July 6, 2005

Spyware

Part 2. Threats Affect Online Behavior

Four in ten internet users have had spyware, adware, or both.

After hearing a description of spyware,13 34% of internet users, or about 47 million American adults, say they have had a spyware program on their home computer. Americans with high-speed internet connections at home are at higher risk for attacks because these connections are “always on” and have a permanent internet address, which can be more easily exploited by hackers. This survey finds that 44% of home broadband users say they have had spyware on their home computer, compared to 30% of home dial-up users who say that.14

After hearing a description of adware,15 30% of internet users, or about 41 million American adults, say they have had an adware program on their home computer. Forty percent of home broadband users have had adware on their home computer, compared to 23% of home dial-up users.

Overall, 43% of internet users, or about 59 million American adults, say they have had spyware, adware, or both types of programs on their home computer. This is probably a conservative estimate since this survey may have been the first time that respondents had heard definitions of the programs. In addition, there are significant gaps between people’s perceptions and the reality of what is on their computers and there is a very strong likelihood that a big portion of those who have had computer problems have been victimized by spyware or more aggressive computer viruses without their knowing the cause of their problems. For instance, in October 2004, the Online Safety Study by AOL and the National Cyber Security Alliance reported that 53% of respondents said they had spyware or adware on their computers, but a scan of their machines revealed that 80% of respondents actually had those programs installed.16

Those who have been victimized by spyware are among the most active online.

Internet users who report spyware on their home computers are more likely to have sampled a wider range of online activities, including those most associated with the risk of software intrusions onto their personal computer.

Risky behavior associated with spyware

Since internet users with broadband access are more at risk for software intrusions because of their “always on” connection and since they are likely to have tried many more activities than dial-up users, we wondered if their propensity to report spyware was simply another “broadband difference.”17 In doing further analysis, we found that broadband does have an independent effect on the likelihood of users reporting spyware. However, it is additionally true that engaging in certain online behaviors has an effect independent from having a high-speed internet connection. Holding all other factors constant, internet users who engage in the following activities are more likely to have had spyware or adware on their computer: visiting adult sites, downloading computer programs, playing online games, downloading music, sharing files, downloading computer games, downloading screensavers, and buying a product online. If an internet user avoids those activities online, he may be able to reduce his chances of contracting spyware.

Experience with spyware encourages people to take action to guard against software intrusions.

Internet users who report having had spyware on their home computers are more likely to say they are modifying their behavior to avoid such unwanted software programs.

Once burned, twice shy

Experience with adware also encourages preventive measures.

Internet users who say they have had adware on their home computers are also more likely to say they are changing some of their online habits.

Once burned, twice shy Part II

Further, when given the choice between paying to download files and programs that do not include adware or getting free downloads with adware, 62% of internet users say they would rather pay, 21% say they would rather get free downloads knowing they include adware, and 5% say it depends.

Current “notice and choice” practices are unsatisfactory to most internet users.

Adware companies say they seek to serve the online consumers who want free software and to serve companies who want to provide targeted advertising. They argue that such practices are similar to time-honored trade-offs in other media. For instance, people can watch broadcast television and listen to radio for free because those services are supported by advertisers. At issue is the notion of “clear notice and choice.” There is question over whether consumers actually know what they are getting when they download free software.

One diagnostic site set out to test the thesis that most people click through disclaimers without reading them. The site included a clause in one of its own user agreements that promised $1,000 to the first person to write in to request the money. The agreement was downloaded more than 3,000 times before someone finally read the fine print and claimed the reward.18

This Pew Internet & American Life Project survey finds that 73% of internet users say they do not always read user agreements, privacy statements, or other disclaimers before downloading or installing programs. This is not dramatically different from the offline behavior of consumers when it comes to reading disclaimers. Sixty-five percent of internet users (and 69% of all Americans) say they do not always read disclaimers sent by their bank, credit card companies, or other financial institutions.

Few are vigitland about reading disclaimers

Eight in ten internet users (83%) say that more should be done to alert consumers to the presence of adware in files they are downloading. Just 12% of internet users say the current practice of clicking through a user agreement or disclaimer is adequate consent to install adware on a person’s computer.19 Ninety percent of internet users who have had adware on their home computers say that more should be done to alert consumers to the presence of adware in files they are downloading.

Overall, most internet users say they have adjusted their online behavior because of fears of being harmed by software intrusions.

Overall, 91% of internet users say they have made at least one change in their online behavior to avoid getting unwanted software programs like viruses and spyware on their computer:

  • 81% of internet users say they have stopped opening email attachments unless they are sure these documents are safe. (An additional 8% of internet users volunteered that they have never opened unsafe attachments.)
  • 54% of internet users say they have started reading user agreements more carefully before downloading or installing new programs or files from the internet.
  • 48% of internet users say they have stopped visiting particular Web sites.
  • 34% of internet users say they have stopped downloading software programs from the internet. (An additional 33% of internet users volunteered they have never downloaded programs.)
  • 25% of internet users say they have stopped downloading music or video files from peer-to-peer networks. (An additional 48% of internet users volunteered that they have never downloaded music or video files from peer-to-peer networks.)
  • 18% of internet users say they have started using a different Web browser to avoid software intrusions.20
  1. The description read as follows: “As you may know, certain software programs – sometimes called ‘spyware’ – can be installed on a person’s computer without their explicit consent, either by ‘piggy-backing’ onto a file or program the person downloads from the internet or just by visiting a particular Web site. These programs can keep track of a person’s internet habits and the sites they visit, and can transmit this information back to a central source.”
  2. 53% of home internet users have a high-speed connection (DSL, cable, wireless, or T-1) and 44% of home internet users have a dial-up connection.
  3. The description read as follows: “Another kind of software program – sometimes called ‘adware’ – comes bundled with free files and programs people download from the internet, such as games, file-sharing programs, and screensavers. These programs can keep track of a person’s internet habits and the sites they visit, and can use that information to provide targeted advertising on the person’s computer.”
  4. See http://www.staysafeonline.info/news/safety_study_v04.pdf
  5. See “The Broadband Difference” (Pew Internet & American Life Project: June 23, 2002). Available at: http://www.pewinternet.org/PPF/r/63/report_display.asp
  6. See “It Pays to Read License Agreements” at: http://www.pcpitstop.com/spycheck/eula.asp
  7. The question read as follows: “Some adware is installed on a person’s computer only AFTER they click ‘I agree’ to a user agreement or disclaimer stating that additional software may be included with the files they are downloading. In your opinion, should more be done to alert consumers to the presence of adware in files they are downloading, or is this adequate consent to install adware on a person’s computer?”
  8. For other tips on avoiding software intrusions, see “Protect yourself online, what you can do” (ConsumerReports.org: September 2004). Available at: http://www.consumerreports.org/main/detailv4.jsp?CONTENT%3C%3Ecnt_id+=461187.