Bad guys love to prey on gift PC purchases

?

?

Got a new PC? It's important that you get antispyware and antivirus software installed as soon as possible.

RACHEL KONRAD
The Associated Press

SAN JOSE, Calif. - Susan Love's problems began with a smile.
The New York City fund-raiser clicked on a happy-face attachment in a friend's e-mail last year. The virus crashed her computer within an hour.

Love, 57, salvaged the data. But within a few months, her computer's performance slowed to a crawl. In December 2003, she upgraded to a Sony Vaio with an extra-large monitor and Microsoft Windows XP operating system.

Within a few days, "spyware" - programs that sneak onto computers uninvited - began sponging up valuable memory. Then her e-mail stopped arriving.

Instead of crafting holiday e-mails, she spent hours installing the latest antivirus, antiadvertising and antispyware software.

She also instituted a rule: Her computer never gets turned off, so security programs patch vulnerabilities around the clock.

"You have to become something of a nerd to make sure your computer is safe," said Love, a former English teacher who recently installed anti-adware on her daughter's computer. "If you don't sweep the computer every night, you could (get) hit."

Love won't be the last to get a holiday crash course in computer security.

Hackers, spammers and spies go into overdrive in December and January, when unsuspecting neophytes unwrap new computers, connect to the Internet, and, too often, get hit with viruses, spyware and other nefarious programs.

"People want to get on the Net right away, just like they want to put together and start using any Christmas present," said Tony Redmond, chief technology officer of Palo Alto, Calif.-based computer giant Hewlett-Packard Co. "They should be warned that the Net is a very, very dangerous place."

Hewlett-Packard's new PCs ship with 60 days of virus and adware protection.

Although few researchers produce holiday-specific security data, experts at IBM Corp., Dell Inc., Hewlett-Packard, software companies and Internet service providers agree that the holidays are prime time for hackers.

Holiday viruses are so rampant that consumers could be attacked even if their first online destination is to a Web site for updating security patches.

Kris Murphy, help desk coordinator for North Carolina Internet service provider Indylink.org, said his minister got attacked last year a few minutes after unpacking and connecting the machine.

At the time of infection, the minister was updating security patches to Windows.

"Hackers know that you are most vulnerable as soon as you go online for the first time," said Murphy, whose 10-person company hires temporary consultants during the holidays to handle higher call volume. "Inexperienced people tend to fall into traps more readily because they don't recognize that this guy might be trying to get your credit card information."

Technology executives describe the relationship between hackers and security programmers as an arms race. Both sides keep ratcheting up fire power.

But lack of consumer awareness, if not downright naivete, allows the war to escalate.

According to a recent survey by the National Cyber Security Alliance, of the 185 million Americans with home computers, 1 in 3 says he'll never get hit by viruses or other cyberattacks.

In a Consumer Reports magazine study, 36 percent of U.S. home computers showed signs of being infected with spyware, and 41 percent of surveyed households said they actively tried to prevent it.

American businesses are savvy about firewalls, spam filters, multiple passwords and other network protections, says Stuart McIrvine, director of corporate security strategy at IBM.

But problems at the consumer level, from spyware to security risks in coffee shop wireless networks, are so severe that every hardware and software vendor should be worried about a backlash.

Seasonal attacks start around Thanksgiving, when online shopping begins an annual spike and marketers pummel consumers with junk e-mail, from the perfect stocking stuffer for a balding spouse to a limited-offer holiday cruise.

"W32/Zafi-D," a mass mailing and peer-to-peer worm, harvests addresses from Windows address books and other files.

Infected e-mails' subject line begins, "Merry Christmas!" and the text reads, "Happy Hollydays."

Tony Ross, analyst at British security firm Sophos Plc., advises consumers to get a CD-ROM with the newest updates from their electronics vendor, next-door neighbor or the computer at their office before connecting to the Internet.