Erase Your Browser's Footprints, Part 1 The Annoyance: I surf the Web every day and never give a thought to online threats. But what about the information on my surfing stored on my PC? Can anyone simply walk up to my computer and see where I've been and what I've been up to? The Fix: You bet. A web browser like Internet Explorer can build an amazing dossier on you and your interests, available to anyone who sits at your keyboard while you're away. (Of course, first they have to get at your browser see Chapter 2, "One Computer, Many Eyeballs," for information on how to limit access to your machine.) They can see the pages you've looked at, the places you've shopped, the terms you've searched for, and much more. Fortunately, there are ways to cover your tracks and keep your browsing habits private. As with most of life's odious chores you can either do the job yourself or hire someone else in this case a software utility to do your dirty work. Here's the DIY route. Step 1: Forget Your History. By default, Internet Explorer 6.x and Mozilla Firefox 1.0 maintain nearly three weeks worth of browsing history (Netscape 7.x and 8.x store a mere 9 days by default). That can be handy for those senior moments when you know you saw a fascinating web page last week but can't remember when or where; unfortunately, it's also like having a digital gumshoe on your trail. To erase your history in IE 6.0, go to Tools Internet Options, click the General tab, click the Clear History button, and then OK. Now youre back to square one. To keep IE from recording your future wanderings, in the same dialog box set the "Days to keep pages in history" to 0. (But if you have another senior moment, you're on your own.) In Netscape 7.x, you'd select Edit Preferences, double-click Navigator in the left-hand pane and select History, then click Clear History. In the same window you can also set the number of days you want Netscape to remember your web travels. Then click OK. In Netscape 8.0, you'd select ToolsOptionsPrivacy, then click the Clear button next to the Page History item. Click the + sign next to Page History and tell Netscape how many days you want it to remember your web travels. To have Netscape erase its memory when youre done surfing, check the "Clear Page History on browser exit" box and click OK. In Firefox the steps are virtually identical (not surprising, since both browsers are based on the same open-source code). Choose ToolsOptionsPrivacy, and then click the Clear button next to the History window. Click the + sign next to History, and you can tell Firefox how good you want its memory to be. You can use this same window to clean out your cookies, file cache, and other traces of your surfing past (see "Make Web Forms Shoot Blanks). Step 2: Dunk Your Cookies. Nearly every site likes to leave a little snack behind in your cookies folder. Some are temporary and may get deleted when you close the browser; others can linger for years. At the very least, a cookie contains the address of a web site you viewed even if it was only an ad placed by another site. To erase the temporary cookies in IE 6.0, go to ToolsInternet Options, click the General tab, then click the Delete Cookies button. Youll still have your permanent cookies the ones that help you automatically log onto sites where you've registered or remember your preferences for a particular site. If you want to lose those as well, you must manually delete them from your cookies directory; on an XP system, they're typically in \Documents and Settings\yourname\Cookies. Select them all and press Delete. To crush cookies in Netscape 7.x, go to ToolsCookie ManagerManage Stored Cookies. In the next dialog box you can select which cookies to delete or simply click Remove All Cookies and then Close to nuke them en masse. Just remember, this last step will also delete permanent cookies you might want to keep. To crush cookies in Netscape 8.0, go to ToolsOptionsPrivacy, and click the + sign next to Cookies. To remove some but not all cookies, click the View Cookies button, select the web sites whose cookies you dont want to keep, and click Remove Cookie. To crumble all the cookies at once, click Remove All Cookies. Step 3: Clear out your files. IE may download graphics and other content from sites to speed up page displays. These files can give away where you've been. So open up the familiar ToolsInternet Options box and click the Delete Files button; in the ensuing dialog box, check the "Delete all offline content box, then click OK. This will nuke any images or other content stored on your hard drive. (It will also make frequently visited web sites a little slower to load at first.) To accomplish the same trick in Netscape 7.x, select EditPreferences, and double-click Advanced in the left-hand pane. Select Cache, then click the Clear Cache button. If you dont want Navigator to cache web content in the future, set the Cache setting to 0MB. Then click OK. In Netscape 8.0 the steps are slightly different. Select ToolsOptionsPrivacy, and click the Clear button next to Cache. If you dont want Navigator to cache web content in the future, click the + sign next to Cache, and check the "Clear Cache on browser exit" box. When you're done customizing Netscape's privacy settings, click OK. Step 4: Fire those temps. IE squirrels even more files away in temp folders, whose contents you'll have to delete manually. Windows XP users will generally find them in the \Documents and Settings\yourname\Local Settings\Temp and \Temporary Internet Files folders. (Netscape buries its Cache folder even deeper in a subfolder under \Documents and Settings\yourname\Application Data\Mozilla\Profiles\yourname) You may need to go in and periodically clear them out to fully cover your tracks.
