Breaking, Entering Your PC

[Guest guest]

Z

Fri, 26 Nov 2004 06:53:48 -0800

Subject:Breaking, Entering Your PC

 

 

 

 

<http://www.latimes.com/news/nationworld/nation/la-na-spyware26nov26.story>

 

[Znote: when people ask for my help with their systems these days,

this is - by far - the most common problem I encounter. My first and

foremost suggest to avoid this nightmare: get rid of Microsoft

Explorer,

and switch to Mozilla or Opera. Second: no " special offer " in email is

ever legitimate. Never, ever respond to spam. Third: Exercise

judgement on what websites you visit. If you go looking for free

software at a place called " Darth Vader's Crack Shack " you can pretty

much expect various nasty things to happen. Fourth: have a good virus

scanner running at all times. No, it doesn't stop spyware, but it

helps.]

 

 

 

 

Breaking, Entering Your PC

Spyware, the newest and nastiest online plague, can paralyze or

commandeer a computer. Help is hard to find, but it's out there.

 

 

By Terry McDermott, Times Staff Writer

 

It can, and often does, start something like this:

 

You're online, maybe searching for a specific piece of information,

maybe just cruising the Web. I was investigating new search

technologies

that were advertised as useful in dealing with variations in the

spelling of names and had read that Lycos, a pre-Google Internet portal

and search engine, had developed some.

 

I found links for Lycos and clicked on one. That was the beginning.

Within minutes, my computer was swamped with advertisements — pop-ups,

pop-unders, pop-all-overs. There were so many I couldn't close them

before others started appearing. I had to shut the computer down.

 

When it restarted, my Web browser had a new pornographic home page, and

soon another flood of advertisements was underway. This time, I was

able

to get rid of most of it and resume working.

 

It went on for days. The blizzard of ads sometimes thinned, sometimes

thickened. At times, there were so many that the computer couldn't

process them all and froze. Every time I restarted, my home page was

reset to the pornographic site. Every time I tried to do a Google

search, a Lycos search engine appeared instead. New items for services

called Bargain Buddies and Deal Helper were added to my Web favorites

list.

 

I deleted these entries, but they would mysteriously reappear. Once,

when I was being buried yet again by ads, I heard my computer modem

dialing a telephone number. My computer is connected to a broadband

Internet access service, so the only time I ever used the modem was to

send and receive faxes. I couldn't imagine why the modem was dialing.

More to the point, I couldn't stop it.

 

I have been using PCs since 1985 and have installed hard drives,

operating systems, memory, CD-ROM drives and countless software

programs. I've written some rudimentary programs to automate common

word-processing tasks. I vainly considered myself a computer

sophisticate.

 

So what did I do? I cursed and screamed. I tried to turn the modem off

with software switches. Finally, I did what any sophisticated computer

user would do — I yanked the telephone cord out of the wall, then began

wildly deleting every suspicious file I could find on my system.

 

That worked to a limited extent. I installed a pop-up ad blocker and

downloaded free programs that were supposed to rid me of the plague

that

had descended.

 

Most days, I was able to slog along and there were even times I thought

the fixes had worked. But the computer was still agonizingly slow, and

the ads and the hijacked Web searches invariably reappeared. Then a

month later, I received a bill for $25 from some company I had never

heard of. It was for the telephone call my computer had made, to

Britain

it turned out.

 

The Internet, at once one of the wonders of the modern world and one of

its least likable neighborhoods, has suffered a series of afflictions,

scams and perversions throughout its brief history. The latest and in

many ways most frustrating is the one I was now facing — spyware.

 

Spyware is a broad category of software distributed online, usually

without a user's knowledge, to millions of personal computers around

the

world, often crippling them in the process.

 

It includes several subcategories, including:

 

• Loggers — programs that surreptitiously monitor a computer's use,

recording every keystroke, and sending that information to the

spyware's

manufacturer.

 

• Adware — programs that use the data generated by loggers to send

advertisements to individual computers.

 

• Dialers — programs that cause a computer's modem to call long

distance, frequently international.

 

As an unwanted invader, spyware has some things in common with e-mail

viruses, but differs in two important ways.

 

Viruses can be stopped by relatively inexpensive software. Spyware

distribution is more devious and often almost impossible to stop. It is

also much more difficult to find and remove from afflicted machines.

 

Also, although spyware, like viruses, often seems pointless, it usually

is not. It is driven by one of the oldest of human motivations —

profit.

 

In most cases, someone is being paid to make your computer useless.

That

is the special irritation experienced by afflicted computer owners:

Someone is profiting from their misery. Or at least, that was the

special irritation that got me.

 

I started digging into the innards of my operating system, looking for

clues. Whenever I found files I could not determine the authenticity or

purpose of, I got rid of them. In the process, I sometimes got rid of

necessary files. I was slowly breaking the legitimate functions of my

machine.

