Has your computer ever become so slow that you can fix yourself a snack in the time it takes your word processor to open? Spyware may be to blame.

Spyware is a category of computer programs that attach themselves to your operating system in nefarious ways. They can suck the life out of your computer's processing power. They are designed to track your Internet habits, nag you with unwanted sales offers or generate traffic for their host Web site. According to recent estimates, more than two-thirds of all personal computers are infected with some kind of spyware [ref]. But before you chuck your computer out the window and move to a desert island, you might want to read on. In this article we'll explain how spyware gets on your computer, what it does there and how to get rid of it.

Other "Ware"

Malware - a general term for any program that makes changes (does malicious or "bad" things) without your express permission Adware - programs designed specifically to deliver unrequested advertising Stealware - specific spyware designed to capture clicks or Web-site referral credits Browser hijacker - a malicious program that becomes deeply embedded in your browser's code and core functionality

Some people mistake spyware for a computer virus. A computer virus is a piece of code designed to replicate itself as many times as possible, spreading from one host computer to any other computers connected to it. It usually has a payload that may damage your personal files or even your operating system.

Spyware, on the other hand, is generally not designed to damage your computer. Spyware is broadly defined as any program that gets into your computer without permission and hides in the background while it makes unwanted changes to your user experience. The damage it does is more a by-product of its main mission, which is to serve you targeted advertisements or make your browser display certain sites or search results.

At present, most spyware targets only the Windows operating system. Some of the more notorious spyware companies include Gator, Bonzi Buddy, 180 Solutions, DirectRevenue, Cydoor, CoolWebSearch, Xupiter, XXXDial and Euniverse.

Spyware usually gets onto your machine because of something you do, like clicking a button on a pop-up window, installing a software package or agreeing to add functionality to your Web browser. These applications often use trickery to get you to install them, from fake system alert messages to buttons that say "cancel" when they really do the opposite.Here are some of the general ways in which Spyware finds its way into your computer:

• Piggybacked software installation - Some applications -- particularly peer-to-peer file-sharing clients -- will install spyware as a part of their standard install. If you don't read the installation list closely, you might not notice that you're getting more than the file-sharing application you want. This is especially true of the "free" versions that are advertised as an alternative to software you have to buy. There's no such thing as a free lunch.
• Drive-by download - This is when a Web site or pop-up window automatically tries to download and install spyware on your machine. The only warning you might get would be your browser's standard message telling you the name of the software and asking if it's okay to install it.
• Browser add-ons - These are pieces of software that add enhancements to your Web browser, like a toolbar, animated pal or additional search box. Sometimes, these really do what they say they do but also include elements of spyware as part of the deal. Or sometimes they are nothing more than thinly veiled spyware themselves. Particularly nasty add-ons are considered browser hijackers -- these embed themselves deeply in your machine and take quite a bit of work to get rid of.
• Masquerading as anti-spyware - This is one of the cruelest tricks in the book. This type of software convinces you that it's a tool to detect and remove spyware.

Spyware can do any number of things once it is installed on your computer. At a minimum, most spyware runs as an application in the background as soon as you start your computer up, hogging RAM and processor power. It can generate endless pop-up ads that make your Web browser so slow it becomes unusable. It can reset your browser's home page to display an ad every time you open it. Some spyware redirects your Web searches, controlling the results you see and making your search engine practically useless. It can also modify the DLLs (dynamically linked libraries) your computer uses to connect to the Internet, causing connectivity failures that are hard to diagnose.

Certain types of spyware can modify your Internet settings so that if you connect through dial-up service, your modem dials out to expensive, pay telephone numbers. Like a bad guest, some spyware changes your firewall settings, inviting in more unwanted pieces of software. There are even some forms that are smart enough to know when you try to remove them in the Windows registry and intercept your attempts to do so.

The point of all this from the spyware makers' perspective is not always clear. One reason it's used is to pad advertisers' Web traffic statistics. If they can force your computer to show you tons of pop-up ads and fake search results, they can claim credit for displaying that ad to you over and over again. And each time you click the ad by accident, they can count that as someone expressing interest in the advertised product.

Another use of spyware is to steal affiliate credits. Major shopping sites like Amazon and eBay offer credit to a Web site that successfully directs traffic to their item pages. Certain spyware applications capture your requests to view sites like Amazon and eBay and then take the credit for sending you there.

How can you protect yourself against spyware, and what can you do if you think you already have some on your computer? Here are a few suggestions.

Use a spyware scanner.

There are several applications you can turn to for trustworthy spyware detection and removal, including Ad-aware, Spybot and Microsoft AntiSpyware, which is currently in beta. All three are free for the personal edition. These work just like your anti-virus software and can provide active protection as well as detection. They will also detect Internet cookies and tell you which sites they refer back to.

Note - Once you know which spyware is on your computer, in some cases you'll need to seek specific instructions on how to remove it. Links to some of those instructions are listed in the "Spyware Help" box to the right, and more are included in the Lots More Information section at the end of this article. Here are a few more solutions:

Use a pop-up blocker.

