You may be sharing your Internet connection with a spyware program. Here's what you need to know.

Security is a critical issue for every computer that's connected to the Internet, whether in the office or at home. The recent denial-of-service attacks that brought down major Web sites were possible only because hackers managed to subvert many poorly secured computers, forcing them to participate in the attack. Some e-mail-enabled viruses (such as the notorious Melissa virus) attempt to broadcast private documentsââ,¬"your own or those of your company. And if the infamous "Back Orifice" Trojan horse has inveigled its way into your computer system, it will turn over control to any hacker who asks.

Fortunately, most corporate users are sheltered by a company firewall, and personal firewalls such as BlackICE Defender and ZoneAlarm can protect small-office and personal PCs. With a firewall and an antivirus program running, you're safe. Or are you?

Even though your system is protected against outside attack, it's still vulnerable to betrayal from within. Each time you connect to the Internet, you may be sharing that connection with a traitorââ,¬"a spyware program that has its own agenda and communicates secretly with its home site. Some spyware programs are installed automatically when you visit Web sites that use them. Others are installed along with particular shareware or freeware programs. The installation may occur completely without your knowledge, or you may accept it by clicking on Yes without reading the entire license agreement.

News items have accused various spyware programs of inventorying software on the user's system, scanning the Registry, searching out private information, and then shipping all this data back to the home site. In truth, none of these accusations have been proven. We call these programs spyware not because they actively steal private information but because they act in secret, without your knowledge or permission.

Their stated purposes seem innocent enough. Some, called adbots, display banner ads in associated programs and attempt to tailor the advertising to your interests. Others collect usage statistics for their clients. All of the known spyware programs claim to respect your privacy, and under scrutiny, these claims appear to be true. The nonpersonal information gathered by these programs could be misused, however, and the presence of spyware might compromise your system.

TSAdBot

TSAdBot, from Conducent Technologies (formerly TimeSink), is distributed with many freeware and shareware programs, including the Windows version of the popular compression utility pkzip. It downloads advertisements from its home site, stores them on your computer, and displays them when an associated program is running.

According to Conducent, tsadBot reports your operating system, your ISP's IP address, the id of the tsadBot- licensee program you're running, and the number of different ads you've been shown. It also indicates whether you have clicked on any of the ads. On installation, tsadBot may present an optional survey. If you answer the survey, your answers are conveyed along with the other information gathered by tsadBot. Conducent's privacy statement is available for viewing.

The install program for pkzip for Windows 2.70 clearly states that the product integrates "sponsored messaging technology" that will make use of your Internet connection, and identifies Conducent Technologies as the source. The program also describes precisely what information will be sent to the Conducent home site. Furthermore, pkzip's uninstall program removes tsadBot, as long as no other programs are relying on it. Unfortunately, this degree of candor is rare; many other programs install and use tsadBot without ever informing the user.

To determine whether this program is present on your system, click Find on the Start menu and search all local drives for files named Tsad*.*. If tsadBot is present, you will find Tsad.dll in the Windows folder and Tsadbot.exe in another folder, probably C:\Program Files\TimeSink\AdGateway. Subfolders below the AdGateway folder contain user profile information as well as the downloaded ads.

If you want to remove tsadBot, you must first uninstall all programs that rely on it. You're effectively paying for these programs by allowing them to show you banner ads, so in all fairness, you should remove them. (If fairness is not sufficient incentive, consider that these programs will not run in tsadBot's absence!) In most cases, uninstalling the related programs will not remove tsadBot itself, so you'll have to delete Tsad.dll and the entire AdGateway folder using Windows Explorer. Explorer may refuse with an Access denied message; in that case, restart Windows and try again. If you still can't delete them, restart the computer in ms-dos mode and delete these files using the command line.

Aureate DLL

The Aureate DLL, from Radiate.com (formerly Aureate Media), is installed with hundreds of freeware and shareware programs; it displays banner ads while the program is running. It downloads advertisements from its home site and reports which ads have been shown and clicked on. The program's author is paid based on the advertising views and click-throughs. In the case of a freeware program, this is the only money the author gets. The Aureate DLL includes an optional survey that may appear some time after the initial installation. Uninstalling the host program does not remove the DLL; it can continue to operate independently.

