Chapter 20. Adware and Spyware
advertising pioneer
If advertising had a little more respect for the public, the public would have a lot more respect for advertising.
In the early days of computers, people often wrote and released programs as shareware. Unlike commercial software that you have to buy before trying, shareware lets you take a test drive first. Some shareware programs were fully functional, while others had features crippled or omitted or incorporated a time delay that made the program stop working after a fixed length of time, such as 30 days. This was done intentionally to entice people to pay for the full version of the program.
If people didn’t pay for the upgrade, the shareware programmer didn’t make any money, which provided strong incentive for them to create useful programs that people would actually want to buy. However, as more people started connecting to the Internet, shareware programmers found another way to make money. They started selling space in their programs to display advertisements.
Dubbed adware, these types of programs simply displayed a stream of banner ads in a part of the application window. Users could still use the program as they normally would, and the ads would change continuously, as shown in Figure 20-1. Under this arrangement, shareware programmers always got paid by an advertiser, so they could lower their shareware fees or even eliminate them altogether.
Most people tolerated adware since the ads were mostly unobtrusive and helped lower shareware prices. Microsoft has even toyed with the idea of giving away free copies of various programs, such as Microsoft Works and even Windows itself, by selling advertising space. Microsoft estimates that the revenue it could generate this way could potentially exceed what it earns in software sales.
However, if you uninstall an adware-supported program, you’ll no longer see the ads, and so advertisers eventually developed spyware, a malicious version of adware. Unlike adware, which may be annoying but tolerable, spyware is considered to be completely despicable.
Like adware, spyware also displays ads on a user’s screen, but typically as pop-up windows. Unlike adware, spyware can’t be removed simply by uninstalling the program. In fact, spyware often can’t be removed without intricate knowledge of how the operating system works. Spyware will keep bombarding the average user with a constant barrage of pop-up ads or peeking at what the user’s doing (and possibly stealing their passwords) and there’s nothing he can do to stop it.
Note
Most spyware is designed to infect computers running Microsoft Windows. If you’re running a different operating system, such as Mac OS X or Linux, most spyware can’t infect your computer. (Until, of course, someone eventually writes a spyware program for your operating system.)
What Spyware Can Do
Unlike computer viruses and worms, spyware doesn’t intentionally try to damage your computer; that happens as a byproduct of its activities. When spyware first burrows into your computer, it often clumsily alters critical parts of the system in its attempt to hide itself. When spyware runs, it often grabs resources, such as memory, from other programs, causing them to run slowly, act erratically, or even crash. As a result, a spyware-infected computer can run sluggishly or fail to work at all—and this is even before the spyware program has done anything other than bury itself in your computer.
Once spyware has infected your computer, it waits until you connect to the Internet before taking further action. If you never connect to the Internet, the spyware won’t function, but it can still hog memory and crash your computer through its mere presence.
Displaying pop-up ads
The most common function of spyware is to display pop-up ads. As soon as you connect to the Internet, the spyware program contacts a server, which feeds it a constant stream of pop-up ads.
By themselves, these ads are merely annoying. Since advertisers want to target their ads to the type of people most likely to buy their products, however, most spyware will also monitor or spy on the user’s activities to determine which web pages he has visited. The spyware then displays mortgage advertisements if the user has visited home financing websites, or Viagra advertisements if the user has visited pornographic sites.
Some spyware can get trickier, popping up an ad for a company when you visit the website of one of its competitors. So, when you go to Dell Computer’s site, a pop-up ad for Gateway Computers might appear. If you have multiple spyware programs infecting your computer, or one that’s particularly aggressive, it’s posible that you’ll be so inundated with pop-ups that you may have trouble getting any work done.
Home page hijacking
To get advertisements in front of users another way, some spyware will hijack your browser’s home page. Each time you launch the browser, the first thing you’ll see will be the spyware website, which typically displays more banner ads. If you try to switch the setting of your browser’s home page, the spyware program will prevent you from doing so.
Some sneaky spyware programs also monitor which websites you try to visit and then load an entirely different site instead, typically a competitor’s site, but sometimes just random websites offering online gambling, mortgage refinancing, or Internet dating services. By replacing your home page or hijacking your browser completely, spyware can force you to look at ads whether you want to or not.
The craftiest spyware programs may let you visit any website you want, but the moment you go to a search engine, the spyware program hijacks the search engine results and displays its own list, which, naturally, consists of advertisers affiliated with the spyware manufacturer. Novice Internet users may not notice the difference and assume that the results they see were retrieved by the search engine, rather than being the work of a spyware program.
