Beware: They're watching you

By THOMAS GREENE

Your home computer has turned sluggish - programs open slowly, web pages take forever to load - it's probably not because you need a new machine.

It's more likely that some hidden software is secretly using your CPU and pushing your work aside, cuckoo-style, as it pursues its own ends.

A survey in April by the US ISP Earthlink and Webroot software, for example, found that one in every three PCs scanned online at the user's request had a "Trojan horse" or spyware program on board.

But where have they come from? Probably, to be honest, you.

Many people have downloaded one or many of the free utilities available on the web: system "optimisers", plugins (especially "blockers" for pop-up ads) for Internet Explorer, toolbars and taskbars, news tickers, jukeboxes and so on.

The trouble is that such software, and especially the "free" applications supported by ads that appear on your desktop ("adware"), often reaches out to remote servers you know nothing about to track you across the net ("spyware"), aiding advertisers to develop marketing profiles of what people like you do online.

The programs also slurp up system resources, leaving your PC sluggish. Often, that's the only way you discover they're there.

With Windows, it's down to you to install applications such as office suites, graphics programs, multimedia applications, system utilities, instant messaging and chat clients.

But it's expensive putting together a truly useful software collection from retail packages, so many people seek free alternatives.

Unfortunately, much free software is laced with those secret networking capabilities and "phone home" features.

This is the privacy-invasion industry's Trojan horse: you get a free application, but they look over your shoulder while you're on the web.

So how do you search your computer for spyware? Antivirus software is designed to ignore it, so you'll need something designed specifically to identify and remove it.

Thousands of Windows programs contain adware and spyware; that in turn has created a whole industry dedicated to removing them.

Fortunately, utilities such as Ad-Aware from Lavasoft (www.lavasoftusa.com/support/download), Spy Sweeper from Webroot.com (www.webroot.com/wb/products/spysweeper/index.php), and SpybBot Search & Destroy by Patrick Kolla (www.safer-networking.org) do a good job of detection and removal, and you can use more than one to ensure that everything is caught.

If any of these tools contains spyware of their own, one of the others is likely to pick that up as well.

Having purged your PC of malware, you still need to avoid future contamination. You could pick and choose between the widely advertised products out there ... but that's how you got into trouble in the first place.

Instead, a simple long-term approach is to replace as much "closed-source" commercial software with open-source alternatives as possible.

Why? Because when everyone can examine the source code, it's virtually impossible to conceal malicious functions. You never know exactly what a "closed-source" commercial application contains, but there are no secrets in an open-source product.

The price is often the same - free - but the open-source products, being a collaborative effort, don't have the same profit motive that leads companies to collect data secretly about their customers.

One final thing: many commercial developers like to call their products "open". But if the source-code files are not freely available somewhere, so that you can build the application yourself, then it is not open-source.

And not having the source is how you got into this problem in the first place.

* Greene is associate editor for The Register, an online IT news daily based in London. He is the author of 'Computer Security for the Home and Small Office', a security and online privacy manual.

- INDEPENDENT