SAN MATEO (08/14/2000) - With spyware lurking all about, what can you do to protect yourself? Easy: Get some counterspyware. And, InfoWorld readers say, some very effective tools are available free or nearly so.
During the last few months, we've discussed many examples of intrusive software that readers have discovered on their systems, often by using some of these counterspyware programs. When asked, of course, vendors invariably claim that spyware is only there with the very best of intentions, and any information collected without the user's knowledge certainly wasn't abused. Trust us, they say, it's nothing to worry about.
Not only should you not trust the vendors to refrain from abusing your privacy, but don't expect the government to do anything serious to help soon. In fact, the legal trend is the opposite. With the Digital Millennium Copyright Act already law and the Uniform Computer Information Transactions Act (UCITA) being enacted in a few states, software developers have been gaining lots of legislative cover for slipping spyware onto your system to protect their intellectual property rights. And the FTC's recent endorsement in its report to Congress of vendor "self-regulation" for online profiling doesn't bode well, because it appears to take an opt-out approach where customers must read all the privacy legalese on sites. (For an example of how effective industry self-regulation of privacy is, just recall last year when Microsoft Corp. and RealNetworks Inc. were both caught red-handed in undisclosed collection of information from users and didn't even lose their privacy certification from Truste, an industry-sponsored organization of which both companies were supporting members.)Clearly it's time for users to employ self-regulation, at least when it comes to regulating their own systems' communications. There are many tools to choose from, and you may already have everything you need. For many businesses, it's just a matter of ensuring that their firewalls, network management tools, and the like are configured to check what's going out and what's coming in.
For those who don't have such tools or lack the technical know-how to use them, my readers have widely praised ZoneAlarm from ZoneLabs (www.zonelabs.com). "A great privacy tool I found out about is [ZoneAlarm], a free personal firewall product that can help block outgoing as well as incoming traffic on a per-application basis," one reader enthused. "It is easy to use and lets the user decide which applications can reach the Internet and which cannot. "ZoneAlarm 2.1 is free for personal and nonprofit use and costs US$19.95 annually for business use. It's a firewall specifically designed to work both ways, and it's been responsible for catching many software intruders discussed in previous columns. It's so simple that even an InfoWorld columnist can use it.
Readers also pointed out another great resource for tools and information to fight spyware. "Check out Steve Gibson's OptOut program," wrote another reader.
"It's lightweight (small), no dependencies (Steve's assembly language code), and lightning fast, even on huge drives."
Gibson, president of Gibson Research (www.grc.com) and a trusted, authoritative voice in these pages for many years, has gone after spyware in a big way. His OptOut program, currently offered as freeware, was designed to detect even spyware that takes advantage of browsers to get around firewalls. Also available at Gibson's site is Shields Up, a port scanning service that probes your computer and alerts you to security hazards. And perhaps even more valuable than the tools is the information Gibson provides on known spyware. If you visit, don't miss his blow-by-blow description of his travails tracking down the truth about RealNetworks, Netscape/AOL, and NetZip's download utilities and user-monitoring capabilities.
Along with endorsing ZoneAlarm, Gibson is also now recommending another freeware spyware detector. "It's called Ad-aware from the Lavasoft organization (www.lavasoft.de/free.html), and it's more comprehensive than OptOut," Gibson says. "It's my intention to 'retarget' OptOut in the very near future at the continuing problem of Web-based privacy abuse. I'm going to completely end the problem of cookie misuse and third-party cross-domain information leakage. Thus OptOut will become a tool for allowing people to instantly 'disappear' from radar screens of those who would track them ... while allowing safe and untrackable cookie use."
Gibson makes no promises on when he can deliver this next version of OptOut, so I'm sure he'd agree with me in advising that you not wait for it. There are plenty of good tools out there to choose from, including many I haven't mentioned. And the price is right, particularly when you consider the possible price of leaving yourself open to the next software intruder that comes along.
Got a complaint about how a vendor is treating you? Contact InfoWorld reader advocate, Ed Foster, at email@example.com.