Computer Users Face a New Scourge in Spyware

SAN FRANCISCO -- Chuck Harris remembers when the Internet was fun and he'd spend hours reading his favorite news sites, checking the church calendar, browsing the shops. Then, a few weeks ago, he lost control of his computer. It turned into a giant electronic billboard.

The web browser was taken over by a company he didn't recognize. Pop-up windows tried to download stuff he didn't ask for. Strange icons kept appearing offering low home mortgage loans and sexual enhancement pills he didn't want.

Harris spent days trying to fix the computer, but the programs had multiplied to the point where he couldn't run anything else and he decided to give up on the machine. Last week, the 68-year-old retired aerospace engineer from Yorktown, Virginia, shelled out $1,000 for a new computer, but now he and his wife, Dorothy, use it only when absolutely necessary.

"We have just about quit using the computer," he said. "It isn't worth the aggravation."

As if computer users didn't have enough to worry about with hackers, viruses, spam, and other online menaces, now comes a new scourge.

Millions of consumers like Harris have been struggling with a recent surge in what computer experts call spyware or adware.

The terms apply to a broad range of programs that users download from the Internet, usually without intending to. Unlike the occasional pop-up ad, these electronic hitchhikers are hidden programs that stay on the computer's hard drive. They keep serving up advertisements, redirecting browsers to certain web pages or reporting the computer user's movements and personal information. Or all of the above.

Some spyware comes attached to free, brand-name software that users want and install themselves -- instant-message, video-player and file-sharing programs, for example. A reference to the spyware may be included in the legal jargon of one of those on-screen installation agreements that computer users routinely accept with the casual click of a "yes" button.

Others come unbidden as a side effect of browsing shady sites. Many appear on people's machines simply because they are connected to the Internet.

Experts estimate that tens of thousands of spyware and adware programs circulate on the Internet. For now, the problem of such unauthorized software almost exclusively affects Microsoft Windows users. It's by far the most popular operating system and the same features that make it so versatile also make it easier for intruders to secretly run programs on it.

The National Cyber Security Alliance, a partnership between the tech industry and the U.S. Homeland Security Department, estimates that 90 percent of computers using high-speed Internet connections have collected at least one spyware or adware program, causing a loss in productivity, extra customer support, and repairs.

Members of Congress say their offices are fielding an increasing number of constituent complaints about the problem. Two bills that aim to address the problem passed the House last week. One, sponsored by Representative Mary Bono of California, who first became aware of the problem when her teenage children's computers were affected, calls for civil fines of up to $3 million for those who use spyware to defraud consumers. Her bill would also require companies to post more conspicuous notifications that their software might come with adware. Another, introduced by Robert Goodlatte, Zoe Lofgren and Lamar Smith, would allocate $10 million for the Justice Department to fight spyware.

"Spyware is a very real problem that is endangering consumers, damaging businesses, and creating millions of dollars of additional costs," Lofgren said after a spyware bill was passed Thursday.

A coalition of technology companies, many of which have resisted regulation in the past, have rallied behind a spyware bill.

Using a computer was supposed to get easier, not harder. At the height of the dot-com boom, companies promised "plug and play" functionality so that even "dummies" could use the latest technologies to download music, create family videos and build blogs.

But along the way something changed. The Internet got a lot more dangerous, forcing consumers to take on more responsibility for protecting their machines.

Harris installed a firewall to protect against hackers, a virus protection program to stop online bugs. He made sure to use e-mail on the web rather than a program that downloads it -- and possible spam and other annoying or nefarious agents -- to his computer. He avoided installing instant messenger and chat-room programs, many of which are known to be associated with adware.

"All, apparently, to no avail," he said.

Harris said he equates the problem to "someone breaking into your house and someone saying you didn't have enough locks on your doors." He believes more responsibility should fall on companies to make sure the machines are protected. "I drive an 18-year-old car and a 12-year-old truck and have a 10-year-old dishwasher. They are still functional. But not the computer."

It is difficult for even the most technology-savvy to avoid the problem.

The SANS Institute, a Bethesda, Maryland-based computer security research center, has studied what it calls the "survival time" of an unprotected computer hooked up to the Internet. A year ago, the average time before it was compromised was about 55 minutes. Today it's 20 minutes.

Meanwhile, the problem of adware and spyware is creating a new type of Internet user -- one who is disenchanted with promises of technological bells and whistles and just wants the basics to work. They are foregoing multimedia programs, basically using their computers as typewriters.

Harris and his wife are in that group.

"I used to feel that the Internet had tremendous potential for communication and was a wonderful tool to use," he said. "I don't anymore."