ckerr4
09-04-2003, 09:45 AM
http://www.nytimes.com/2003/09/04/technology/circuits/04lurk.html?th
Heart of Darkness, on a Desktop
By KATIE HAFNER with MICHAEL FALCONE
THE Kiblers of Santa Clara, Calif., thought they were doing everything right. Bill Kibler, a product manager in Silicon Valley and the unofficial system administrator for his family, was nothing short of diligent about running antivirus programs. He had also erected a software firewall to shield his computer from intruders, and he regularly downloaded patches to inoculate his PC when he heard about new viruses.
But over the course of six months this year, the Kiblers noticed their computer displaying some odd behavior. The automatic weekly scans by Norton AntiVirus mysteriously stopped, and when Mr. Kibler tried to run the software manually, the program would shut down before he could execute commands.
By the middle of the summer, the Kiblers' computer had grown so phlegmatic that the family considered replacing the machine, a powerful Compaq desktop of recent vintage, with a new one.
After many hours of computer forensic work performed by a friend, it turned out that a virus program called Klez was sapping the computer of 90 percent of its processing power. Adding to the burden was a host of strangely named files discovered on the list of programs installed on the hard drive. All of them had entered the machine from the Internet, producing a blizzard of pop-up ads.
The Kiblers' experience is hardly a rarity. More and more PC owners are discovering software lurking on their computers that they had no idea was there - software that can snoop, destroy or simply reproduce itself in droves.
The SoBig and Blaster worms that have been invading computer systems worldwide for several weeks are slowing down. But the two intruders left behind software that could linger undetected for months.
"Both SoBig and Blaster have components that are actively trying to communicate or reach out to master servers without the knowledge of the user," said Vincent Weafer, a senior director at Symantec Security Response, part of the software company that makes Norton AntiVirus.
The alien programs extend well beyond viruses and worms - so named because of the way they spread, as the most familiar carriers of malicious code - to new categories known as spyware and adware. Indeed, the number of home PC's that are infested with alien software that comes in over the Internet and installs itself without the knowledge or consent of the PC user is increasing at an alarming rate.
Richard M. Smith, a computer security expert in Brookline, Mass., estimates that one in every two Windows computers has unsolicited software lurking within.
"I'm the official computer maintainer in my extended family, and I have seven computers to keep up and running," Mr. Smith said. "With the exception of my computer, they've all been whacked." He was spared, he says, only because of his extreme vigilance.
The programs hide in the recesses of the machine and seldom announce their presence. They can enter the machine by way of a virus that has attached itself to an incoming file. Or they can be downloaded unawares by simply clicking on, say, a pop-up ad. Mr. Smith said such assaults were called "drive-by downloads."
"These programs are small and can be downloaded within seconds on a broadband connection," he said. "Once it's started, there's no way to stop it."
Until symptoms appear, the user knows nothing of the unwanted software's presence. Spyware, which may piggyback on another downloaded program, often operates in the background, sending information back to a remote site and displaying pop-up ads tailored to the user's online habits, or harvesting e-mail addresses to sell to spammers.
Adware is similar but more benign, or at least better encased in euphemism; its defenders say that it is something that consumers consciously agree to download. More insidious programs, perhaps better described as annoyware, redirect the computer's browser to pornographic Web sites, often to pump up those sites' traffic figures or commandeer the machine's modem to dial 900 numbers at the computer owner's expense.
PC owners are just beginning to become aware of the extent of such lurkware, and antivirus companies are beginning to expand their products to notify users of its presence.
McAfee Security, a division of Network Associates that makes antivirus products, estimates that 60,000 viruses are in circulation, and some experts say that perhaps 200 new ones are created each month. No comparable figure is available for spyware and adware, said Bryson Gordon, a senior product manager at McAfee, but their growth has mirrored the surge in spam and in music-file-sharing programs like Napster and KaZaA, which link the hard drives of thousands of users into something resembling one big co-op.
Spyware programs are easier to create than a virus, Mr. Gordon says, and some Web sites even offer spyware and adware toolkits.
Some software requests the user's permission before installing itself. Such is the case with the Gator Corporation, a company in Redwood City, Calif., that delivers Web advertising to people who click on an end-user license agreement in which they agree to receive the ads in exchange for a free program. This can include Gator's own e-wallet (a program that automatically fills in Web forms with log-ins and passwords), the downloadable DivX video player or a simple calendar program.