Erase Your Browser's Footprints, Part Deux The Annoyance: Oy! Do I really have to do all this every time I use Internet Explorer or Netscape? Surely there's an easier way. The Fix: There is, but it'll cost ya. For wall to wall protection, WinGuide's Privacy Guardian for Windows ($30, limited-feature free trial available, http://www.winguides.com) can automatically clear histories and tons of other incriminating data for IE, Netscape, Firefox, and the Opera browser, as well as Windows and Microsoft Office apps. You can schedule it to run at startup or have it clean house several times a day; you can even tell it to "bleach" free disk space so that any lingering traces of data are unrecoverable even by the CIA. And it's truly a snap to use. Though a smidge more expensive and trickier to use, CyberScrub Privacy Suite Professional 4.0 ($50, 15-day free trial, http://www.cyberscrub.com) offers slightly broader protection, such as cleaning out the traces left behind by dozens of apps, including AOL 9.0's browser.
Make Web Forms Shoot Blanks The Annoyance: Every time I start to fill in the blanks on a web form, my browser pops open a little window showing me stuff I've typed before that's similar to it including my address, phone numbers, and sometimes even my credit card numbers. Can anyone who uses my computer also get this information simply by typing a few keys at random? The Fix: Yes, they can. But this is another situation where you must balance privacy and convenience. It's a pain in the carpals to continually retype your shipping address or phone number on each web site. Fortunately, the major browsers give you some control over the information they store. In IE 6.0, select ToolsInternet Options, click the Content tab, then click the AutoComplete button. To make IE forget what youve filled out, click the Clear Forms button, and then click OK to confirm. You can also do the same for your passwords by clicking Clear Passwords and OK. Of course, IE will then start remembering your keystrokes all over again. To tell IE to forget what you've typed into the browser's address window, online forms, and login screens, uncheck the boxes next to each item in the AutoComplete Settings dialog box, then click OK twice. Netscape 7.x gives you a lot more control. Select ToolsForm ManagerEdit Form Info. Here you can provide your shipping and billing addresses, phone numbers, even your credit card and Social Security info (if you dare). Personally, Id recommend filling in your credit card info manually on sites you trust, and not sharing your SSN online anywhere if you can avoid it. If you later decide Netscape should not be so free and easy with your data, select Remove All Saved Data and start over with a blank slate. In Firefox, select ToolsOptionsPrivacy. Here you can erase your browser history, form information, passwords, downloads, cookies and cache files by clicking the Clear button next to each category; to nuke everything at once click Clear All (see Figure 3-1). If you dont want Firefox to remember what you've filled in, click the + sign next to Saved Form Information and uncheck the "Save information I enter into web page forms and the Search bar" box. When you're done, click OK. annoyances 3-1. Among its many other benefits, Firefox provides an easy way to clear out cookies, file cache, and other evidence of your web surfing history 
Rewrite Netscape's History The Annoyance: I've cleared my history in Netscape, but the names of some web sites still show up when I click the down arrow in the address bar. The Fix: You've discovered one of the chinks in Netscape 7.x's armor. Unlike IE, Navigator doesn't automatically clear out the names of web sites you've typed into the address bar. To wipe these out, go into EditPreferencesHistory and click the Clear Location Bar button. (This problem is solved in the Netscape 8.0.) Maximum Privacy, Maximum Headaches The Annoyance: I set my browser's privacy to its highest possible setting. But now I can't log onto any of my favorite web sites. What gives? The Fix: At its highest privacy setting, IE 6 blocks all cookies, including those already planted on your hard disk. Unfortunately, many sites including the New York Times web site and sites like Hotmail that require Microsoft .NET passports to log in say 'no cookie, no entry.' Nice, eh? You'll need to crank down IE's privacy settings in order to access these sites. So open the ever-popular ToolsInternet Options, click the Privacy tab, and move the slider bar to Medium High (see Figure 3-2). That setting allows some sites to plant cookies but not others. You can also customize IEs automated cookie settings. In the Privacy tab window click the Advanced button and check the "Override automatic cookie handling" box. Now you can tell IE to accept all first-party cookies (those set by the site you're visiting) and block third-party cookies (those set by another site, such as a banner advertiser), or to prompt you each time so you can make decisions on the fly. (For more information on which cookies to accept, see "How the Cookies Crumble.".) annoyances 3-2. Hang 'em high. Well, medium high. IE 6.0 lets you adjust your browser's privacy settings higher than many sites (including Microsoft's) can tolerate. Medium High is usually the best compromise, allowing some sites to place their cookies on your PC while crumbling those delivered by other sites. 
