Parasites in Windows

IMAGINE THAT an insect had bored a hole in the wall of your bank and was draining your bank account, $5 at a whack.

People who run businesses on the Internet feel that way these days. They’re being assaulted by “parasite” Windows programs that silently divert money from legitimate e-commerce.

These small programs aren’t computer viruses that replicate themselves. Instead, parasites are quietly loaded when you install an ordinary program or “carrier.” The New York Times made waves recently when it said the music-sharing programs Kazaa, Morpheus, LimeWire, and others had shared more than just tunes by installing parasites on millions of PCs. (See www.nytimes.com/2002/09/27/technology/27free.htm .)

Here’s what these “shopping plug-ins” do:

Fake commissions. Internet businesses typically pay a commission of 5 percent or so to smaller, “affiliate” Web sites that send shoppers who buy something. But when a PC user infected by a parasite visits an e-business, the parasite inserts a code that routes a commission to its carrier, even though it did nothing to refer the visitor. This has been shown to suck countless dollars from Dell.com, Buy.com, OfficeMax.com, Staples.com, and many other sites ( www.speedy3d.com/doc/article.php?fldAuto=3&faq=5 ).

Steal earnings. In some cases, a parasite detects that a user is clicking an affiliate’s link to an e-tailer. The parasite deletes the affiliate’s code and inserts its carrier’s code, stealing the small site’s revenue ( www.cexx.org/adware.htm ).

Readers of E-Business Secrets know that I devoted two issues recently to the way this problem siphons money from legitimate businesses. (Go to www.secretspro.com and search on “kazaa.”) But here, in the Window Manager column, my main concern is with the way parasites — and older pop-up programs called “adware” — make your PC less reliable and more crash-prone:

Rude install. If you click Cancel while installing a carrier program, some parasiteware silently installs itself anyway ( https://accs-net.com/smallfish/conducent.htm ).

Firewall-hostile. Your firewall may prevent a parasite from exploiting your Internet connection. If so, some malware starts trying to connect 10 times a second, then tries using Telnet and other ports ( https://catless.ncl.ac.uk/risks/20.65.html ).

Lockouts. After finding that your browser’s Start Page and Favorites have been changed by a parasite, you may try to turn off the little bugger. Then you discover that it has disabled your Internet Options dialog box and your Registry Editor ( www.spywareinfo.com/articles/hijacked/2.html ).

No access. After you delete some parasites, your Internet access is effectively broken, and you can’t connect ( www.cexx.org/webhancer.htm ).

Next week, I’ll describe ways to detect and safely remove parasites. Then I’ll print your comments on Nov. 18. Readers who send me by Nov. 6 a comment that I use will receive a gift certificate for a book, CD, or DVD of their choice.