Spyware may also add to your browser long lists of bookmarked web pages that typically contain pornography. While most people will take the time to remove these unwanted bookmarks, a handful will always investigate the sites out of curiosity, especially since they may have innocent-sounding names. The moment you visit one of these planted bookmarks, you’ll find yourself at a website which is likely to infect your computer with even more spyware.
Stealing information
Since spyware can track which websites you’ve visited, some go one step further and transfer this information back to the spyware company. Armed with information from thousands of different users, the company can then analyze browsing habits and identify patterns to help it craft more targeted advertising. None of this is different from what marketing research companies do, except that when spyware retrieves this information, it’s often done without the user’s knowledge.
More malicious spyware, created by criminals, may even record your keystrokes to steal passwords, bank account numbers, and Social Security numbers. Less malicious, but equally devious, spyware may scan your hard disk to determine which programs you have installed, which other companies might be interested in knowing for market research purposes.
This kind of spyware most likely won’t annoy you with pop-up ads because its raison d'être is to steal sensitive information without your knowledge. The last thing it wants to do is alert you to its presence. But even if it’s not bugging you with ads, it can still degrade the performance of your computer.
Why Companies Advertise Through Spyware
Spyware is so prevalent because it works. Throw enough advertisements in front of enough people and, statistically, a certain percentage will always buy something in response. So, it’s in the advertiser’s best interests to flood the market with as many advertisements as possible. (Advertising.com estimates that pop-up ads are up to ten times more effective than banner ads, partially due to the “annoyance” factor of having them obscure the user’s screen.)
The five main spyware culprits are:
Any company that wants to advertise online. These companies include pornography sites, Viagra resellers, Internet dating services, or even brand name companies like Motorola, Yahoo, Dell, Verizon, Citibank, Air France, Toshiba, American Express, Circuit City, Apple, and NetFlix.
Internet advertising brokers. These middlemen place a company’s banner and pop-up ads on popular websites via adware programs like Eudora and networks of spyware-infected computers.
Spyware companies. These companies create the actual spyware programs that embed themselves in a computer and make themselves difficult to remove. Some infamous spyware companies and the software they distribute include 180solutions (Zango, n-Case), Direct Revenue (ABetterInternet and OfferOptimizer), Claria (ScreenScenes and eWallet), WhenU (SaveNow) and eXact Advertising (BargainBuddy, BullsEye).
Software bundlers. These companies sell or distribute software, such as filesharing programs or browser toolbars, and earn extra money by agreeing to include spyware with their own programs.
Affiliates. These are website operators who agree to offer spyware-infested programs on their website. For example, the eXact Advertising spyware company runs Yubilee (www.yubilee.com), a spyware-infested site shown in Figure 20-2.
The big companies benefit from spyware because they get their advertisements distributed all over the Internet; the Internet advertising brokers get paid because they can distribute their clients’ ads to as many people as possible; the spyware companies get paid by the Internet advertising brokers; the software bundlers get paid by the spyware companies; and any website operator who signs up as an affiliate with the spyware company gets paid every time someone installs the spyware on his computer.
Spyware not only works for the advertisers, but for everyone else making money along the way. Figure 20-3 shows a spyware company’s website, promoting spyware programs to website operators as a way to make money (25 cents per install) and to companies that wish to advertise over the Internet.
To learn more, visit the Affiliate Marketing Directory (http://affiliatemarketingworld.com/directory); read Revenue, a magazine focused exclusively on affiliate marketing (www.revenuetoday.com); browse through Klixxx Network (www.klixxx.com) to learn how the pornography industry uses affiliate marketing; read reviews of affiliate marketing software at Affiliate Software Comparison (www.affiliate-software-review.com); or read AVN Online (www.avnonline.com), shown in Figure 20-4, a magazine for helping adult entertainment websites market themselves over the Internet.
Spyware is especially popular with companies hawking erectile dysfunction pills, pornography, and online gambling. These companies may be perfectly legitimate, but they aren’t likely to run banner ads on mainstream websites due to the sensitive nature of their products or services. As a result, spyware might be considered the best and only way for them to reach a mass online audience.
Not only is spyware a major nuisance for innocent computer users, but it can also cause more serious headaches for advertisers through something known as affiliate fraud. Affiliate fraud takes advantage of the way that many websites accept advertising. Large websites, such as CNN and Yahoo!, can demand money up front to place ads, but smaller websites don’t have that clout. Instead, small websites often post the ads and receive a referral fee later if someone clicks on that ad and buys something from that merchant. Agreements that allow websites to display ads and get paid by advertisers are called affiliate networks.