 

I contacted tech support at various software and hardware

manufacturers.

Mainly, they suggested I wipe out my computer's hard drives and start

from scratch.

 

On the days my computer let me, I searched the Web for the origins of

my

problems. I felt like a lonesome settler in the Wild West, besieged by

outlaws. Where was the posse when you needed it?

 

That's when I stumbled onto AumHa.org, a website named for the first

and

last letters of the Sanskrit alphabet. Wherever I had expected

salvation

might reside, it was not in a land where the residents spoke Sanskrit.

 

No matter. My posse had arrived.

 

 

 

One of the more discomforting aspects of the modern world is most of

its

inhabitants' utter ignorance of the technology that shapes it. Not one

in 100 computer users has the least idea of what goes on inside the

machines they spend many waking hours engaged with. They have no more

concept of what's under the lid of their computer boxes than Ptolemy

had

of what was on the dark side of the moon.

 

Moreover, there is no obvious place to turn for help. Computer and

software makers haven't the resources, or, as often, the desire to

help.

Any plea for tech support is apt to lead a computer user on a

round-robin of calls, with each manufacturer emphatically shifting the

blame to another.

 

One of the charms of the same modern world is the degree to which there

has emerged a vigorous, selfless missionary corps dedicated to

explaining — and where that's undoable — leading the benighted rest of

us to safety.

 

That the missionaries can be a pretty weird lot does not matter. Mine

included the guy with the Sanskrit website, a bartender and an epicure

from Pennsylvania.

 

The AumHa Web forum was begun five years ago by Jim Eshelman, " mainly, "

he said, " as a place to post my resume. " At the time, Eshelman was

approaching middle age with no real career or even relevant experience

necessary to begin one.

 

An autodidact, he had a head for numbers and an analytic cast of mind,

but almost never the credentials an evolving workplace demanded. He had

worked as a legal but unlicensed workers' compensation lawyer for most

of his professional life, until the state of California decided in 1992

that one really ought to have a law degree to do that.

 

He was a longtime computer hobbyist who in the mid-1980s had begun a

computer support company. He discovered he " liked helping people and

hated doing business. "

 

A decade later he built his current website and within weeks was

getting

" a lot of e-mail that was hard to answer. " It didn't matter. Other

people — people he did not know — leaped onto his site to help. To

Eshelman, this communitarian attitude was a throwback to his hobbyist

days.

 

" It used to be [information technology] knowledge was like drugs — if

you had some, you shared it with friends, " he said.

 

He sought to continue that attitude through his new site, which

gradually built both an audience — now almost 7 million visits a month

—

and, more important, a community of like-minded hobbyists eager to

contribute what they knew.

 

The site has multiple forums for various computing problems, but the

overwhelming number of inquiries in the last year has dealt with

spyware, which on the site has a variety of less neutral names,

" scumware " being one of the more polite. Scumware had been an epidemic;

in the last year it grew into a pandemic, said Steve Wechsler, one of

those drawn to Eshelman's site.

 

Wechsler was tending bar at a public golf course in South San Francisco

when he bought his first computer less than a decade ago.

 

" I brought it home and turned it on, clicked on Netscape and expected

something to happen. I still think about how dumb I was, " he said. That

ignorance makes him empathize with other casual users, people who

expect

their computers to be tools, not obligations.

 

The muting of the usefulness of those tools is what motivates him most.

" I hate bullies. I've hated bullies my whole life. They prey on people.

I'm not going to sit by and do nothing, " he said. " It's your computer.

They have no right to assault it. "

 

 

 

AumHa's volunteers instructed me to download, for free, diagnostic

tools

and spyware cleaners. The most interesting of these is a small program

developed by a Dutch graduate student that takes a snapshot of

important

settings in your operating system, Web browser and other software. You

are asked to post this snapshot on AumHa's forum, where your computer

is

scrutinized by whoever happens to be logged on.

 

In essence, you are being asked to publish very private information (a

man's " browser helper objects " are about as private as you can get) in

a

very public place. It's a daunting request. I paused for perhaps a

nanosecond.

 

The site is a contemporary equivalent of the old highway construction

crew — a lot of guys leaning on shovels giving advice to the guy in the

hole — me — doing the digging. But it worked.

 

I had been fighting the spyware plague for more than a month. The AumHa

guys fixed it in a day. For absolutely nothing.

 

Wechsler and Robear Dyer, a fine wine and food salesman, determined

that

I had been victimized by what they called a " drive-by download, " in

which a computer user is tricked into authorizing a software download.

 

The downloaded programs then burrow into your operating system in such

a

way that even if you notice and delete them, instructions are left

behind to replicate them the next time you restart your computer. My

frantic deletion of unknown files had been not only rash, but futile. I

could have deleted for a decade and likely not have changed anything.

