Scams, viruses hit home

SAN JOSE, Calif. — Susan Love's problems began with a smile.

The New York City fund-raiser clicked on a happy-face attachment in a friend's e-mail last year. The virus crashed her computer within an hour.

Love, 57, salvaged her data. But within a few months her computer's performance slowed to a crawl. In December 2003, she upgraded to a Sony Vaio with an extra-large monitor and Microsoft Windows XP operating system.

Within a few days, "spyware" — programs that sneak onto computers uninvited — began sponging up valuable memory. Then her e-mail stopped arriving.

Instead of crafting holiday e-mails, she spent hours installing the latest antivirus, anti-advertising and anti-spyware software. She also instituted a rule: Her computer never gets turned off, so security programs patch vulnerabilities around the clock.

"You have to become something of a nerd to make sure your computer is safe," said Love, a former English teacher who recently installed anti-adware on her daughter's computer. "If you don't sweep the computer every night, you could hit."

Love won't be the last to get a holiday crash-course in computer security. Hackers, spammers and spies go into overdrive in December and January, when unsuspecting neophytes unwrap new computers, connect to the Internet, and, too often, get hit with viruses, spyware and other nefarious programs.

"People want to get on the Net right away, just like they want to put together and start using any Christmas present," said Tony Redmond, chief technology officer of Palo Alto, Calif., computer giant Hewlett-Packard Co., whose new PCs ship with 60 days of virus and adware protection. "They should be warned that the Net is a very, very dangerous place."

Although few researchers produce holiday-specific security data, experts at IBM Corp., Dell Inc., Hewlett-Packard, software companies and Internet service providers agree that the holidays are prime time for hackers.

Holiday viruses are so rampant that consumers could be attacked even if their first online destination is to a Web site for updating security patches.

Kris Murphy, help desk coordinator for North Carolina Internet service provider Indylink.org, said his minister got attacked last year, only a few minutes after unpacking and connecting the machine. At the time of infection, the minister was updating security patches to Windows.