To learn more about how affiliate marketing programs work, you can visit ClixGalore (www.clixgalore.com), Commission Junction (www.cj.com), LinkShare (www.linkshare.com), Performics (www.performics.com), or TradeDoubler (www.tradedoubler.com).
Figure 20-5 lists some of the different advertisers you can promote through your website along with how much each pays. (The ClixGalore website keeps the most recent list. You may recognize some of these advertisers as the same ones appearing in spyware pop-up ads.)
If a website joins an advertiser’s affiliate program, the website owner can display ads and get paid every time someone clicks on that ad. Unfortunately, this only works if the website owner can attract enough visitors to his website in the first place.
Rather than take the time and energy to build an audience, some dishonest website owners chose a shortcut. They’ll sign up as an affiliate with an advertising network and then create spyware to display advertisements. Once this spyware spreads, people will get bombarded with pop-up ads. If they click these pop-up ads, the credit (and cash) for each click goes to the affiliated website, without the user’s ever having visited that affiliated website. If a company only advertises with banner and pop-up ads, there’s a good chance that someone will write a program to display those ads through a spyware network without the company’s knowledge.
Spyware companies can hurt legitimate affiliate websites too. Some spyware programs will wait until a visitor clicks on a banner ad before displaying a pop-up ad. When the user closes the pop-up, the spyware program tricks the merchant into thinking the visitor came from the spyware company’s website (not the site with the banner ad). If the visitor buys anything, the merchant pays the commission to the spyware company instead of the honest website affiliate.
How Spyware Infects a Computer
Like computer viruses and worms, nobody chooses to install spyware. Therefore, spyware must sneak onto a computer using tactics employed successfully by Trojan horses and viruses that either trick a user into installing it or that exploit a flaw allowing the spyware to pass undetected.
Installing infected files
The simplest way to infect a computer is to get an unsuspecting victim to download and install it. Since nobody will load spyware intentionally, spyware often hides itself within other programs such as filesharing programs (Kazaa), browser add-ins (Xupiter), games (Bonzi Buddy), or utilities (PCFriendly). When you install a spyware-infected program, you’ll often see a license agreement that informs you (in fine print) that the program is advertiser-sponsored, as shown in Figure 20-6.
The license agreement for installing the WhenU advertiser software even includes this disclaimer (which most people are likely to ignore):
WhenU.com’s Save! software shows you relevant coupon offers, contextual information and services as you surf the Web. Save! attempts to display offers at the moment when they are most relevant to you. Offers and information are displayed in the form of interstitials (“pop-up ads”) and various other ad formats.
The Save! software selects which ads and offers to display to individual users based on several factors, including: which Web pages you visit, search terms you use while searching online, content of the Web pages you view and your local zip code (if you have supplied it). Use of Save! is required to continue using these applications for free. As a result, Save! cannot be uninstalled from your computer’s Control Panel independently. In order to completely remove Save! from your computer, you must uninstall all of the Save!-supported software from your computer. Once you do so, your Save! software will automatically be uninstalled as well.
By reading the above disclaimer, you learn that the WhenU software will display ads and monitor your Internet browsing activities. In some cases, viewing ads might seem like a fair trade-off to get useful software for free, but in many cases, the barrage of pop-up ads can be more troublesome than it’s worth.
Examine license agreements like this one carefully. Some advertiser-supported programs are harmless, but many more are spyware. If you avoid any type of advertiser-supported program, you’ll reduce the threat of being infected by spyware immensely.
Since End User License Agreements (EULAs) are often difficult to read and (purposely) confusing to understand, don’t install any software until you run the text from its EULA through a free program called EULAlyzer (www.javacoolsoftware.com/eulalyzer.html), which analyzes EULAs for suspicious wording that could indicate the presence of spyware. By using EULAlyzer, you can catch spyware before it has a chance to install on your computer. Now you’ll just have to worry about the spyware that doesn’t display a EULA before trying to install itself.
Installing infected anti-spyware programs
While many people may not realize how or when spyware could have infected their computer, everyone can see the effects: disruptive pop-up ads, sluggish computer performance, and frequent computer crashes. Once people discover spyware on their computer, they usually want to remove it right away.