 

As Wechsler put it, I had been mugged. For all its guises, most spyware

is either itself advertising or involved in the distribution of

advertising tailored to computer users' online desires.

 

It can be targeted to send you an advertisement for a specific product

at precisely the moment you are about to buy a competing product or the

same product from a competing vendor.

 

Say, for example, you're going to book a flight from Los Angeles to

Chicago on Expedia, an online travel service. You find a flight for

$388

and are about to book it. The adware buried in your computer sees what

you're doing and automatically sends an advertisement from a different

travel service, for example, Travelocity, touting the same itinerary

for

$10 less.

 

The general idea, apart from the creepiness of being spied on, sounds

almost benign, especially since it can give a customer a bargain price.

 

In practice, it's something else. The companies the advertisers pay to

send ads out get mere pennies, or sometimes fractions of pennies, per

ad. They have little incentive to ensure that the ads are narrowly

targeted; the more they send, the more they get paid.

 

" We're dealing in a business with a lot of pennies, " said Todd Sawicki,

director of marketing at 180solutions, one of the leading companies in

delivering targeted Internet advertising.

 

The result of chasing those pennies has been a flood. Spyware is by far

the most common category of complaints received by software and

computer

manufacturers. It is responsible, for example, for up to " one-third of

operating system crashes reported to us, " said Paul Bryan, who works in

Internet security at Microsoft.

 

My case was sadly typical. Consumers have downloaded free versions of

the two most widely used antispyware programs more than 50 million

times. In the right conditions, they work fine but are more useful

after

the fact than preventive.

 

Spyware is brazenly sneaky. In fact, some manufacturers advertise their

products as tools to fight the spyware they install. Then they charge

customers to remove it. Eshelman calls such programs " betrayware. "

 

" What these programs have in common, " said Ari Schwarz of the Center

for

Democracy and Technology, an advocacy group in Washington, " is a lack

of

transparency and an absence of respect for users' ability to control

their own computers and Internet connections. "

 

The people who manufacture the code that becomes spyware argue that

they

are not purposefully setting out to irritate millions of people. They

contract the distribution of their software to third-party vendors.

Sawicki of 180solutions said his industry had been victimized, too.

 

" We're not trying to be some company stomping on consumers, " he said,

but acknowledged the company had not been careful enough in overseeing

the vendors it hired to distribute its programs.

 

Also, 180's program, nCase, is notorious in the antispyware community

both for the amount of advertisements it sends to individual computers

(hundreds per day) and its near impossibility to remove. Many spyware

programs, like nCase, hide themselves so well they can't be removed

even

if found by the standard uninstall features of Microsoft Windows.

 

180solutions has acknowledged this, although not directly, by promoting

a replacement program, which is supposed to be more transparent, less

intrusive and easier to remove.

 

Maybe so, but many weeks after Sawicki spoke, a friend called and

reported that his computer had been hit by a rash of spyware. With the

tools from AumHa, we looked inside, and there sat nCase.

 

Exactly how it got there was, as usual, impossible to determine.

Sawicki

blames the problems on " guys in Bermuda, offshore. They're the online

equivalent of spammers. We want them to die a slow and painful death. "

 

 

 

In lieu of death, various law-making bodies, including Congress and the

California Legislature, have debated antispyware laws, but so far have

not come up with anything those in the business think will be

effective.

 

The Federal Trade Commission has established a spyware task force and

filed a handful of lawsuits under existing fraud laws against spyware

distributors, but they've had little broad effect. Often, it isn't even

the spyware itself that is illegal, but the method of distribution,

which is hard to track.

 

Even when investigators have been able to uncover a distribution

source,

many have been beyond U.S. jurisdiction. Rumors variously place the

distribution of most spyware in the hands of the Russian mafia,

Caribbean expatriates and even Al Qaeda.

 

All of which leaves the Sanskrit posses with their fingers in a very

unstable dike. They're doing what amounts to heroic work in nearly

complete anonymity.

 

For a brief time, Microsoft cut its backing for its own online support

forums, but quickly realized it would be overwhelmed with problems that

the forums were addressing. Instead, it redoubled its assistance to the

forums.

 

These volunteer efforts turn the common depiction of computer

cognoscenti as isolated, antisocial geeks upside-down.

 

Eshelman works a full-time IT job in Burbank. He spends almost the

equal

of another full-time job working at AumHa. Dyer guesses he spends more

time online offering help than he does making a living.

 

Other AumHa volunteers regularly quit volunteering because they become

so consumed with the work, and passionate about it, that it overwhelms

their non-Web lives.

 

They almost always come back, though. The bunch of them, and others at

similar sites, say they feel as though they're caught up in a great

struggle and feel honor-bound to continue.

 

" It's war, " Eshelman said.

--