In Netscape 7.x, use EditPreferencesPrivacy and SecurityCookies, then select "Enable cookies for the originating web site only." This allows, say, nytimes.com to set cookies on your hard drive (so you can log in), but forbids banner ads on the Times site from feeding you cookies. Firefox fans should select ToolsOptionsPrivacy, click the + sign next to Cookies, then check the boxes next to "Allow sites to set cookies and "for the originating site only." In the drop-down menu under Keep Cookies, select "Until they expire." That way, you can keep the helpful cookies like the ones that contain your login information and site preferences while rejecting the nosy ones.  | Security guru Steve Gibson (see his site at http://grc.com) has another approach to browser safety. He leaves his browser on its highest possible security setting, then creates exceptions for web sites he trusts and uses on a regular basis (such as Amazon or CNN). To do this in IE 6.0, select ToolsInternet Options, click the Privacy tab, and move the slider all the way up so it reads "Block All Cookies." Then go to the Security tab, click the Trusted sites icon, click the Sites button, and type in the names of sites whose cookies youre willing to accept. Click the Add button and then OK twice. |
|
TEN ESSENTIAL PRIVACY TOOLS Hackers, viruses, spam, spyware it's just not safe to go on the Net unarmed. Here's a quick quide to essential tools for safeguarding your privacy; most cost from $20 to $40, and many are available for free or a nominal license fee. My recommendation? Get a security suite that combines several tools in one. Suites are both easier to use (only one interface to master) and significantly cheaper than buying each piece separately. For my money ZoneLabs' ZoneAlarm Security Suite ($40 annually, http://www.zonelabs.com) offers the widest range of tools and is the easiest to use. Firewall: This software is like a bouncer at a nightclub nobody gets in or out until your firewall gives the thumbs up. The best firewalls make your PC invisible to hackers trolling the Net and alert you if a program tries to do something it shouldn't (e.g., send data across the Net without your permission). Recommendation: ZoneLabs Suite. Cheapskates might check out ZoneLabs' free download (http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp), which provides basic firewall protection. Anti-virus package: Prowls your computer's hard disk, memory, and email/IM traffic looking for malicious software to neutralize, using a constantly updated list of viral signatures to identify them. The best A/V programs automatically update their signature lists several times a week and make it easy to scan individual files or your entire disk. Recommendation: ZoneLabs Security Suite or Norton AntiVirus 2005 ($50, http://www.symantec.com). Spam filter: Scans your incoming email and shunts suspect messages into a penalty box so you can get to your legitimate mail. If your inbox looks like a junkyard, these filters can be a real time saver. The best ones, such as MailFrontier Desktop ($30, http://www.mailfrontier.com), install automatically inside Outlook or Outlook Express. Recommendation: ZoneLabs Suite comes with MailFrontier built in; a good standalone alternative is Qurb ($30, http://www.qurb.com). Phish detector: Keeps your spam filter from being fooled by a "phisher" email a message that lures you to a fake web site so scammers can steal your account information. (Qurb and MailFrontier both feature special tools for identifying phisher mail another good reason to use them.) Recommendation: EarthLink's free IE Toolbar can keep you from reaching fake sites set up by phishers; toolbars for Firefox and other browsers are due out later this year. (See "Don't Bank on It.") Adware/spyware blocker: Scans your system for secretly installed programs that can barrage you with pop up ads (or worse, report on your web movements), and eradicates them. Recommendation: Sunbelt Software's CounterSpy ($20 annually, http://www.sunbelt-software.com) or WebRoot's Spy Sweeper ($30 annually, http://www.webroot.com). Pop-up blocker: Stops annoying advertisements that can install spyware or other malicious software on your computer. Firefox, IE (with Service Pack 2), and Netscape all come with pop-up blockers, but none is foolproof. Recommendation: if your browser isn't doing the trick, STOPZilla ($30 annually, http://www.stopzilla.com) surely will; it can also eradicate spyware. Cookie manager: Lets you control what sites can leave identifying files (cookies) on your hard drive; built into most recent browsers. Recommendation: ZoneAlarm Suite's cookie manager is easier to use than IE's, Firefox's, or Netscape's. Privacy guard: Keeps sensitive information like your Social Security Number or credit card numbers from inadvertently being sent over the Net via web forms, email, or Instant Messages. Recommendation: ZoneAlarm Suite. Encryption software: Scrambles data so no one else can access it, or makes your email unreadable to all but the intended recipient. Especially important for business pros who need to transmit sensitive information online. Recommendation: HushMail (http://www.hushmail.com), which comes in a free web-only version. The $30 paid version gives you more storage, comes with tech support, and can work inside Outlook. Web monitor: Blocks web sites with objectionable content, used widely in schools and households with small children. The apps can be helpful but only with regular parental input. ZoneLabs' Suite has a web monitor, but you can't tweak the settings to block only certain sites in a category (e.g., Online Games or Shopping) while allowing others. Recommendation: NetNanny ($40, http://www.netnanny.com) gives you more features and flexibility. |
HOW THE COOKIES CRUMBLE Despite the tasty-sounding name, some folks find cookies a little hard to swallow. These tiny text files, deposited by web sites on your computer's hard drive, usually contain nothing more than the site's address and a series of letters and numbers that look like gibberish. But when you revisit a web site, it can read the cookie, use that information to locate you in the site's database, and then customize the page to, say, display a personal greeting or access your account information. However, some types of cookies are used for less benign purposes such as tracking your movements across the Web which is why there's such a hullaballoo about them. The different flavors: First-party cookies. Set by the site you're visiting, these cookies usually contain information to help the site verify your identity and customize pages to your liking. If you've registered for the site, the cookie may contain personally identifiable information such as your name and email address. Third-party cookies. These cookies are deposited by web sites other than the one you're visiting for instance, banner ad networks. These cookies tell advertisers how many people saw the ad and what page they saw it on. That's useful for them, but since they can record the site you've visited, such cookies could be used to track your movements from site to site. Adware and spyware programs use such tracking cookies to pummel you with pop-up ads. Temporary (or session) cookies. These cookies disappear once you close your browser. Some browsers (such as Netscape) can be set to accept session cookies only from certain sites. Permanent (or persistent) cookies. These cookies live on your hard drive long after your browser session has ended, providing irrefutable evidence that you've been visiting http://www.senatorspanking.com. Managing cookies is confusing, which is why the major browsers do their best to automate the process for you. When in doubt, only accept cookies from sites you trust, and only first-party cookies at that (see "Maximum Privacy, Maximum Headaches"). A good anti-spyware program will also help you separate the good cookies from the evil ones. |
Tell People Finders to Get Lost The Annoyance: I just typed my phone number into Google and boy did I get a shock it had my name, phone number, address, even a map to my house. It's like The Complete Stalker's Toolkit. How do I "un-Google" myself? The Fix: I've got some bad news; it's not just Google. You may well be listed in any number of online directories, such as AnyWho, Whitepages.com, Switchboard.com, and so on (see Table 3-1). Online directories buy this information from data brokers, who get their data from phone directories and other public and private sources. Some like InfoSpace, Switchboard.com, and Yahoo People Search obtain their listings from Acxiom, a major U.S. data vendor. You can ask