About 100 million copies of Gator have been downloaded to date, said Scott Eagle, chief marketing officer at Gator. He and other Gator officials make a point of insisting that their product is adware, not spyware, and that the distinction is crucial.
"Spyware is stuff that you don't know how it got on your computer and it doesn't add value," Mr. Eagle said. "It could be a program that's specifically designed to seek out information like credit card information or e-mail information but you have no idea how you got it, there's no permission and there's no way of removing it."
Adware, on the other hand, Mr. Eagle said, is something that consumers agree to download. Once Gator is installed, it tracks a user's Web travels and delivers what he called "highly relevant, highly branded" ads. "Users are very much aware that they have this ad-supported software on their computer,'' Mr. Eagle said.
Yet the line between informed consent and naïve clicking can be thin. Although Gator requires permission from users before it is downloaded, people often have no recollection of having agreed to its terms.
One of the programs Mr. Kibler had on his computer was Gator, which he did not recall having consented to.
Lavasoft, a company in Sweden that makes security software, sells a popular program called Ad-Aware, which alerts users to the presence of programs like Gator, as well as others that track Web browsing habits and collect information to use for targeted advertising.
Mike Wood, a spokesman for Lavasoft, said that most PC users fail to take the time to understand exactly what was being downloaded to their machines and frequently click straight through the fine print of end-user license agreements.
Those who fight spyware and adware engage in escalation wars similar to the ones facing antivirus companies. No sooner do Lavasoft and others discover a new form of adware and spyware than the makers of such software turn around and develop another one.
"It's turned into something of a minor cold war," Mr. Wood said.
Mr. Kibler suspected that his 14-year-old daughter, Carly, and her frequent use of the free version of KaZaA, known for installing adware on people's computers, might have had something to do with the problem.
"The minute you install KaZaA you have three or four questionable things on your computer," Mr. Smith said.
In the end, the Kiblers theorized that the troubles may have originated with a program attached to one of Carly's MP3 files. Or it could have been a malicious file sent as an e-mail attachment and downloaded accidentally by any member of the family.
Douglas Berman, a computer specialist in Berkeley, Calif., who works in health care, said he noticed a few months ago that whenever he used his home PC to do a search on Google, a different screen appeared underneath the Google page. The unsolicited page offered up an entirely different set of search results, all of them ads thinly disguised as Google pages.
Heart of Darkness, on a Desktop
By KATIE HAFNER with MICHAEL FALCONE
THE Kiblers of Santa Clara, Calif., thought they were doing everything right. Bill Kibler, a product manager in Silicon Valley and the unofficial system administrator for his family, was nothing short of diligent about running antivirus programs. He had also erected a software firewall to shield his computer from intruders, and he regularly downloaded patches to inoculate his PC when he heard about new viruses.
But over the course of six months this year, the Kiblers noticed their computer displaying some odd behavior. The automatic weekly scans by Norton AntiVirus mysteriously stopped, and when Mr. Kibler tried to run the software manually, the program would shut down before he could execute commands.
By the middle of the summer, the Kiblers' computer had grown so phlegmatic that the family considered replacing the machine, a powerful Compaq desktop of recent vintage, with a new one.
After many hours of computer forensic work performed by a friend, it turned out that a virus program called Klez was sapping the computer of 90 percent of its processing power. Adding to the burden was a host of strangely named files discovered on the list of programs installed on the hard drive. All of them had entered the machine from the Internet, producing a blizzard of pop-up ads.
The Kiblers' experience is hardly a rarity. More and more PC owners are discovering software lurking on their computers that they had no idea was there - software that can snoop, destroy or simply reproduce itself in droves.
The SoBig and Blaster worms that have been invading computer systems worldwide for several weeks are slowing down. But the two intruders left behind software that could linger undetected for months.
"Both SoBig and Blaster have components that are actively trying to communicate or reach out to master servers without the knowledge of the user," said Vincent Weafer, a senior director at Symantec Security Response, part of the software company that makes Norton AntiVirus.
The alien programs extend well beyond viruses and worms - so named because of the way they spread, as the most familiar carriers of malicious code - to new categories known as spyware and adware. Indeed, the number of home PC's that are infested with alien software that comes in over the Internet and installs itself without the knowledge or consent of the PC user is increasing at an alarming rate.
Richard M. Smith, a computer security expert in Brookline, Mass., estimates that one in every two Windows computers has unsolicited software lurking within.
