Spyware vendors frequently use automated installations of ActiveX controls (a special kind of plug-in program for Microsoft's Internet Explorer web browser) to distribute their software via web sites. These automated installations are initiated when web surfers land on pages that include HTML code to start the download and installation process. These installations may also be initiated by pop-ups spawned by web pages that users visit. As these installations are initiated by web sites and not users, many consumers refer to these automated installations as "drive-by-downloads." Web users often find these "drive-by-downloads" confusing and disorienting, and it is little wonder that many of them would carelessly click through pop-ups on web sites with very little understanding of the programs they are in fact allowing to be installed on their PCs. To appreciate fully why the spyware problem has gotten as bad as it has, we must understand the "drive-by-download" process and recognize just why it proves bewildering and misleading to consumers and how it coerces consumers to install software that they do not understand and might not want if they did.
In this document I walk through the process of a "drive-by-download," explaining how it works, what users see in the process, and why consumers might feel confused or misled by it. I also detail the effects of the software installed via this automated installation process on a test PC. Towards the end, I summarize the efforts required to remove that software completely from that PC.
Readers should keep in mind that the case I present here is but one example "drive-by-download" and might not be completely representative of other automated installation processes and software found on other web sites. Where possible I do highlight significant differences from other "drive-by-downloads" that I have seen and explain what other software and web sites do in similar situations. For the purposes of this example, however, I did choose to visit the web site of one of the more prolific and well known distributors of advertising software on the Net, and it is likely that many consumers would recognize the software and installation process that I describe. Thus, the "drive-by-download" process that I use here is somewhat representative of what users experience with automated installations of unwanted advertising software, often referred to by consumers as "spyware."
For this example "drive-by-download" I used an old, custom-built Pentium 166 PC with 64 mb RAM. It was loaded with Windows 98 SE and Internet Explorer 5.5 w/ SP2. Although this system is fairly dated in comparison with the systems now being sold by major OEMs, it is still quite usable. I deliberately kept the number of installed applications on this system to a minimum (thus, no Microsoft Office, for example). I also made minor configuration tweaks to the system to improve its responsiveness and performance. Internet Explorer's security zone settings were left at their defaults. Moreover, no privacy or security software (such as an anti-virus program, anti-spyware tool, or personal firewall) was running to protect the system. In sum, this was an older system, but one that would be similar to many that consumers are still running.
Continued in part 2