They're watching you

Sign up for a full digest of all the best opinions of the week in our Voices Dispatches email

Sign up to our free weekly Voices newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

If your home computer has turned sluggish - programs open slowly, web pages take forever to load - it's probably not because you need a new machine. It's more likely that some hidden software is secretly using your CPU and is pushing your work aside, cuckoo-style, as it pursues its own ends. A survey in April by the US ISP Earthlink and Webroot software, for example, found that one in every three PCs scanned online at the user's request had a "Trojan horse" or spyware program on board.

If your home computer has turned sluggish - programs open slowly, web pages take forever to load - it's probably not because you need a new machine. It's more likely that some hidden software is secretly using your CPU and is pushing your work aside, cuckoo-style, as it pursues its own ends. A survey in April by the US ISP Earthlink and Webroot software, for example, found that one in every three PCs scanned online at the user's request had a "Trojan horse" or spyware program on board.

And where has it come from? Probably, to be honest, you. Many people have downloaded one or many of the free utilities available on the web: system "optimizers", plugins (especially "blockers" for pop-up ads) for Internet Explorer, toolbars and taskbars, news tickers, jukeboxes and so on.

The trouble is that such software, and especially the "free" applications supported by ads that appear on your desktop ("adware"), often reaches out to remote servers you know nothing about to track you across the net ("spyware"), aiding advertisers to develop marketing profiles of what people like you do online. The programs also slurp up system resources, leaving your PC sluggish. Often, that's the only way you discover they're there.

With Windows, it's down to you to install applications such as office suites, graphics programs, multimedia applications, system utilities, instant messaging and chat clients. But it's expensive putting together a truly useful software collection exclusively from retail packages, so many people seek free alternatives. Unfortunately, much free software is laced with those secret networking capabilities and "phone home" features. This is the privacy-invasion industry's Trojan horse: you get a free application, but they look over your shoulder while you surf the web.

So how do you search your computer for spyware? Your antivirus software is designed to ignore it, so you'll need something designed specifically to identify and remove it. Thousands of Windows programs contain adware and spyware; that in turn has created a whole industry dedicated to removing them. Fortunately, utilities such as Ad-Aware from Lavasoft ( www.lavasoftusa.com/support/download), Spy Sweeper from Webroot.com ( www.webroot.com/wb/products/spysweeper/index.php), and SpybBot Search & Destroy by Patrick Kolla ( www.safer-networking.org) do a good job of detection and removal, and you can use more than one to ensure that everything is caught. If any of these tools contains spyware of their own, one of the others is likely to pick that up as well.

Having purged your PC of malware, you still need to avoid future contamination. You could pick and choose between the widely advertised products out there... but that's how you got into trouble in the first place.

Instead, a simple long term approach is to replace as much "closed-source" commercial software with open-source alternatives as possible. Why? Because when everyone can examine the source code, it's virtually impossible to conceal malicious functions. You never know exactly what a "closed-source" commercial application contains, but there are no secrets in an open-source product. The price is often the same - free - but the open-source products, being a collaborative effort, don't have the same profit motive that leads companies to collect data secretly about their customers.

Open-source also has the advantage that it's often developed to work on many operating systems, including Windows, Linux, and BSD (and so Apple's OS X). That means that applications are less deeply integrated than platform-specific ones such as Microsoft's Internet Explorer, Outlook Express, IIS Web server, or even MSN Messenger chat client. A flaw in one of these applications often involves a corresponding flaw in Windows itself, making a "patch" hard for Microsoft to construct. By contrast, with cross-platform products, a patch is a relatively quick and straightforward affair.

One warning, though. Open-source applications often don't have the slick user interfaces of their closed-source rivals. That's probably because good UI design is a very specialist art; programming, though, is open to many.

So what should you use?The Mozilla web browser and e-mail client ( www.mozilla.org) make excellent alternatives to Microsoft's Internet Explorer and Outlook Express. Mozilla offers more control over code and script execution - dubious inbuilt features of Internet Explorer that enable good websites to run all sorts of codes on your computer to liven up your surfing. However, they also allow malicious sites to do just the same thing, and it can be hard to tell which is which.

Mozilla also lets you control image display, cookies, and browser traces more easily. For example, Mozilla Mail can be configured to ignore "remote images", which are image URLs e-mbedded in the message. This defeats the "tracer" images increasingly used by spammers to identify valid e-mail addresses (when you open the message, your computer fetches the image, which has your email as part of its title, from the spammer's server). It also prevents pornography from being fetched and displayed in spam messages children might encounter. (The latest versions of Outlook include this function, but it's paid-for.)

The Mozilla browser can be set to ignore third-party images and cookies on a web page, which helps defeat those who serve them up. You can also set it to delete cookies whenever it's closed; and traces of your online behavior, such as the download and URL history and page cache, can be removed easily; Internet Explorer makes it rather harder. Finally, Mozilla is not deeply integrated with the Windows operating system, which means its bugs are less likely to have significant impact on the guts of the system, and are easy to patch without changing how your system functions.

For instant messaging, try Gaim for Windows or Linux ( www.gaim.sourceforge.net). Gaim is open source and adware-free, and features cross-network compatibility, so you can talk to people on systems besides MSN's Messenger. It lacks the handsome user interface of many commercial IM clients, but it works well and is a good choice for security reasons; MSN Messenger and other IM clients are major vectors of infection, and may contain adware or spyware, while exploits against MSN Messenger are increasing.

Another major source of malware is peer-to-peer (P2P) file sharing programs such as Morpheus, KaZaA and Grokster. Most are infected with adware or spyware to help fund development - though the makers soft-pedal the facts. For example, Sharman Networks, which develops KaZaA, says it "contains no spyware". However, the KaZaA client feeds advertisements to users through third-party ad servers. There is a good open-source file sharing utility for the Gnutella network called Gnucleus (www.gnucleus.com). (Beware: many viruses and Trojans are spread through P2P networks, under attractive names. It's a good idea to have a "sandbox" so you can check files you download before you open them.)

There are also open-source applications that can save you considerable amounts of money: namely the GIMP graphics manipulation application ( www.gimp.org) and the OpenOffice.org office suite ( www.openoffice.org). For the graphics professional, the GIMP may not be an adequate substitute for Photoshop, but it's free. Likewise, OpenOffice might not satisfy those who need all of the features of Microsoft Office, but will certainly suit most students and home users. Together, they'll save you around £1,000 per machine, based on retail prices for the commercial alternatives. Photoshop and MS Office may be better, but it's hard to imagine they're that much better for most people. (There is a good catalog of open-source applications for Windows and other operating systems located online at www.jairlie.com/oss/suggestedapplications.html.)

One final thing: many commercial developers like to call their products "open". But if the source-code files are not freely available somewhere, so that you can build the application yourself, then it is not open-source. And not having the source is how you got into this problem in the first place.

Thomas C Greene is associate editor for The Register, an online IT news daily based in London. He is the author of 'Computer Security for the Home and Small Office', a security and online privacy manual published by Apress