This month's question: Can spyware sabotage my online shopping?
News You Can Use: free credit reports for Western states, new parents beware new scam, what government records publicize your SSN, and more

Thanks for the great feedback to the first newsletter last November. To those of you on my Christmas card list, the timing of this months' newsletter will feel somewhat familiar. Late but still timely. ;-) This month, we tackle spyware and how it might or might not affect your computer. Keep the comments coming!

Remember, if there are any questions you'd like answered in future editions, send mail [newsletter AT amandawelsh.com].

And then there's my book, The Identity Theft Protection Guide.

Spyware is a catch-all term for a variety of software products that do everything from serve popup ads to log your keystrokes. Some spyware is included with commercial software to tell developers about bugs - or, as HP has recently admitted, to report on how you use your computer. You might inadvertently install spyware when you download freeware, when you click on a link in a spam email or when you visit a malicious site designed to infect vulnerable computers (more rare, but it does happen).

Since early last year, Earthlink (in conjunction with Webroot) has scanned approximately 3.2 million PC's and found roughly 83.4 million spyware programs - or 26 spy programs per PC. That's a lot. To see how you stack up, you can try Webroot's free spyware audit.

Until now, despite the scary sounding name and ample reporting in computer magazines, spyware on individual computers has mostly been about showing popup ads. Your online shopping excursions may have gotten bogged down, but they've been perfectly safe. A very, very small fraction of the spyware found on computers like yours and mine - less than 1 percent - is the truly nasty kind designed to steal our credit card numbers or other data.

Unfortunately, nothing in technology stays the same for very long and there have been recent, sporadic reports of a new and very nasty type of spyware which could not only put a damper on your online shopping but scupper your online banking and bill paying, as well.

Security companies, such as MessageLabs, have reported intercepting emails that contain a program designed to alter the "hosts" file on your PC which associates a website's URL with the numerical IP address actually used to find the right website. This new spyware overwrites key IP addresses and tricks your browser into connecting you to sites controlled by crooks. If the fake sites are good enough, you may never know that typing in www.mybank.com is actually taking you to a site in Brazil.

Scared yet? Okay, here's what you do. Because Microsoft products are used by the biggest chunk of Internet surfers, Windows and Outlook and Internet Explorer are typically the target for any malicious code. Crooks want the best odds of catching victims. Writing code that compromises non-Microsoft products simply doesn't offer the biggest bang for the buck which is probably why hosts file hijacking has only been documented against Microsoft software so far. If you're not already infected, your simplest solution may be to get a Mac or at least install and use a non-Microsoft browser and email program like Firefox. About 5% of Internet surfers appear to have switched to Firefox already.

Whatever you do, be warned: all indications are that this is the year that spyware will turn from a nuisance into a nightmare.

Privacy::Protection is a free monthly newsletter providing news and tips on privacy and information protection issues. Back issues are available at [http://www.amandawelsh.com/newsletters].

You can unsubscribe by sending email to newsletter AT amandawelsh.com.

To subscribe or send comments or suggestions for future content, email newsletter AT amandawelsh.com. Permission to print comments is assumed unless otherwise stated. Comments may be edited for length and clarity.

Please feel free to forward this newsletter to colleagues and friends who will find it valuable. Permission is granted to reprint Privacy::Protection, as long as it is reprinted in its entirety.