ID fraud: spyware still rampant on PCs

Type in your password while a keylogger is watching and your bank details are at risk

We've all been there: the programs that somehow find their way on to your desktop, followed by the pop-ups that simply just won't stop popping. Make no mistake, spyware - software installed on your system without your permission - is a big problem.

In its most common form, spyware piggybacks onto your computer through another program you've downloaded out of choice - some P2P software bundles are notorious for this. It then monitors what you're looking at so that it can target adverts at you and fire them your way repeatedly.

9 out of 10 PCs infected

The problem's rife too. In 2006, Webroot Software found that nine out of 10 PCs were infected with spyware of some form. A dramatic and scare-mongering statement perhaps (the company happens to make Spy Sweeper, one of the most popular anti-spyware programs available), but nevertheless, there's no smoke without fire.

Thankfully, anti-spyware software, which like traditional antivirus software monitors your system in real time and flags up anything it recognises from its database of malicious software, easily removes these irritants, so long as you can be bothered to keep it up to date.

But spyware is a misleading word. Spyware can be far more intrusive and dangerous than pop-ups tenuously related to what you've been looking at online. Under this umbrella term come all sorts of anti-social programs, from adware to rootkits and keyloggers.

Stealing your bank details

Rootkits aren't a danger in themselves, as there are often legitimate reasons for software to hide files and get around user privileges, but they can be put to devastating use, blocking files and taking control of systems. Worse still, they can disguise their installation, so can be hard to dislodge.

Similarly, keyloggers can be deadly serious in worst case scenarios. Type in your password while one is watching and you'll regret it. Scammers are smart enough to guess they might be your bank passwords too, and they'll have drained your account faster than you can say 'Northern Rock'.

Not all anti-spyware is cut out to deal with menaces like these. One of newly updated AdAware's crucial weaknesses is that it disregards commercial keyloggers because it assumes they must have got there legitimately (by your IT department, say, checking that you're not on Facebook yet again).

This is perhaps a naive assumption. Half of hacking is social engineering, as any security expert will tell you - it wouldn't take much to blag your way into an office setup with AdAware running, and simply install a keylogger.

You don't use anti-spyware!? Why?

Malware creators are a smart bunch, and while the abundance of free anti-spyware online does mean that everyone can have access to security on their systems, they're using this to slip poison into the medicine. We're now seeing rogue anti-spyware, which can do quite the opposite of its claim and infest your PC. It need hardly be said that you should only use respected programs.

It's not all bad news, though. Some anti-spyware can pull out even these critters, and a combination of anti-spyware search-and-destroys leaves very little left alive that shouldn't be.

Ultimately, if you're a savvy net user, you won't be straying too far off the beaten track into warez territory anyway, and you'll be cautious about downloading anything that isn't from official sources. And given that free diagnostic tools from the right sources (such as NanoScan) can be just as effective, it's sometimes hard to see why you would need the added cost of anti-spyware licensing on top of your regular antivirus.