Acxiom to remove your data by sending email to optout@acxiom.com or calling 1-877-774-2094; either way, they'll mail you an opt-out form to send back. But you'll still need to visit each directory and remove yourself, because your data can linger for months and even years. (See Table 3-1 for ways to get removed from major online directories.) In some cases, you may have to call, send a letter, or respond to an email to confirm the deletion. You should also remember to unlist your phone number with your local phone company, otherwise this information will end up in the white pages, and thence online, and you'll have to start all over again. But remember: delisting yourself will make it harder for old college roommates or ex-spouses to look you up (which may be a good thing). Table 3-1. Directory assistance.AnyWho | http://www.anywho.com/help/privacy_list.html |
|---|
Google | http://www.google.com/help/pbremoval.html | Lycos WhoWhere | http://help.lycos.com/peoplesearch/ps_help_form.asp | Switchboard.com | http://www.switchboard.com/bin/cgiqa.dll?LNK=24:3&MEM=1&FUNC=DELETE and click the Add/Remove Listing link. | Whitepages.com | http://www.whitepages.com/0000/cust_serv/removal_form | Yahoo people search | http://help.yahoo.com/help/us/yps/yps-03.html |
Fend off Cyber Stalkers The Annoyance: Virtually every online directory is full of ads hawking background searches, criminal record checks, even photos of my house! Can they really do this? The Fix: You'd be shocked by how much information anyone can get about you for a few dollars. For about $20 to $60, you can order a background check from sites such as Intelius (http://intelius.com), US Search (http://ussearch.com), or KnowX (http://www.knowx.com) and get a list of former addresses, past and current neighbors, marriages, bankruptcies, tax liens, and more. Drop another $30 to $60 and you can look up someone's criminal record, while $5 to $15 buys a grainy satellite photo of someone's house from PeopleData.com (useful if you're planning an aerial attack, I suppose). See Figure 3-3. annoyances 3-3. "Pilot to bombardier, we have acquired the target." Along with names, address, and various other bits of personal info, PeopleData will sell you a grainy satellite photo of virtually any building you specify. 
Most of this information is available for free in phonebooks, county courthouses, and public records databases; you can even get free aerial photos from MSN's TerraServer (http://terraserver.homeadvisor.msn.com/default.aspx). Online data brokers just collate it and make it accessible to anyone willing to pay for it like stalkers, disgruntled former employees, identity thieves, or anyone else who has it in for you. Nice, eh? The good news is that, if you ask nicely, some brokers will remove your information from their databases, though they can't remove it from the original data sources, since it's in the public record and can't be deleted. The bad news is the process is tedious, time consuming, and surprise! could compromise your privacy by requiring you to send sensitive information through the U.S. mail. | Don't touch that pop-up. It may look inviting, but clicking certain pop-ups can send a signal to a distant server to install spyware or other nasty bits of code on your machine. In fact, if you're using IE and you haven't installed the current security patches, you don't even have to click a malicious pop-up ad can infect your computer simply by loading into your browser. The rule: look but don't touch (better yet, don't even look), and patch your OS pronto. |
|
First, run a search on your name and number to find out if your info is even in the site's database. If it is, you'll have to contact each site individually and ask to be removed. You'll usually find this information in the site's Privacy Policy (see the "How to Read a Privacy Policy" sidebar). To opt out of PeopleData, for example, you send an email to customerservice@peopledata.com, listing your name, address, phone number, and date of birth. To remove yourself from some (but not all) searches on US Search, you'll need to mail a letter to: US Search asks you to supply your name, email address, current and former street addresses, date of birth, Social Security Number, and any aliases you might be using. (Then just hope nobody steals the letter out of