"I'm the official computer maintainer in my extended family, and I have seven computers to keep up and running," Mr. Smith said. "With the exception of my computer, they've all been whacked." He was spared, he says, only because of his extreme vigilance.
The programs hide in the recesses of the machine and seldom announce their presence. They can enter the machine by way of a virus that has attached itself to an incoming file. Or they can be downloaded unawares by simply clicking on, say, a pop-up ad. Mr. Smith said such assaults were called "drive-by downloads."
"These programs are small and can be downloaded within seconds on a broadband connection," he said. "Once it's started, there's no way to stop it."
Until symptoms appear, the user knows nothing of the unwanted software's presence. Spyware, which may piggyback on another downloaded program, often operates in the background, sending information back to a remote site and displaying pop-up ads tailored to the user's online habits, or harvesting e-mail addresses to sell to spammers.
Adware is similar but more benign, or at least better encased in euphemism; its defenders say that it is something that consumers consciously agree to download. More insidious programs, perhaps better described as annoyware, redirect the computer's browser to pornographic Web sites, often to pump up those sites' traffic figures or commandeer the machine's modem to dial 900 numbers at the computer owner's expense.
PC owners are just beginning to become aware of the extent of such lurkware, and antivirus companies are beginning to expand their products to notify users of its presence.
McAfee Security, a division of Network Associates that makes antivirus products, estimates that 60,000 viruses are in circulation, and some experts say that perhaps 200 new ones are created each month. No comparable figure is available for spyware and adware, said Bryson Gordon, a senior product manager at McAfee, but their growth has mirrored the surge in spam and in music-file-sharing programs like Napster and KaZaA, which link the hard drives of thousands of users into something resembling one big co-op.
Spyware programs are easier to create than a virus, Mr. Gordon says, and some Web sites even offer spyware and adware toolkits.
Some software requests the user's permission before installing itself. Such is the case with the Gator Corporation, a company in Redwood City, Calif., that delivers Web advertising to people who click on an end-user license agreement in which they agree to receive the ads in exchange for a free program. This can include Gator's own e-wallet (a program that automatically fills in Web forms with log-ins and passwords), the downloadable DivX video player or a simple calendar program.
About 100 million copies of Gator have been downloaded to date, said Scott Eagle, chief marketing officer at Gator. He and other Gator officials make a point of insisting that their product is adware, not spyware, and that the distinction is crucial.
"Spyware is stuff that you don't know how it got on your computer and it doesn't add value," Mr. Eagle said. "It could be a program that's specifically designed to seek out information like credit card information or e-mail information but you have no idea how you got it, there's no permission and there's no way of removing it."
Adware, on the other hand, Mr. Eagle said, is something that consumers agree to download. Once Gator is installed, it tracks a user's Web travels and delivers what he called "highly relevant, highly branded" ads. "Users are very much aware that they have this ad-supported software on their computer,'' Mr. Eagle said.
Yet the line between informed consent and naïve clicking can be thin. Although Gator requires permission from users before it is downloaded, people often have no recollection of having agreed to its terms.
One of the programs Mr. Kibler had on his computer was Gator, which he did not recall having consented to.
Lavasoft, a company in Sweden that makes security software, sells a popular program called Ad-Aware, which alerts users to the presence of programs like Gator, as well as others that track Web browsing habits and collect information to use for targeted advertising.
Mike Wood, a spokesman for Lavasoft, said that most PC users fail to take the time to understand exactly what was being downloaded to their machines and frequently click straight through the fine print of end-user license agreements.
Those who fight spyware and adware engage in escalation wars similar to the ones facing antivirus companies. No sooner do Lavasoft and others discover a new form of adware and spyware than the makers of such software turn around and develop another one.
"It's turned into something of a minor cold war," Mr. Wood said.
Mr. Kibler suspected that his 14-year-old daughter, Carly, and her frequent use of the free version of KaZaA, known for installing adware on people's computers, might have had something to do with the problem.
"The minute you install KaZaA you have three or four questionable things on your computer," Mr. Smith said.
In the end, the Kiblers theorized that the troubles may have originated with a program attached to one of Carly's MP3 files. Or it could have been a malicious file sent as an e-mail attachment and downloaded accidentally by any member of the family.
Douglas Berman, a computer specialist in Berkeley, Calif., who works in health care, said he noticed a few months ago that whenever he used his home PC to do a search on Google, a different screen appeared underneath the Google page. The unsolicited page offered up an entirely different set of search results, all of them ads thinly disguised as Google pages.