Spyware, malware, phishing, and other threats abound in the online world. What can you do to protect yourself and avoid the attacks? Read up on ways to protect yourself and your computer. This article first appeared in Law Technology News, February 2005.

by Catherine Sanders Reach, MLIS

On a bright afternoon, Susie Smith browses the Web, and is surprised by a purported Windows dialog box informing her that the computer is rife with spyware. A dialog box offers a free scan to clean up the allegedly-errant computer. Susie clicks O.K. Once the scan is complete, showing hundreds of spyware files deleted, the site offers to sell the product. She eagerly accepts the offer, downloads the software and installs it, and attempts to re-boot.

Alas, the system will not re-boot and the Susie is left trying to figure out what went wrong. What went wrong is the reality of computing today. In addition to hackers, viruses, worms, Trojans, and spam, we are now faced with malware, spyware, adware, and phishing as we try to simply complete work and daily tasks.

Kevin Mitnick, the infamous hacker, used "social engineering" to get passwords and other information to break into the systems of companies such as Nokia, Sun Microsystems, and NEC USA Inc. He simply called a random person in the company, posed as an IT or HR employee, requested their password and voila.

Many of the new threats to computer users today employ a computerized version of social engineering, tricking the user into downloading a file, answering questions from their financial institutions, or paying for bogus products. While many people are aware of phishing from media coverage, the threats from spyware and adware continue to mutate and profligate.

Spyware and adware create much havoc. They may generate pop-up ads that blockers cannot squelch; they can alter web browser home pages; hijack search requests to send users to bogus search engines; log key strokes; slow down computing to a halt; and possibly steal your identity.

Some are merely irritating, some are illegal, and all are to be avoided. Adware and spyware often prey on users of Microsoft Windows operating systems, including the Microsoft browser Internet Explorer. However, it is not always possible to make a wholesale switch to a different browser or operating system. What can you do to avoid spyware and adware?

Social Engineering

First, be aware of social engineering techniques to trick you into downloading files or passing on information for unintended use.

Read all license agreements, privacy policies, and fine print.

Do not download software from illegal file sharing sites, as spyware is often bundled with the download.

Avoid "over 18" sites.

Do not provide personal information to anyone unless you have checked the validity of the request.

Do not download viewers from websites that you do not recognize, even if it says that the website will not work without it.

If a dialog block appears, look at it carefully before taking action. Spyware and adware purveyors craft these boxes to appear as if they are legitimate, adding a small, lightly colored "advertisement" notice in the corner.

Practice due diligence, check the Better Business Bureau or do a Google search to see if the company is reputable.

Do not click on pop-up ads or blinking ads. If you feel like the product/service may be useful then search the web to find the website.

Software Help

Second, obtain software to help monitor and eradicate the problems. There are hundreds of programs that purport to help battle adware and spyware. Unfortunately, many of these programs are either ineffectual, contain spyware, or as in the cited example delete key components of the registry that render the computer useless. Eric Howes, a University of Illinois at Urbana-Champaign library science graduate student analyzes anti-spyware utilities at SpywareWarrior , compiling a list of rogue and suspect anti-spyware products and websites.

There are a few, well-known systems that can be trusted. Unfortunately, you may have to run two or three programs simultaneously to eradicate all the spyware and adware threats. When looking for a program, whether free or fee, look for features such as ongoing/updated definitions and monitoring to protect you from known threats as they attempt to install.

Some of the programs that have been touted in the computing press are free, some available for a small cost. Two of the products that have received approbation all around are Spybot Search and Destroy and Ad-Aware. Spybot is free, while Ad-Aware offers free and fee versions of the software.

Microsoft has a new anti-spyware product in beta called Microsoft Antispyware, developed by Giant Software Co. Reviews of the new Microsoft product have been favorable, and the product will be available on a subscription basis.

Other honorable mentions include Spysweeper and eTrust PestPatrol .

Regrettably, with all of these programs you run the risk that they could remove "good" cookies, delete registry keys, or disable certain functions. Always create a back-up to make sure you can restore your system. Congress (as well as state legislature) is looking at ways to solve the adware/spyware problem with legislation, including the Spyblock Act, the SPY ACT and I-SPY Act, but as with viruses and spam, computer users will have to continue to be wary and protect themselves from these privacy threats.

* Mention of a company, product, or service does not indicate endorsement or support by the American Bar Association or the authors.