your mailbox.) Intelius's web site says it does not honor opt-out requests, but Ed Petersen, the company's vice president for consumer affairs, says you can remove your name by calling Intelius's customer service line at (425) 974-6100. Make Ad Weasels Go Pop The Annoyance: I hate it when ads pop up in front of me when I'm trying to read something on a web page. What can I do to nuke these annoying things? The Fix: Get yourself a pop-up blocker or better yet, switch to a browser that has one built in. Netscape 7.x, Firefox, Opera (http://www.opera.com), and Mozilla (http://www.mozilla.org/products/mozilla1.x/) all come with their own pop-up blockers; Windows XP's Service Pack 2 adds one to IE 6 (see "Making the Move to Service Pack 2" sidebar). Earthlink, Google, and Yahoo also offer free pop-up stopping toolbars that install inside IE. For reliable popup stoppage at a price, the $30 STOPZilla (http://www.stopzilla.com) is my personal favorite; it can also clean out IE's browser history and block adware. But no pop-up blocker works perfectly, and many ads still manage to get around these blockers. With more sites using pop-up windows to deliver useful information like printer-friendly versions of articles you'll also spend a fair amount of time creating exceptions for your favorite sites. Spies You Should Despise The Annoyance: OK, I installed a pop-up blocker. But I'm still getting swarmed by browser windows filled with sleazy ads. Help! The Fix: It sounds like your problem isn't pop-up ads, but adware or spyware probably delivered when you downloaded a file-sharing or animated cursor app. Typical adware apps just track your movements on the Web and serve up advertisements, but some spyware apps can hijack your browser, steal your personal information, or let a remote hacker take control of your system. (For the deep dish on spyware and adware, visit Counterexploitation at http://cexx.org/adware.htm.) Here are five ways to detect a spy in your midst: Some cocky programs will tell you that you're about to install ad-serving software along with the app. They may notify you via a pop-up box during install, or bury this information inside the End User Licensing Agreement. The easiest way to read a EULA is to select all the text inside the EULA dialog during install, then copy and paste it into a document before you click the "I Accept" button. (In Windows, press Ctrl-A to select all the text, Ctrl-C to copy it, and Ctrl-V to paste it.) If the EULA says a condition of using the software is accepting adware or spyware, don't install it. There's almost always a spyware-free program available that does the same thing. (For more on sneaky license agreements, see "EULA Be Sorry You Did.") Few spyware apps are this up-front, so look for clues. For example, if your browser's home page has suddenly changed, strange items appear in your browser menus or your bookmarks, or your system's performance suddenly sucks, there's a good chance you've been infiltrated. (See "Die Spy Die!" for advice on how to remove it.) Spyware often loads at startup and runs continuously thereafter. Close all your applications so it's just you and your desktop. Launch the Windows Task Manager by pressing Ctrl-Alt-Del (just once, please), then select the Processes tab. Note the name of any processes that look suspicious for example, the User Name is blank or says "unknown" and type the name of the file in the "Search the spyware database" field at SpywareGuide (http://spyware-guide.com). If it's not in the site's spyware list, type the name into Google and see what comes back; it may be an obscure Windows applet. Look at what Windows loads at startup. Select StartRun, type msconfig in the Run box, click OK, and select the Startup tab. Scroll down the list of items and look for any checked items that reside in an unfamiliar folder or dont seem to be associated with anything you've installed. Check with SpywareGuide and run Google searches on these files as well. Finally, run a spyware scanner. Earthlink (http://www.earthlink.net/software/nmfree/spyaudit/) and PestScan online Spyware Detector (http://www.pestscan.com) both offer free downloadable applets that scan your system and report on infestations. But neither tool can solve your problem. For that, you'll have to buy a dedicated anti-spyware utility.
