COMMENTARY--Viruses may be on the decline this year, but other threats--like Trojan horses and spyware--are on the rise. We tell you how these pests work--and how to protect your system from harm.

So far, 2003 is off to a slower start than 2002 in terms of the appearance of new computer viruses. Many have tried to account for this decline by saying that antivirus protection has improved, that Microsoft has enhanced the security in Outlook 2002, and that new legislation following the events of September 11 has deterred virus writers.

I disagree with all of these arguments. While antivirus protection has improved, there are still many unprotected PCs in the world. Microsoft may have enhanced Outlook 2002's security, but many companies and individuals are still running earlier versions of the software (and haven't yet applied the appropriate security patches).

And finally, I don't think a virus writer in some distant country cares whether or not the U.S. Congress has enacted laws that make virus creation a crime punishable by life in prison.

I suspect the real reason for the decline in viruses this year is that the serious virus writers have graduated to more sophisticated attacks, such as Trojan horses and spyware. The occurrence of both of these threats has increased in 2003. While it's now less likely you'll be infected by another Loveletter or Melissa-type virus, it's more likely you'll be hit by other maladies that could cause as much--if not more--damage.

Here's what you need to know about how these pests work--and how to protect your system from them.

Trojans, to refresh your memory, open ports on infected machines and allow malicious users to access data on that system remotely. A more mainstream use of this technology is called spyware, ad-serving software that (in the best case) allows advertisers to update and target advertising on your computer or (in the worst case) allows advertisers to track your Web habits for sale to other advertisers.

In my opinion, Trojan horses and spyware are quite similar: Both have the potential to obtain information about you without your knowledge.

Some think spyware is acceptable, because it's what allows the software you're using to be free. And there are legitimate uses for this technology. For instance, some software companies, such as academic developer Mathsoft, have programmed their products to report back to the company's servers with your application's version number and plug-in information, as part of their copyright protection strategy.

But whatever the purpose, I think this activity should be disclosed somewhere in the end user license agreement, so that you know what your software is doing and can decide whether it's OK with you. But often it's not.

It's not just home users who are at risk from spyware. Businesses could be hurt by it as well. Behind a corporate firewall, individual desktops are pretty much immune to spyware. But an employee working from home could compromise the security of the company's VPN. How? Sophisticated spyware located on a home PC could steal the employee's password for the VPN--as well as sensitive documents stored on the employee's hard drive.

Unfortunately, antivirus software does little to stop spyware. It will identify and remove some Trojan horses associated with viruses, but it will not recognise those associated with free software. As I discussed last week, firewalls can be effective in blocking spyware from communicating with other computers on the Internet. But antivirus apps and firewalls won't protect against all Trojans, or against spyware attacks on your system registry. For these more subtle threats, you're going to need a dedicated anti-spyware program.

Fortunately, there are several products on the market designed to identify and remove such pests. Ad-Adware Standard Edition and Spybot are both completely free. PestPatrol 4.0 and the recently announced Spy Sweeper are paid services, requiring a subscription for updates. Any one of these should be adequate to protect your system.

If you surf the Web and think your machine is free of spyware, I suggest you try running Spybot or the free SpyAudit on your PC. These apps check your system to see if it has any spyware on it. If your machine is clean, congratulations! You're one of the very lucky ones indeed. The rest of us, I predict, will be surprised at what's running inside our machines without our knowledge. Luckily, there are apps out there that can help.

Are you worried about Trojan horses or spyware? Why or why not? What's your biggest security worry? Send your thoughts to edit@zdnet.com.au.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.