Unfortunately, spyware rarely comes with an uninstall program, so helpless victims often turn to anti-spyware programs to remove and clean their computers. Knowing this, many spyware programs now disguise themselves as anti-spyware programs. The moment you download and install one of these anti-spyware programs off the Internet, you actually install a (possibly bogus) anti-spyware program along with additional spyware. Moreover, the anti-spyware program won’t detect and remove the spyware it installed on your computer, and frequently won’t detect or remove any other spyware either. So, these anti-spyware programs might actually make your spyware problem even worse.
Check out the Rogue Anti-Spyware list on the SpyWareWarrior site (www.spywarewarrior.com/rogue_anti-spyware.htm). This list includes legitimate spyware programs that don’t work very well and bogus anti-spyware programs that may actually come bundled with additional spyware. SpyWareWarrior also has a list of suspicious anti-spyware websites (www.spywarewarrior.com/rogue_anti-spyware.htm#sites).
One of the most infamous bogus anti-spyware programs is one called SpySheriff, also distributed under the names SpyDemolisher, SpyTrooper, or SpywareNo!. The domains www.spywareno.com and www.spytrooper.com both lead visitors to the www.spysheriff.com site. SpyDemolisher has its own website, www.spydemolisher.com, that looks similar to the others. The SpySheriff website (www.spysheriff.com) appears valid at first glance, as shown in Figure 20-7, but watch out for these telltale signs:
No online ordering form. If this were a valid anti-spyware program from a reputable company, you’d find an online form for making a purchase. The SpySheriff website doesn’t offer customers any way to buy it.
No listed email addresses. Reputable companies offer email addresses for customers to contact for technical support or sales questions, and often an email address to reach a public relations representative. The SpySheriff site doesn’t list a single email address.
Mention of an affiliate program. The SpySheriff site offers an affiliate program link that claims you’ll “earn huge money ensuring PC Protection.” Affiliate programs are often the sign of an advertiser, or spyware, network.
Misspellings and awkward grammar. Scan the SpySheriff site and you’ll find such clumsy grammatical structures as, “I bought the SpySheriff because was just interested why it is so popular. But when it saved my bank account I blessed its invetors!”
Misleading contact information. The SpySheriff website lists its company name and address as “SS Development, Tooley 73a, London EC1Y 1BL, United Kingdom” with no phone number. However, a WHOIS search, as shown in Figure 20-8, on the www.spysheriff.com domain name reveals that the real owner is a company in Greece (GR) called Popandopulos Ltd., run by someone named Alison Popandopulos, whose email address is [email protected], which is a Russian domain (RU).
Doing a WHOIS search on www.spytrooper.com reveals the same Alison Popandopulos in charge. A WHOIS search on www.spywareno.com reveals the owner to be the London SS Development company (listed as the publisher of the SpySheriff program), while a WHOIS search on www.spydemolisher.com reveals the owner to be:
Alexandre Ivanov [email protected] +3.298476322
Ikramet Ltd
Leninsky pr 95 12
Nigma, Nigeme, ECUADOR 198254
Even though SpyDemolisher has its own website, both the SpySheriff and SpyDemolisher sites have the same testimonial quotes from satisfied customers with identical misspellings and poor grammar. The SpyDemolisher site even displays screenshots of the SpywareNo! program instead of SpyDemolisher.
For maximum safety, only buy anti-spyware programs sold in a store. If you’re going to download an anti-spyware program off the Internet, make sure it’s a name-brand program from a company that you trust. (Ad-Aware and Spybot are currently the two most popular anti-spyware programs that people download off the Internet.)
Drive-by downloads
Tricking people into installing spyware with another program might work, but an even more effective method is to install spyware on a user’s computer without his or her knowledge or permission.
This tactic, known as drive-by downloading, occurs when a website lures an unsuspecting user to visit it, typically with pirated music, stolen software serial numbers, or pornography as the bait. As soon as the victim visits this website, it uses an ActiveX control to secretly install spyware.
ActiveX controls are small, self-contained programs that programmers originally used as building blocks to create their own programs in languages like Visual Basic. When the Internet grew in popularity, Microsoft developed ActiveX to be an easy shortcut for making web pages interactive. A web designer can have a page display games, stock market graphs, or animation without doing anything more complicated than adding an ActiveX control that somebody else has already written.
But ActiveX controls can do more than just display information. Many antivirus vendors, such as Trend Micro and McAfee, use ActiveX controls to scan your computer for viruses and other threats. Microsoft even uses ActiveX controls to determine which updates you might need for Windows or Microsoft Office.