Die Spy Die! The Annoyance: Ok, I've caught a spy lurking on my system. Now what? The Fix: Spyware is notoriously hard to remove by yourself. Even if you can delete the pest, it may resintall itself the next time you start your computer. So the best solution is to get a tool that removes it for you and stops future spyware apps from slipping through. First, try out one of the free anti-spy tools available on the Internet. Spybot Search and Destroy (http://www.safer-networking.org/) is a comprehensive shareware application that can hunt down ad cookies, keyloggers, auto-dialers, and Trojan horses in addition to spies, but it may be a little daunting for newbies. Lavasoft's immensely popular Ad-Aware (http://www.lavasoftusa.com) is more limited but easier to use. The free version can scan your system and assassinate any spies it finds, while the SE Plus ($27) and SE Professional ($40) versions can prevent spyware infestations in realtime and block other malicious nogoodniks from compromising your system. EULA BE SORRY YOU DID So you download some free file-swapping software and decide to read the end user license agreement (EULA) before installing it. Sixty-three pages later you're still reading. Welcome to Claria's Gator Advertising Information Network, perhaps the most notorious piece of adware on the planet. Gator is found inside free applications such as Kazaa, eWallet, WeatherScope, DivX Pro, and Date Manager, among others. If you've ever clicked a web ad and found yourself suddenly installing software, you may have Gator on your system. Once installed, the software serves up pop-up advertisements (often for other Gator-bundled products) as you surf. As privacy advocate Ben Edelman points out on his web site (http://www.benedelman.org/news/112904-1.html), Claria's 63-page, 5,936-word agreement is chock full of hidden gems. For example, the Gator license prohibits you from using anti-spyware apps to remove it (not that they can do much to stop you). The agreement forbids the use of devices (such as network sniffers) that can detect what kind of data Gator is sending back about you. And the program is devilishly difficult to evict, especially if you've installed more than one Gator-bearing applet. In October 2003, security software vendor PC Pitstop surveyed owners of more than 7,000 PCs containing the Gator software. Three-quarters of them did not remember installing Gator. No big surprise only about 1 percent had taken more than 15 minutes to read the license agreement. For more information, including tips on how to remove Gator and recommendations for software that's similar to Kazaa et al but without the hidden adware, visit PC Pitstop's Gator Information Center at http://www.pcpitstop.com/gator/default.asp. And if you find yourself about to install free software that comes with an enormous EULA (or one that's impossible to read), resist the temptation. There's undoubtedly something in there you don't really want. |
If you're lucky, one of those programs can terminate the spy with prejudice. If not, you may need to call in reinforcements. You'll want a program that runs seamlessly in the background while you work, alerts you to any suspicious behavior, and updates itself on a near-daily basis. Webroot's Spy Sweeper ($30, http://www.webroot.com) and Sunbelt Software's CounterSpy ($20, http://www.sunbelt-software.com) both fit the bill nicely. Microsoft Windows AntiSpyware also looks promising, though it was still in beta at press time. You may need to try out several packages before you find one that purges all the spies from your machine. Change Browsers and Dance The Annoyance: I've tried everything to get rid of spyware, but no matter what I do it keeps coming back. Is it possible to surf in peace, or do I have to give up the Internet altogether? The Fix: Some spyware programs are like in-laws impossible to get rid of without a painful, messy procedure (like divorce or reformatting your hard drive). For example, there's one particularly virulent piece of spyware called Cool Web Search that hijacks your browser and then delivers an unremitting stream of sleazy pop-up ads. When you try to remove it, CWS simply reinstalls itself in dozens of new places on your computer. Alhough no browser is immune to spyware infestations, the one most often targeted is Microsoft's Internet Explorer. If IE has been overrun with spies, you may be able to use another browser such as Netscape, Firefox, Opera, or Safari for the Mac without launching a spyware attack. Just remember that some sites won't display correctly in non-Microsoft browsers, and that some services such as Microsoft's Windows Update (http://windowsupdate.microsoft.com) need IE or they simply won't work. Depending on what malware has wormed its way onto your system, the spyware may be browser-independent and launch itself anyway, even if you don't use IE. So the best plan is to switch browsers before you're infected. (See "Should You Dump Internet Explorer?.") But just using another browser isn't enough. You want to change your