Many of the current browsers, including Internet Explorer 6.0 and Mozilla Firefox 1.0, have the ability to block all Web sites from serving you pop-up windows. This function can be configured to be on all of the time or to alert you each time a site wants to pop up a new window. It can also tell you where the pop-up is coming from and selectively allow windows from trusted sources.

Disable Active-X.

Most browsers have security settings in their preferences which allow you to specify which actions Web sites are allowed to take on your machine. Since many spyware applications take advantage of a special code in Windows called Active-X, it's not a bad idea to simply disable Active-X on your browser. Note that if you do this, you will also disallow the legitimate uses for Active-X, which may interfere with the functionality of some Web sites.

Be suspicious of installing new software.

In general, it pays to be suspicious when a site asks to install something new on your computer. If it's not a plug-in you recognize, like Flash, QuickTime or the latest Java engine, the safest plan of action is to reject the installation of new components unless you have some specific reason to trust them. Today's Web sites are sophisticated enough that the vast majority of functionality happens inside your browser, requiring only a bare minimum of standard plug-ins. Besides, it never hurts to reject the installation first and see if you can get on without it. A trustworthy site will always give you the opportunity to go back and download a needed component later.

Use the "X" to close pop-up windows.

Get to know what your computer's system messages look like so that you can spot a fake. It's usually pretty easy to tell the difference once you get to know the standard look of your system alerts. Stay away from the "No thanks" buttons if you can help it, and instead close the window with the default "X" at the corner of the toolbar. For an even more reliable option, use the keystroke combination for "close window" built into your software. You can look in your browser's "File" menu to find it.

Spyware does not directly spread in the manner of a computer virus or worm: generally, an infected system does not attempt to transmit the infection to other computers. Instead, spyware gets on a system through deception of the user or through exploitation of software vulnerabilities.

Most spyware is installed without users being aware. Since they tend not to install software if they know that it will disrupt their working environment and compromise their privacy, spyware deceives users, either by piggybacking on a piece of desirable software such as Kazaa, or tricking them into installing it (the Trojan horse method). Some "rogue" anti-spyware programs even masquerade as security software.

The distributor of spyware usually presents the program as a useful utility - for instance as a "Web accelerator" or as a helpful software agent. Users download and install the software without immediately suspecting that it could cause harm. For example, Bonzi Buddy, a spyware program targeted at children, claims that:

He will explore the Internet with you as your very own friend and sidekick! He can talk, walk, joke, browse, search, e-mail, and download like no other friend you've ever had! He even has the ability to compare prices on the products you love and help you save money! Best of all, he's FREE!

Spyware can also come bundled with shareware or other downloadable software, as well as music CDs. The user downloads a program and installs it, and the installer additionally installs the spyware. Although the desirable software itself may do no harm, the bundled spyware does. In some cases, spyware authors have paid shareware authors to bundle spyware with their software. In other cases, spyware authors have repackaged desirable free software with installers that add spyware.

A third way of distributing spyware involves tricking users by manipulating security features designed to prevent unwanted installations. Internet Explorer prevents websites from initiating an unwanted download. Instead, it requires a user action, such as clicking on a link. However, links can prove deceptive: for instance, a pop-up ad may appear like a standard Windows dialog box. The box contains a message such as "Would you like to optimize your Internet access?" with links which look like buttons reading Yes and No. No matter which "button" the user presses, a download starts, placing the spyware on the user's system. Later versions of Internet Explorer offer fewer avenues for this attack.

Some spyware authors infect a system through security holes in the Web browser or in other software. When the user navigates to a Web page controlled by the spyware author, the page contains code which attacks the browser and forces the download and installation of spyware. The spyware author would also have some extensive knowledge of commercially-available anti-virus and firewall software. This has become known as a "drive-by download", which leaves the user a hapless bystander to the attack. Common browser exploits target security vulnerabilities in Internet Explorer and in the Microsoft Java runtime.

The installation of spyware frequently involves Internet Explorer. Its popularity and history of security issues have made it the most frequent target. Its deep integration with the Windows environment and scriptability make it an obvious point of attack into Windows. Internet Explorer also serves as a point of attachment for spyware in the form of Browser Helper Objects, which modify the browser's behaviour to add toolbars or to redirect traffic.

In a few cases, a worm or virus has delivered a spyware payload. Some attackers used the Spybot worm to install spyware that put pornographic pop-ups on the infected system's screen.By directing traffic to ads set up to channel funds to the spyware authors, they profit personally.

These common spyware programs illustrate the diversity of behaviors found in these attacks. Note that as with computer viruses, researchers give names to spyware programs which may not be used by their creators. Programs may be grouped into "families" based not on shared program code, but on common behaviors, or by "following the money" of apparent financial or business connections. For instance, a number of the spyware programs distributed by Claria are collectively known as "Gator". Likewise, programs which are frequently installed together may be described as parts of the same spyware package, even if they function separately.

