commission plus a help desk person.”
Piccolo says SurfControl let Maronda create an ongoing “white list” of acceptable Web sites. If an employee wants to access a Web site that is not approved, the employee can ask management to review the site and determine whether it's business related.
Maronda also set up a proxy server last August for remote users in which supers and salespeople are routed from their PCs to a server in Maronda's corporate office that runs them through the SurfControl filter and then out to the Internet. Now, all the company's 800 users are covered by SurfControl. The firm also uses Spybot Search & Destroy for internal users and Ad-Aware on the local hard drives of external users. Maronda has set up a PC server to run nightly anti-spyware sweeps of all the internal and external PCs.
Staying InformedSpyware takes many builders by surprise. The industry is so busy right now that keeping abreast of fast-moving computer security issues is not on the front burner for most builders. Meiteen says spyware caught him unaware and that he didn't really know about the invasive software until it became clear his computers had problems.
For those who want a better understanding of spyware, Eric Howes, an anti-spyware activist who's posted one of the more helpful anti-spyware sites, https://netfiles.uiuc.edu/ehowes/www/, says there are two main ways spyware infects a PC: through a bundled install or via an automated online installation.
In a bundled install, a user decides to download a file-sharing program such as Kazaa and as he or she clicks through the user agreements, Kazaa installs a host of other programs, including the spyware. An automated online installation is spyware that's installed at a Web site the user visits. Typically, the spyware is hidden in an innocuous plug-in prompt the user receives, supposedly to use the application on the site, or worse, users may not see the prompt at all. The worst offenders are music lyric sites, porn sites, and gaming sites.
“The best advice I can give people is to check end-user licenses and privacy policies,” Howes says. “Most people just click through those things thinking they don't have to read every word. Users will know there's a problem right away because they'll see pop-up ads and additional tool bars and search bars to Internet Explorer.”
On the legislative front, federal spyware legislation failed to pass in 2004. A spyware bill passed last year in the House but stalled in the Senate. The bill aims to make spyware that hijacks a user's home page or tracks keystrokes illegal. The legislation also requires spyware programs to be easily identifiable and removable and allows for the collection of personal information only with the consent of the user. It also authorizes the Federal Trade Commission (FTC) to investigate violations of the law and impose fines of up to $3 million in the most serious cases. Expect Congress to take up the spyware legislation again during the first half of 2005.
The government will do its part to combat spyware by setting reasonably tough laws and prosecuting the bad guys, as exemplified in the FTC's recent case against high-profile spammer Sanford Wallace and his two companies, Seismic Entertainment Productions and Smartbot.net.
Builders, of all people, know, however, not to wait around for the government to do the job. Spyware has become so ubiquitous on the Net that builders have to be proactive. Our advice: Educate yourself, stay informed, and take steps to routinely scan and sweep out spyware (see “How to Beat Spyware,” above). It may take another two years or so before the computer industry catches up to the bad guys.
How To Beat SpywareHere are some tips on protecting your computers from spyware:
Download Anti-Spyware Programs On Your PC. The two widely recommended sharewares are Spybot Search & Destroy (www.safer-networking.org) and Ad-Aware (www.lavasoftusa.com). Lavasoft sells Ad-Aware SE Professional for $39.95; Spybot's product, which offers enhanced services such as analyzers and updates, is free, though the company does ask for donations. Another good program is Webroot's Spy Sweeper, which costs $29.95. (For information, visit www.webroot.com.)Use At Least Two Anti-Spyware Programs. Currently, the people distributing spyware on the Internet are winning, so you have to act accordingly. The best bet is to use at least two anti-spyware programs. We recommend spending the money on Spy Sweeper or SE Professional and using it in combination with one of the free shareware programs. Run each program at least once a week. When you run scans, most of the hits will be tracking cookies, which are fine to delete, but look especially to delete full files and registry keys. The registry keys install settings information to the Windows registry that lets spyware programs operate.Update Your Operating System And Web Browser Software. Download the free software patches offered by Windows. Some are designed to close holes in the system that spyware could exploit.Download Free Software Only From Sites You Know And Trust. It can be appealing to download free software games, peer-to-peer file-sharing programs, customized toolbars, and other programs that may change or customize the functioning of your computer. But be aware that some of these free software applications bundle other software, including spyware.Set Your Browser Properly. Make sure your browser security setting is set high enough to detect unauthorized downloads—for example, use at least the “medium” setting for Internet Explorer.Be Careful What You Click On. Don't click on any links within pop-up windows. If you do, you may install spyware on your computer. Instead, close pop-up windows by clicking on the “X” icon in the title bar. Also, don't click on any links in spam that claim to offer anti-spyware software. Some software offered in spam actually installs spyware.Start Using An Alternative Browser. Many of the spyware attacks exploit vulnerabilities in Microsoft's Internet Explorer. Check out the free browsers at www.mozilla.com or www.opera.com, or just go back to using Netscape's browser. Most Web sites support Netscape, but many e-commerce and banking sites don't yet support Mozilla and other alternative browsers. Also, don't try to uninstall Internet Explorer if that's your main browser, because it's tightly coupled to the Windows desktop operating system; just launch the new browser from your desktop. It's fine to set the new browser as your default browser.Watch Out For Rogue Anti-Spyware. There's a lot of questionable so-called “rogue” anti-spyware software out there—even software that, in certain cases, has been known to release spyware attacks. If you're not sure about a product, visit www.spywarewarrior.com/rogue_anti-spy ware.htm. The Web site has a list of anti-spyware software to avoid and, better yet, lists the most reputable anti-spyware software. And as a general practice, take the time to read the end-user license before downloading any software. If the license is hard to find or difficult to understand, think twice about installing the software.Sources: Builder, Federal Trade Commission
CHEAP TRICK: A common spyware scheme entails displaying a message that appears to be official business for a network administrator or an Internet service provider but is actually spyware. Never click on these messages; they are trying to trick you into giving their creators access to your computer.