By John Borland
Staff Writer, CNET News.com
February 24, 2003, 4:00AM PT

EarthLink's technical support staff handles a variety of problems: broken networks, corrupted files, coffee spills--and, increasingly over the past few months, bitter complaints from subscribers about "spyware" and "adware."

Those persistent types of programs, frequently operating on computers without owners' knowledge, have spread quickly in the last year, evolving as rapidly as anti-spyware software has been able to find them. EarthLink executives estimate that 40 percent to 50 percent of the Internet service provider's subscribers have running on their machines some kind of advertising or more-malicious program, which often monitors their behavior and sends the data back to the software's parent company.

The level of complaints has risen high enough that EarthLink says it's finally looking for an official spyware-killer to distribute to its angry customers.

"That's usually not what they've originally called to report, but when they find out (the source of their problem), that's what causes the most emotional reaction," said Jim Anderson, EarthLink's vice president for product development. "They feel that their trust has been broken."

EarthLink's move toward spyware-hunting marks just one new front in a bitter war over programs that sneak onto hard drives. Security companies say that the incidence of so-called spyware, adware, sneakware and other varieties of surreptitious software is climbing dramatically, adding that the most irritating of the bunch are becoming even more difficult to stop--or even identify.

These types of programs had been available for years but became more common as free file-swapping services such as Kazaa and Imesh began bundling these ad-supported programs with their software to help pay their bills. Today, many programs are automatically installed when a person views an unsolicited HTML (Hypertext Markup Language) e-mail or visits Web pages that activate a "drive-by download."

The most benign of these programs simply serve advertisements. Others can collect detailed information about a viewer's behavior and send it back to a parent company the person likely knows nothing about. Many change the settings of a browser or other software, sometimes in ways that only someone with sophisticated technical knowledge can reverse.

None of this is illegal, and in most cases, notice of such functions is contained somewhere in a piece of software's terms of service or license agreement. But critics say few people read these agreements. As a result, incautious surfers can often unknowingly wind up with software that monitors their behavior, soaks up their computing and network resources, and can even damage their computers, in extreme cases.

Large businesses too are concerned, as many of these programs--sometimes downloaded unwittingly by employees surfing the Net--use corporate networks to send data back to their parent companies. For businesses that spend hundreds of thousands of dollars on firewalls and security, that's an unacceptable risk.

"Since last fall, we've seen a real spike in corporate customers purchasing our software because of spyware," said Pete Cafarchio, vice president of business development at Pest Patrol, whose software helps identify and eliminate a long list of "pest" programs, ranging from comparatively benign adware to viruses and Trojan horses. "Their argument is that there can be no unauthorized (network) communication."

The last year has seen a steep rise in the number of companies and products aimed at eradicating or mitigating the effects of these surreptitious programs. Software such as Pest Patrol, Spybot--Search & Destroy and Lavasoft's Ad-Aware are popular hard-drive cleaners. Personal firewalls like ZoneLab's ZoneAlarm help prevent unauthorized programs from using network connections to contact the outside world without permission.

At the same time, however, adware and spyware program writers have met the challenge with creative new means of distribution and installation.

Recent months have seen a spurt in so-called browser helper objects (BHO), which attach themselves limpetlike to Microsoft's Internet Explorer browser software and act as a toolbar or other browser plug-in. The worst of these can radically change browser settings, including home pages and bookmarks, and make it difficult or impossible for people to change these back without their knowing how to manipulate the Windows registry. Recent examples of these, distributed by Web advertising portals Lop.com and Xupiter.com, redirected browsers to their respective sites at every available opportunity.

Some of these programs are getting better at sinking roots deep into a computers' operating system, making removal impractical. A widely distributed marketing program called "CommonName" recently changed its code, so that removing it with software such as Spybot made it impossible for the affected computer to access the Net.

Distribution methods are becoming increasingly creative as well, going well beyond the tested means of piggybacking on peer-to-peer or other types of software.

In one recent example, a small piece of advertising software was installed quietly on the machines of people who played a popular post-Sept. 11 Java game called "Yo Mamma, Osama!" That software activated itself every three minutes, to send data back to its home company, and stayed on machines long after the game was finished, Pest Patrol's Cafarchio said.

		Special report PC's enemy within Why the Net needs new laws.

Setting Internet Explorer security settings to high or medium can help guard against these download attempts, security experts say. Examining a PC's system with one of several free anti-spyware programs can also help people understand what is running on their computer, though they cannot guarantee absolute protection against new forms of the surreptitious technology.

"Spyware makers are looking for new, better-hidden places in the system to anchor themselves," Spybot creator Patrick Kolla said in an e-mail interview. "The challenge for any anti-spyware software lies here in keeping the detection mechanisms as well as the detection database up-to-date at the same time."

While it is clear that concern about clandestine software is growing, it is less evident exactly what the concern is about. Figures on the spread of adware and spyware are hard to come by, and definitions of the categories are vague at best. That has made fighting the phenomenon difficult, and some adware companies say they are being unfairly targeted.

In a list of the most prevalent software "pests" issued in February, Pest Patrol cited software released by an ad software company called Gator as far and away the most common pest--the source of more than half of the 81,000 reports logged by customers of its software over the past month.

Gator, however, provides the advertising support for many of the most popular free software programs distributed online. The company says it has 30 million people who seek out various pieces of software supported by its advertisement, hardly putting it under the traditional "pest" definition.

The company does collect information about people's behavior to target ads specifically, for example, sending car advertisements to those shopping for a vehicle. However, unlike most other advertising companies, Gator creates pop-up ads that are clearly branded and includes links to information on how to uninstall the associated tracking and ad-serving software, said Scott Eagle, the company's chief marketing officer.

		Special report PC invaders They're camping out in your hard drive.

The upshot: If people want free software, say these companies, they will have to be prepared to accept advertisements or other marketing devices.

"Over half-a-billion dollars in software that people would have had to pay for, they got for free in exchange for seeing occasional ads," Eagle said. "People don't like TV commercials either, but most people would acknowledge there is a trade-off."