Want CNET to notify you of price drops and the latest stories?

The spyware that loved me

CNET News.com sleuth John Borland wanted to see what would happen to his PC if he loaded rogue spyware apps onto it. That's when all hell broke loose.

John Borland Staff Writer, CNET News.com
John Borland
covers the intersection of digital entertainment and broadband.
John Borland
4 min read
The IT department finally came for my computer last week.

For weeks I had been investigating companies that claimed to offer spyware-fighting software but secretly distribute spyware or other advertising apps along with their products . Because I wanted to put myself in the shoes of the average computer user, I deliberately let down my protections to load the applications in question.

Not the swiftest decision, I was told by the IT technician who hauled away my machine to reimage the hard drive. After weeks of headaches that got worse and worse, the machine started surreptitiously pumping viruses onto the corporate network.

At last the final indignity came. Instead of simply harassing me, the weedlike programs turned their attention to my company's network and started sending out viruses
I had an idea something was amiss when ordinary Web browsing got weird. I don't typically use Internet Explorer, so pop-up windows aren't a problem. Suddenly they became a fact of life. Immediately after installing the software in question, I began seeing new windows for a site offering to give me new "Smiley" icons for Yahoo Messenger. Whenever I used Google, a site called Zesty Find oh-so-helpfully popped up in front of whatever I was really trying to find.

Before long, new toolbars showed up--unasked for--on my screen. Most provided links to other little-known search tools, like Search Web Now and--again--Zesty Find. One of them, which I still can't figure out how to get out of my Internet Explorer browser, seems to be named "zooootrllpq." And no, that's not a tropical beetle.

My Internet Explorer favorites list also received an unexpected update. A few hours after installing the antispyware software, I was the proud owner of a handful of IE bookmarks, offering links to online casinos and sexually explicit sites with topics such as "fetish" and "shemale." Other links started appearing on my desktop with no real rhyme or reason, sometimes offering pointers to Internet gambling sites, other times to online love connections.

For weeks, Flash-based cartoon ads would suddenly load and start playing over my browsing window. More traditional pop-up boxes followed me everywhere.

My mantra while covering adware and spyware for several years has been to be careful and to use spyware-killing software like Ad-aware or Spybot Search & Destroy. I deliberately broke my first rule, and I quickly found out how little help the second one can be. Both programs found adware on my computer with ease, and I've spent hours deleting suspicious files and registry settings--but every single day, the same digital pests came back. Somehow they were hiding in the recesses of my hard drive like dormant seeds, ready to sprout up whenever conditions turn favorable again. In my case, that happened to be every single time I turned on my computer.

At last came the final indignity. Instead of simply harassing me, the weedlike programs turned their attention to my company's network and started sending out viruses. That's when the SWAT team got involved.

This is the direct equivalent of somebody breaking into your house and putting up posters over your windows.
I may not be as tech savvy as Linus Torvalds, but I know my way around the Windows registry. I can usually separate a white-hat .dll file from an imposter and can identify and disarm a rogue Browser Helper Object at twenty paces. The average Windows user is--I think--substantially less equipped than I am to figure out why these things are happening, and how to stop them. Still, I was at a complete loss.

And that means something needs to be done. This is the direct equivalent of somebody breaking into your house and putting up posters over your windows that reappear a few hours later every time you rip them down.

We're used to ads in mediums such as television or radio, but the key word there is medium. A Web site is a medium, and one expects to see advertisements contained inside the Web experience. The PC itself is property and the normal privacy and private-property laws should apply.

No-trespassing signs aren't enough, as my experience and thousands of others have shown. There are laws on the books against misleading consumers, and the Federal Trade Commission is starting to look at them in the context of spyware and adware. PC users could use a little more help. They need not to be abused by companies that have no compunction about outrageous trespassing and privacy violations. Somebody must be held accountable.

Now excuse me, I have to go set up a Roach Motel on my hard drive.