Those persistent types of programs, frequently operating on computers without owners' knowledge, have spread quickly in the last year, evolving as rapidly as anti-spyware software has been able to find them. EarthLink executives estimate that 40 percent to 50 percent of the Internet service provider's subscribers have running on their machines some kind of advertising or more-malicious program, which often monitors their behaviour and sends the data back to the software's parent company.
The level of complaints has risen high enough that EarthLink says it's finally looking for an official spyware-killer to distribute to its angry customers.
"That's usually not what they've originally called to report, but when they find out (the source of their problem), that's what causes the most emotional reaction," said Jim Anderson, EarthLink's vice president for product development. "They feel that their trust has been broken."
EarthLink's move toward spyware-hunting marks just one new front in a bitter war over programs that sneak onto hard drives. Security companies say that the incidence of so-called spyware, adware, sneakware and other varieties of surreptitious software is climbing dramatically, adding that the most irritating of the bunch are becoming even more difficult to stop--or even identify.
These types of programs had been available for years but became more common as free file-swapping services such as Kazaa and Imesh began bundling these ad-supported programs with their software to help pay their bills. Today, many programs are automatically installed when a person views an unsolicited HTML (Hypertext Markup Language) email or visits Web pages that activate a "drive-by download".
The most benign of these programs simply serve advertisements. Others can collect detailed information about a viewer's behaviour and send it back to a parent company the person likely knows nothing about. Many change the settings of a browser or other software, sometimes in ways that only someone with sophisticated technical knowledge can reverse.
None of this is illegal, and in most cases, notice of such functions is contained somewhere in a piece of software's terms of service or license agreement. But critics say few people read these agreements. As a result, incautious surfers can often unknowingly wind up with software that monitors their behaviour, soaks up their computing and network resources, and can even damage their computers, in extreme cases.
Large businesses too are concerned, as many of these programs--sometimes downloaded unwittingly by employees surfing the Net--use corporate networks to send data back to their parent companies. For businesses that spend hundreds of thousands of dollars on firewalls and security, that's an unacceptable risk.
"Since last fall, we've seen a real spike in corporate customers purchasing our software because of spyware," said Pete Cafarchio, vice president of business development at Pest Patrol, whose software helps identify and eliminate a long list of "pest" programs, ranging from comparatively benign adware to viruses and Trojan horses. "Their argument is that there can be no unauthorised (network) communication."
The last year has seen a steep rise in the number of companies and products aimed at eradicating or mitigating the effects of these surreptitious programs. Software such as Pest Patrol, Spybot--Search & Destroy and Lavasoft's Ad-Aware are popular hard-drive cleaners. Personal firewalls like ZoneLab's ZoneAlarm help prevent unauthorised programs from using network connections to contact the outside world without permission.
At the same time, however, adware and spyware program writers have met the challenge with creative new means of distribution and installation.
Recent months have seen a spurt in so-called browser helper objects (BHO), which attach themselves limpet-like to Microsoft's Internet Explorer browser software and act as a toolbar or other browser plug-in. The worst of these can radically change browser settings, including home pages and bookmarks, and make it difficult or impossible for people to change these back without their knowing how to manipulate the Windows registry. Recent examples of these, distributed by Web advertising portals Lop.com and Xupiter.com, redirected browsers to their respective sites at every available opportunity.
Some of these programs are getting better at sinking roots deep into a computers' operating system, making removal impractical. A widely distributed marketing program called "CommonName" recently changed its code, so that removing it with software such as Spybot made it impossible for the affected computer to access the Net.
Distribution methods are becoming increasingly creative as well, going well beyond the tested means of piggybacking on peer-to-peer or other types of software.
In one recent example, a small piece of advertising software was installed quietly on the machines of people who played a popular post-Sept. 11 Java game called "Yo Mamma, Osama!" That software activated itself every three minutes, to send data back to its home company, and stayed on machines long after the game was finished, Pest Patrol's Cafarchio said.
In addition, spam email can include hidden HTML links to spyware that is downloaded when a viewer opens it. So-called drive-by downloads operate similarly, starting a download process when visitors view a Web page. Although drive-by downloads typically ask for permission, many people accept the download, believing that it is a normal function of the Web site.
Setting Internet Explorer security settings to high or medium can help guard against these download attempts, security experts say. Examining a PC's system with one of several free anti-spyware programs can also help people understand what is running on their computer, though they cannot guarantee absolute protection against new forms of the surreptitious technology.
"Spyware makers are looking for new, better-hidden places in the system to anchor themselves," Spybot creator Patrick Kolla said in an email interview. "The challenge for any anti-spyware software lies here in keeping the detection mechanisms as well as the detection database up-to-date at the same time."
While it is clear that concern about clandestine software is growing, it is less evident exactly what the concern is about. Figures on the spread of adware and spyware are hard to come by, and definitions of the categories are vague at best. That has made fighting the phenomenon difficult, and some adware companies say they are being unfairly targeted.
In a list of the most prevalent software "pests" issued in February, Pest Patrol cited software released by an ad software company called Gator as far and away the most common pest--the source of more than half of the 81,000 reports logged by customers of its software over the past month.
Gator, however, provides the advertising support for many of the most popular free software programs distributed online. The company says it has 30 million people who seek out various pieces of software supported by its advertisement, hardly putting it under the traditional "pest" definition.
The company does collect information about people's behaviour to target ads specifically, for example, sending car advertisements to those shopping for a vehicle. However, unlike most other advertising companies, Gator creates pop-up ads that are clearly branded and includes links to information on how to uninstall the associated tracking and ad-serving software, said Scott Eagle, the company's chief marketing officer.
Coming in at No. 2 on the Pest Patrol list of common pests was software from online media company Brilliant Digital Entertainment. Last year many people objected to software from Brilliant being quietly bundled with their Kazaa file-swapping program. But that software is now the basis for a paid-content distribution network that has formed the backbone of Kazaa parent Sharman Network's defence against copyright-infringement charges.
The upshot: If people want free software, say these companies, they will have to be prepared to accept advertisements or other marketing devices.
"Over half-a-billion dollars in software that people would have had to pay for, they got for free in exchange for seeing occasional ads," Eagle said. "People don't like TV commercials either, but most people would acknowledge there is a trade-off."
The last paragraph in this article is a fair enough comment, IF they asked up front. The whole problem is most of these scumware program use underhanded methods and trickery, which says a whole lot in itself, methinks.