There is a little man in your computer and he has a powerful monitoring device. He is looking at everything you do and writing a log. Then, at regular intervals, he sends that information to another little man - but this second little man is in another company, one that you've never heard of, one which is very far away from your computer. The log report triggers a chain reaction that results in the anonymous company sending you information that they want you to see. Suddenly - and, to you, very mysteriously - this information pops up on your screen, and even more strangely, the mysterious message is on track: it relates to a subject which you are interested in. That remote, anonymous company has found out some interesting facts about you, your likes and dislikes, where you go when you're browsing the Web, whom you communicate with by e-mail and perhaps even what you say to them. And they're not sitting on that information: they're using it for their own purposes, whether you want them to or not.

The intruder, the software version of our "little man", is known as spyware, a term which includes any technology that imbeds itself into a computer to assist in the gathering of information about a person or organization - usually, but not always, without their knowledge. These programs, which are sometimes referred to as spybots, keyloggers or tracking software, can record every site you visit on the Internet, every e-mail you send and receive, and every chat-room exchange you might have. The information they gather is sent to advertisers or other interested parties, a practice that has prompted an outcry from computer security and privacy advocates, including the Electronic Privacy Information Center in the United States.

It is certainly a very serious invasion of privacy, but right now the computer and media industries are accepting it as part of business in the IT age, and are trusting privacy laws and business ethics to resolve any controversies. Many computer users, both private and corporate, don't even know it's happening, even though it has the potential for disaster for small and medium-sized business if the wrong person gets the right data. And so far, very little is really being done to protect users from these potentially sinister invaders, or even to make them fully aware of what they're all about.

So what is spyware all about, and what can you do to protect yourself?

Breaking and entering

Spyware programs can be installed in many ways, including "drive-by downloads" or as a consequence of clicking on an option in a decoy pop-up window. Drive-by downloads can be initiated when you are visiting a Website or viewing an HTML e-mail, and the process is often invisible - especially if you're lax with your security settings-but once inside your computer, the spyware starts to act. And that doesn't just mean transmitting information. The program might, for instance, repeatedly replace your home page, change your browser's settings, redirect all your searches to addresses predetermined by others, or initiate further drive-by downloads of other
programs.

Spyware programs are sometimes installed along with other applications. For example, a utility program might include spyware for tracking and reporting user information for targeted marketing purposes, and also include advertising-supported software (adware) for generating pop-up advertisements relating to that information. Adware, like spyware, has been criticized for
gathering the user's personal information and passing it on to outside parties without the user's authorisation or knowledge. Adware is mostly harmless, and the more scrupulous advertising or data-collection agencies may operate a reasonable privacy policy aimed at ensuring that no sensitive or identifying data is collected from your computer. But the hard fact of the matter remains the same: information is gathered about you and your surfing habits, often without your knowledge or consent, and delivered to an unknown third party at some external location to be used in whichever ways this third party sees fit.

Some grey areas

Strictly speaking, some data-collection programs can't really be categorized as spyware. Those which are installed with the user's knowledge aren't really spyware, especially if the user fully understands the data that's being collected about them, by whom and for what purposes. Cookies, for instance, can imbedded by consent on your computer to give you automatic access keys and information for a particular Internet site you've visited. Most computer users know about cookies and know that they can delete them if they want to. (The downside of deleting cookies is that you may have to repeat tedious log-in procedures if you want to revisit a particular Website.) However, a surprising amount of data about an individual can be stored within a cookie, but cookies can't accurately be described as spyware.

And drive-by downloads aren't all bad: they can, in fact, be very useful when used responsibly. For example, they can provide automatic downloads of patches or service packs addressing security flaws. If these are automatically installed, they can be of help to network or server administrators; and in fact the Internet itself could be made safer and protected from malicious programming-such as viruses and worms-by such automatic fixes.

As for adware, millions of people already have advertising-supported spyware products and don't really mind that it may be infringing their right to privacy. Most spyware and adware are installed without any malicious intent, and the user invariably gets something in return such as access to entertainment or useful information just for surrendering a few personal details.

Adware can offer other positive advantages. It provides a way for shareware authors, for example, to make money from a product other than by selling it directly to the end user. Plenty of companies offer space for placing banner ads in their products in exchange for a portion of the revenue generated by banner sales. In this way, the user doesn't have to pay for a piece of software, but the developers still get paid.

The real privacy concerns

But no matter what benefits are provided by some of these information-monitoring programs, spyware has become the focus of considerable public concern regarding privacy on the Internet. Real spyware products - computer surveillance tools which are sneakily embedded in your machine - allow a remote user to monitor all kinds of activities secretly, including keystroke capturing, snapshot viewing, e-mail and chat logging and general Internet usage. Why is this not illegal? So far, the prevailing attitude is that it's not so much what the software does, but how it is used. For example, the software many parents install to monitor their children's Internet activity or that businesses use to prevent staff Internet abuse, are basically spyware. These uses may, arguably, be ethically justifiable, but spyware that's been installed on someone's computer without their knowledge can easily be used for far less scrupulous purposes, and it doesn't take much imagination to come up with a disturbing list of possibilities. Even when a company using some form of spyware has issued a privacy- protection statement telling you exactly what they're collecting and how it is going to be used, there is little or nothing you can do to control exactly what type of data is transmitted-and in fact the software is often smart enough to be able to deduce a lot more about you than many of us realise. For most people who become aware of the power, insidiousness and potential for abuse of spyware, its clandestine use is simply unacceptable.

Right now, spyware is allowed to exist in a grey area, in an area of blind trust, and of information trade-offs deemed by many to be worthwhile. But the boundary between seemingly harmless data collection and malicious intrusion can sometimes be difficult to define, and many feel it's time to take the right steps to ensure that the trust we are required to give so freely is not abused. In the meantime, anyone who really values their privacy should be very, very cautious about allowing spyware on their computer.

Removing spyware

A number of software applications, including Spybot, Ad-Aware, X-Cleaner and OptOut, are available as freeware to help computer users search out and remove suspected spyware programs. These programs regularly scan and remove or quarantine such dubious programs. No skill is required to run these programs; you just need to download the right software and run it weekly.