• CoolWebSearch, a group of programs, takes advantage of Internet Explorer vulnerabilities. The package directs traffic to advertisements on Web sites including coolwebsearch.com. It displays pop-up ads, rewrites search engine results, and alters the infected computer's hosts file to direct DNS lookups to these sites.
• Internet Optimizer, also known as DyFuCa, redirects Internet Explorer error pages to advertising. When users follow a broken link or enter an erroneous URL, they see a page of advertisements. However, because password-protected Web sites (HTTP Basic authentication) use the same mechanism as HTTP errors, Internet Optimizer makes it impossible for the user to access password-protected sites.

• 180 Solutions (now Zango) transmits detailed information to advertisers about the Web sites which users visit. It also alters HTTP requests for affiliate advertisements linked from a Web site, so that the advertisements make unearned profit for the 180 Solutions company. It opens pop-up ads that cover over the Web sites of competing companies.

• HuntBar, aka WinTools or Adware.Websearch, is a small family of spyware programs distributed by TrafficSyndicate. TrafficSyndicate.com is a trademark of IBIS, LLC. It is installed by an ActiveX drive-by download at affiliate Web sites, or by advertisements displayed by other spyware programs - an example of how spyware can install more spyware. These programs add toolbars to IE, track browsing behavior, redirect affiliate references, and display advertisements.

• Movieland, also known as Moviepass.tv or Popcorn.net, is a movie download service that has been the subject of thousands of complaints to the Federal Trade Commission (FTC), the Washington State Attorney General's Office, the Better Business Bureau, and others by consumers claiming they were held hostage by its repeated pop-up windows and demands for payment.The FTC has filed a complaint against Movieland.com and eleven other defendants, charging them with having "engaged in a nationwide scheme to use deception and coercion to extract payments from consumers." The complaint alleges that the software repeatedly opened oversized pop-up windows that could not be closed or minimized, accompanied by music that lasted nearly a minute, demanding payment of at least $29.95 to end the pop-up cycle; and claiming that consumers had signed up for a three-day free trial but did not cancel their membership before the trial period was over, and were thus obligated to pay.

• Zlob trojan, or just Zlob, Downloads itself to your computer via an ActiveX codec and reports information back to Control Server. Some information can be as your search history, the Websites you visited, and even Key Strokes.

If your computer starts to behave strangely or displays any of the symptoms listed below, you may have spyware or other unwanted software installed on your computer.

• I see pop-up advertisements all the time. Some unwanted software will bombard you with pop-up ads that aren't related to a particular Web site you're visiting. These ads are often for adult or other Web sites you may find objectionable. If you see pop-up ads as soon as you turn on your computer or when you're not even browsing the Web, you may have spyware or other unwanted software on your computer.

• My settings have changed and I can't change them back to the way they were. Some unwanted software has the ability to change your home page or search page settings. This means that the page that opens first when you start your Internet browser or the page that appears when you select "search" may be pages that you do not recognize. Even if you know how to adjust these settings, you may find that they revert back every time you restart your computer.
• My Web browser contains additional components that I don't remember downloading. Spyware and other unwanted software can add additional toolbars to your Web browser that you don't want or need. Even if you know how to remove these toolbars, they may return each time you restart your computer.

• My computer seems sluggish. Spyware and other unwanted software are not necessarily designed to be efficient. The resources these programs use to track your activities and deliver advertisements can slow down your computer and errors in the software can make your computer crash.

If you notice a sudden increase in the number of times a certain program crashes, or if your computer is slower than normal at performing routine tasks, you may have spyware or other unwanted software on your machine.

Spyware and other unwanted software can invade your privacy, bombard you with pop-up windows, slow down your computer, and even make your computer crash. Here are several ways you can help protect your computer against spyware and other unwanted

• Use a firewall While most spyware and other unwanted software come bundled with other programs or originate from unscrupulous Web sites, a small amount of spyware can actually be placed on your computer remotely by hackers. Installing a firewall or using the firewall that's built into Windows XP provides a helpful defense against these hackers.

• Update your software If you use Windows XP, one way to help prevent spyware and other unwanted software is to make sure all your software is updated. Visit Microsoft Update to confirm that you have Automatic Updates turned on and that you've downloaded all the latest critical and security updates.

• Adjust Internet Explorer security settings You can adjust your Internet Explorer Web browser's security settings to determine how much-or how little-information you are willing to accept from a Web site. Microsoft recommends that you set the security settings for the Internet zone to Medium or higher.

To view your current Internet Explorer security settings:

1.In Internet Explorer, click Tools and then click Internet Options.

2.Select the Security tab.

• Download and install antispyware protection security tools to help block, detect, and remove unwanted software from your computer are available on our Download page. * Surf and download more safely The best defense against spyware and other unwanted software is not to download it in the first place. Here are a few helpful tips that can protect you from downloading software you don't want:

1. Only download programs from Web sites you trust. If you're not sure whether to trust a program you are considering downloading, ask a knowledgeable friend or enter the name of the program into your favorite search engine to see if anyone else has reported that it contains spyware.

2. Read all security warnings, license agreements, and privacy statements associated with any software you download.

3. Never click "agree" or "OK" to close a window. Instead, click the red "x" in the corner of the window or press the Alt + F4 buttons on your keyboard to close a window.

4. Be wary of popular "free" music and movie file-sharing programs, and be sure you clearly understand all of the software packaged with those programs.