default browser, so every time you click a web link you don't launch IE and end up back in spyware hell. For this tip to work, Windows XP Service Pack 1 or later must be installed, and you must be logged on as the computer's administrator. WAITER, THERE'S A SPY IN MY MAC Windows PCs are not the only computers that suffer from uninvited guests, inboxes overflowing with garbage, and worse. Here are some of the top tools for keeping Mac attacks at bay. Aladdin Internet Cleanup ($30, http://www.allume.com) can clean your cache, smash cookies, combat spyware, and foil popups for the Mac versions of IE, Netscape, and Safari browsers. Jiiva AutoScrubber ($60, http://www.jiiva.com) cleans out your cookies, cache, and other online leftovers automatically as you surf. Jiiva's SuperScrubber ($30) makes sure that deleted files stay that way. SpamSieve ($25, http://www.c-command.com) integrates into all the major Mac mail clients (Applemail, Entourage, Eudora, Outlook Express, etc) and uses Bayesian filtering techniques to improve performance over time. As you label messages as spam, SpamSieve learns what you think is junk then blocks other similar email. Finally, Symantec's Norton Internet Security ($100, http://www.symantec.com) and Intego's Internet Security Barrier ($100, http://www.intego.com) can keep hackers, snoops, and viruses from violating your privacy. |
Open the Add or Remove Programs control panel, and then click the Set Program Access and Defaults button in the left column (see Figure 3-4). Select Custom and click the down arrow to the right. Select an alternate browser that you've installed, such as Firefox. (Don't worry if the "Enable access to this program" box appears to be grayed out your new browser will still work.) You can also choose different default programs for email, media player, and instant messaging from this same screen, or disable access to programs you no longer want to use (such as Internet Explorer). Click OK. The next time you click a hyperlink, your new browser should launch free of spies, at least for the time being. annoyances 3-4. Microsoft may automatically makes its browser, email software, and media player your defaults, but you don't have to take it. The Set Program Access and Defaults dialog lets you pick your own default tools-Redmond be damned. 
Shoot the Messenger The Annoyance: The other day a message popped up over my Windows system tray asking "Want sex?" (Sure I do, but I prefer to have mine with humans, not computers.) I wasn't surfing the Web and haven't downloaded anything to my hard disk. What the heck happened? The Fix: You've been had by a spammer exploiting a flaw (or, if you like, a feature) in Windows Messenger Service. Though easily confused with MSN Messenger, Microsoft's online chat software, Windows Messenger Service was designed to let network administrators communicate with folks over their corporate networks. These days, it's used by a handful of noxious spammers to spread ads for porn sites and other charming services. Fortunately the fix is easy. Simply download and install Gibson Research's free Shoot The Messenger applet at http://www.grc.com/stm/shootthemessenger.htm. Click the Disable Messenger button, and then Exit. Simplicity itself. Or, better yet, download Windows XP Service Pack 2, which turns WMS off by default (see the sidebar, "Making the Move to Service Pack 2"). SHOULD YOU DUMP INTERNET EXPLORER? It's no secret that the world's number one browser has a big bull's-eye on its back. Even the U.S. Computer Emergency Readiness Team the country's top computer security wonks says IE is way too vulnerable to attacks. In an advisory issued in June 2004, US-CERT said users should abandon IE for a more secure alternative (for the nitty-gritty, geeky details seek out http://www.kb.cert.org/vuls/id/713878). This advisory followed the discovery of malicious code known as download.ject or Scob that could be used to infect web sites and capture the keystrokes of any users who visit them. The site responsible for distributing Scob was shut down shortly after being discovered, and Microsoft says it was "unaware of any widespread customer impact" due to the code. (Then again, how would they know?) Since then, some 50 million users have downloaded and installed Firefox (http://www.getfirefox.com), a free open-source browser that gives web sites far less latitude to muck with people's computers. That doesn't mean Firefox is flawless. In its March 2005 Internet Security Threat Report, Symantec reported that Firefox had more vulnerabilities than IE, but IE's security holes were more serious. In summer 2005, Microsoft plans to release a beta of Internet Explorer 7, its first new browser release in years. According to Microsoft, the new IE will provide "stronger defenses against phishing, malicious software and spyware," though the company has yet to describe what those defenses will look like. Bottom line? No piece of software is 100 percent secure. But when you're in a shooting war, it's always a smart idea to choose the smaller target. |
|
