These invaders don't affect Macs. It might be time to switch.
Al Fasoldt's reviews and commentaries, continuously available online since 1983

T e c h n o f i l e
Why you need to guard against spyware and zombieware on your Windows PC

Nov. 14, 2004

By Al Fasoldt
Copyright © 2004, Al Fasoldt
Copyright © 2004, The Post-Standard

   Windows users whose PCs are connected to the Internet have two new invaders to worry about -- spyware and zombieware.
   Spyware, the term for software that installs itself on your computer to pester you with popup ads and monitor what you do, has infected 90 percent of all Windows PCs, according to a survey by Dell, the largest maker of Windows computers. My own estimate is that a typical Windows PC with an Internet connection has 30 to 50 spyware infections.
   Zombieware is a special kind of spyware. It takes over your computer during the time you're asleep or at work and turns the PC into a relay for sending spam, viruses or spyware to other computers through your PC's Internet connection. Symantec, which tracks viruses and other invasive software, estimates that 30,000 PCs worldwide are turned into zombies every day.
   Spyware is an enormous problem. I've heard from many Windows users who said they've removed hundreds of spyware infections from their PCs, and I know of two instances where users reported finding more than 1,000 infections on a single PC. Such massive spyware infections hobble basic functions and make the computer run very slowly, as you might expect.
   But the real danger comes from the behind-the-scenes theft of personal information such as passwords, financial records and e-mail addresses. This information is passed to Internet sites, usually during the night, and is often sold to other spyware creators, to unscrupulous marketing companies and to spammers.
   The danger of zombieware is just as great. Networks of zombie PCs have been implicated in denial-of-service attacks on Web sites in which each zombie is directed to send repeated requests to a Web server. When this is done by thousands of computers at the same time, the attacks overwork the server and knock it out.
   Spyware and zombieware often use standard methods to infect Windows computers. (Apple's Macintosh computers are not affected.) They can get in through e-mail attachments the same way viruses do, to name one method. But they sometimes use an insidious trick, "going along for the ride" when you install what seems like legitimate software. The installation program can slip spyware and zombieware into the PC while you are installing a game or Internet toolbar, for example.
   Windows PCs generally have no built-in protection against spyware and zombieware. Even Windows XP computers that have been patched with Service Pack 2 are vulnerable, as I found out the first time I booted up my new Windows XP computer, which came with Service Pack 2 installed, a few weeks ago; it was hit by spyware within the first five minutes.
   Windows users have to supply their own protection. I recommend four methods:
   1. Use a firewall. I recommend a hardware firewall if you have a broadband (cable or DSL) connection. Use a software firewall otherwise. I use a Linksys hardware router-firewall and have been very satisfied, but there are other brands that do a good job.
   No-cost software firewalls include a disappointingly weak one built into Windows XP and a well regarded program called ZoneAlarm from www.zonelabs.com. You can also buy a heavy-duty version of ZoneAlarm. (Zone Labs makes the free version a little hard to find. Get to it easily by searching Google with the term DOWNLOAD FREE ZONEALARM.)
   2. Run good spyware-removal software. I like Ad-Aware and Spybot, two established programs, and have been beta-testing a new spyware killer called CounterSpy that also seems impressive.
   Ad-Aware has a free version at www.lavasoftusa.com/software/adaware/. (Look for Ad-Aware SE Personal.) For Spybot, which is also free, go to www.safer-networking.org/en/index.html. Find out more about Counterspy at www.sunbelt-software.com/product.cfm?id=410. Counterspy costs $20 for the first year and $10 a year after that.
   3. Get serious about e-mail attachments. Tell others in your family to do the same. Don't trust attachments you didn't specifically ask for and don't trust ANY attachments if you don't know what they are. Delete all attachments that don't meet those two simple requirements.
   4. Deactivate your Windows computer when you are not using it. Do this by plugging it into a power strip that has an on/off button and turning off the power after you have shut down the PC. Zombieware can't force a Windows PC to do anything when it's not plugged in.
   Above all, consider your options the next time you are shopping for a personal computer. Apple's Macintosh OS X computers handle computing chores the same way Windows PCs do without the dangers of spyware and zombieware. They're also free from viruses.