Since ActiveX controls are really just miniature programs, they have the ability to copy files on to your computer. Legitimate ActiveX controls, such as online virus scanners, will ask for your permission before copying anything, but malicious ones may trick you by displaying a dialog box that asks if you’d like a free gift or software. Clicking the Yes button gives the website permission to run the ActiveX control to download spyware.
Sometimes an ActiveX control won’t even bother asking for your permission. If you use Internet Explorer to visit a web page with a malicious ActiveX control embedded in it, the ActiveX control will just go ahead and load the spyware without any further ado. (Other browsers, such as Firefox or Opera, protect you from drive-by downloading of spyware by not running ActiveX controls.)
Once the spyware programs are installed, you’ll suddenly start seeing pop-up ads and you may have no idea where the spyware even came from.
Spyware-infected spyware
What makes computer viruses particularly dangerous is their ability to replicate themselves. Fortunately, spyware can’t copy itself (yet), but once it infects a computer, it’s vulnerable to removal by an anti-spyware program. So the latest spyware tactic is to use spyware to constantly download more spyware from the Internet, in addition to retrieving pop-up advertisements. Such spyware-infested spyware programs keep adding more and more junk to your computer until either you remove it (good luck) or your computer crashes under its collective weight.
Where Spyware Hides
Well-behaved Windows application programs install themselves in a separate folder and store program setting information in a special system database known as the Windows registry. A well-behaved program runs only when the user loads it and stops when the user exits the program. To remove a well-behaved program, a user needs only to run the uninstall program that deletes the program folder and also deletes the information stored in the Windows registry.
Theoretically, that’s how installing and uninstalling a program should work, but even well-behaved progams can leave files scattered around a hard disk, or chunks of information abandoned in the Windows registry, consuming disk space and making the registry larger and more cumbersome for your computer to use (which slows down its performance).
When spyware programs install themselves, they also bury information in the Windows registry and copy files onto the hard disk, but instead of doing this out in the open, spyware creates hidden files and folders. To view hidden files and folders in Windows Explorer, follow these steps:
Open the Windows Explorer program.
Choose Tools ▸ Folder options. A Folders Options dialog box appears.
Click the View tab and click the Show Hidden Files And Folders radio button, as shown in Figure 20-9.
Spyware is only effective if it’s running, so spyware programs manipulate the Windows registry in order to launch themselves every time you turn on your computer. Spyware may take extra steps to hide itself in memory so that the Windows Task Manager program won’t detect its presence.
After burying itself in the Windows registry, spyware scatters its hidden files and folders in multiple places on your hard disk to make itself nearly impossible to find and remove. Some may also hide a dropper program, a tiny program meant to slip past a computer’s defenses and hide on the hard disk. The moment the dropper program detects that you’ve removed the spyware program, it accesses the Internet again and puts all the spyware right back on your computer.
Eliminating Spyware
Spam and spyware have one thing in common: neither will go away as long as people can make money off it. Since spyware only runs on Windows computers, the safest way to protect yourself is to avoid browsing the Internet using Windows or Internet Explorer. (Until spyware companies start targeting Linux and Mac OS X computers, using either of those operating systems is a safer alternative.)
Avoiding Windows isn’t an option for many people, but you can use the following countermeasures to protect your computer running under Windows:
Raise the security level of Internet Explorer
Stop using Internet Explorer and switch to a safer browser
Install a firewall
Monitor your start programs
Use a minimum of two anti-spyware programs
Securing Internet Explorer
Internet Explorer’s biggest flaw is its ability to run ActiveX programs. To protect yourself from malicious ActiveX controls, you need to change the default settings that define how Internet Explorer reacts when faced with an ActiveX control on a web page.
To modify Internet Explorer’s ActiveX settings, follow these steps:
Choose Tools ▸ Internet Options. An Internet Options dialog box appears.
Click the Security tab.
Click the Internet icon (a globe) and click the Custom Level button. The Security Settings dialog box appears, as shown in Figure 20-10.
Under the Download Signed Activex Controls heading, click the Prompt radio button.
Under the Download Unsigned Activex Controls heading, click the Disable radio button.
Under the Initialize And Script Activex Controls Not Marked As Safe heading, click the Disable radio button.
Under the Run Activex Controls And Plug-ins heading, click the Prompt radio button.
Under the Script Activex Controls Marked Safe For Scripting heading, click the Prompt radio button.
Click OK. A dialog box may appear, asking if you’re sure you want to change your security settings.