Worst of all, according to Steve Gibson of Gibson Research, the Aureate DLL introduces a serious security hole. A malicious hacker could redirect the Aureate DLL to phone the hacker's server. That server could then take control of the Aureate dll, instructing it to download further malicious code onto the user's machine and execute that code. According to Gib son, the Aureate DLL's ability to download new programs has been confirmed, though there is no evidence that this has yet been used for nefarious purposes. Gibson also notes that browser problems, including complete browser crashes, have been traced to the Aureate DLL.

Radiate states that its DLL does not gather or report any personal information, does not track your Web-surfing habits, and does not monitor what you do on your computer. The dll does, however, associate the information it gathers with a unique id, so as to tailor the ad offerings to your interests. For those who wish to remove the program, Radiate offers an uninstall utility here. Naturally, removing the Aureate DLL will disable any freeware or shareware programs associated with it. You can check Radiate's privacy policy on their website.

What can you do?
The distinction between marketing demographic analysis and invasion of privacy was already blurred long before the invention of spyware. Right now, you're targeted for specific direct-mail advertisements based solely on your zip code. Every time you enter a contest, fill out a survey, or send in box tops for a free trinket, you're adding to the vendor's database of demographic data. Marketers would love to know every little thing about you, so they could deliver advertisements that would pique your interest. Some people think this is just fine; they love getting mailings and catalogs that cater to their hobbies and interests. If that's not your style, you'll need to stay alert.

Check your browser's security settings to make sure ActiveX controls can't be installed without your knowledge. In Internet Explorer 5, choose Options from the Tools menu and click the Security tab. By default, the Internet zone is set for the Medium security level. At this level, you'll be prompted before downloading ActiveX controls but not before running or scripting them. If you want to change the security options, click the Custom Level... button. Make sure the Prompt box is checked under Download signed Active X controls, so you'll be prompted before any such installation. Select Prompt under Run ActiveX controls and plug-ins and Script ActiveX controls marked safe for scripting, at least temporarily. If the frequent prompts generated by the second two settings prove too annoying, you can change them back to Enabled.

Every time you install a new program or utility, read the license agreement. If it mentions integrated advertising, background use of your Internet connection, or anything that suggests spyware, you may want to abort the installation and investigate. And if, despite these precautions, your newest game or utility sports ever-changing banner ads, check with the vendor to find out where they're coming from.

You can learn a lot by visiting a spyware vendor's Web site. You'll usually find links with information for advertisers and developers. Follow those links and carefully peruse them. Chances are good you'll find phrases like "...significantly improve online advertising e-performance by integrating actual online identity with off-line demographics and behavior." This will appeal to an advertiser but may appall the consumer whose "demographics and behavior" are under scrutiny.

Opting out

Internet security cognoscenti are already familiar with the ShieldsUp! page on Gibson Research's Web site. With your permission, ShieldsUp! probes your system's security in much the same way a hacker would and reports any loopholes. The related OptOut site provides information and tools for users who want to opt out of providing free marketing data through spyware. The site supplies detailed information on all known spyware programs, including the names and Web addresses of the suppliers, what information is gathered, and the programs that integrate them.

Gibson doesn't suggest eliminating such marketing tools; after all, some users adore free programs and don't consider privacy an issue. He proposes a "Code of Backchannel Conduct" for tools that work in the background and share your Internet connection. The code is fairly detailed, but this quote sums it up: "You may use my Internet connection, but you must first help me to understand why you want to use it and how you will use it, then receive my explicit consent before using it. Then, if I ever change my mind, you must cease such use and go away."

Central to the site is the OptOut utility, which searches your system for known spyware, reports its findings, and optionally removes the offending files. As of this writing, OptOut exists as a free prerelease program that removes only the Aureate dll. The final version should detect and remove them all. It will cost you, but you'll get indefinite free updates to handle newly discovered spyware.

There's no evidence that spyware programs are gathering private information or associating that information with individuals. You may feel that giving away some limited, nonpersonal information is a small price to pay in return for free programs. But the possibility of abuse exists, so it behooves you to know just who's sharing your Internet connection.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.