Click Yes. The Security Settings dialog box appears again.
Click OK.
Switching to a safer browser
By switching to a different browser, you can eliminate the threat of drive-by spyware downloads from ActiveX controls. The two most popular Internet Explorer alternatives are Firefox (www.mozilla.com/firefox) and Opera (www.opera.com). Firefox and Opera are free and will resist drive-by download attacks that exploit ActiveX or Internet Explorer flaws. However, neither of these browsers can protect you if you deliberately download and install spyware-infested programs.
For an even safer browser alternative, download the free VMWare Player (www.vmware.com/products/player) along with a free file called the Browser Appliance. The VMWare Player creates a virtual computer in your computer’s memory, and the Browser Appliance runs a modified version of Ubuntu Linux running the Firefox browser. By using Firefox within Ubuntu Linux (within the VMWare Player), you effectively isolate any Internet dangers that could infect your computer and the Windows operating system on it. Not only can’t spyware affect Ubuntu Linux, but any damage it could possibly do remains cloistered within the memory confines of the VMWare Player.
Installing a firewall
A firewall can block both inbound and outbound connections to the Internet. Blocking inbound connections can stop spyware from trying to sneak on to your computer. Blocking outbound connections can stop any existing spyware from connecting to the Internet and retrieving more ads or spyware, or sending your personal information to another computer. Some popular (and free) firewalls include ZoneAlarm (www.zonelabs.com) and Jetico Personal Firewall (www.jetico.com). Some popular commercial firewalls include Look ‘n’ Stop (www.looknstop.com) and Norton Personal Firewall (www.symantec.com).
Monitoring your startup programs
One way to detect the presence of spyware is to monitor which programs your computer launches automatically when you boot up. Programs such as System Mechanic (www.iolo.com), Process Guard (www.diamondcs.com.au), MalWhere (www.malwhere.com), and Advanced Startup Manager (www.rayslab.com) display a list of startup programs, which you can use to study and then disable or delete any suspicious programs.
Note
Spyware deliberately disguises itself under cryptic names, so unless you know what to look for, it’s possible that you could accidentally disable or remove a legitimate program by mistake.
Running anti-spyware programs
Spyware companies are always modifying their programs to slip past the defenses of anti-spyware programs and avoid detection and removal, so you can never rely on a single anti-spyware program to protect your computer completely.
Just as with viruses and antivirus software, one piece of spyware may slip past a handful of anti-spyware programs, but it won’t get by all of them. For that reason, it’s best to run at least two anti-spyware programs. The good news is that there are plenty of free anti-spyware programs to choose from, such as Spybot (www.safer-networking.org), Ad-Aware (www.lavasoftusa.com), Bazooka (www.kephyr.com), SpywareBlaster (www.javacoolsoftware.com), or Microsoft Windows AntiSpyware (www.microsoft.com). Although there currently isn’t any spyware infecting the Mac OS X operating system, you may want to protect yourself with MacScan (http://macscan.securemac.com) anyway.
You should also consider buying a commercial anti-spyware program. Commercial anti-spyware programs usually offer more features for preventing spyware infection and give you added assurance that your computer is spyware-free. Some popular commercial anti-spyware programs include Spy Sweeper (www.webroot.com), PestPatrol (www.pestpatrol.com), and McAfee AntiSpyware (www.mcafee.com).
For additional help detecting and removing spyware, use the Trend Micro Anti-Spyware (www.trendmicro.com/spyware-scan) or Panda ActiveScan (www.pandasoftware.com/products/activescan.htm) online scanners. Both of these run an ActiveX control and require that you use Internet Explorer, but both Trend Micro and Panda Software are well-known companies that you can trust.
Then again, maybe not. Some spyware companies are now cutting deals with anti-spyware companies. For example, Aluria Software (www.aluriasoftware.com), the makers of Aluria Anti-Spyware, made an agreement with the adware/spyware company WhenU, whereby Aluria agreed not to classify any of WhenU’s programs as spyware. WhenU later sealed similar agreements with the makers of PestPatrol and Ad-Aware.
When Microsoft was rumored to be interested in purchasing the spyware company Claria (formerly known as Gator), the Microsoft Windows AntiSpyware tool still detected Claria’s spyware programs but no longer recommended that users remove them. With spyware companies jumping in bed with anti-spyware companies, there’s a good chance that your computer could be infected with spyware and your anti-spyware programs won’t find it, not because of technical reasons, but because of business reasons, and you’ll be the one left to suffer.