An astounding new study from Forrester Data says that 21 percent of consumers surveyed have bought computer software offered by unsolicited spam e-mail.

Talk about a bad idea! These too-good-to-be-true prices hook you up with pirated products and compromise any credit-card information you pass along to their unsavory vendors.

Where does that spam come from? In many cases, it's being routed through machines that have been hijacked without their owners' knowledge and turned into spam dispensers, usually by so-called spyware programs. And as if there weren't enough to worry about this holiday season, along comes the news that some of the commercial spyware products now on the market install spyware of their own.

So beware of programs such as SpyAssault and MyNetProtector, which PC World recently found were loading programs that tried to connect to the Internet for traditional spyware purposes -- hijacking the Web browser, for example, so the user sees a marketer's Web site. Not only that, but some spyware pop-ups mimic the appearance of Windows dialog boxes. Click and you get the full ad pitch, with bogus scans to scare you into buying a spyware product.

So are there any legitimate spyware killers out there? Sure. SpyBot Search & Destroy, for example, is a free and excellent spyware hunter (security.kolla.de). But if you're looking for a commercial product, let me recommend the $30 Giant AntiSpyware program. One thing I like about this program is the anti-spyware community the company is building. Called SpyNet, it has reports from 600,000 contributors identifying the latest spy threats.

Like viruses, spyware programs are always mutating, so keeping up with the changes is critical. I've written in the past about the CloudMark SpamNet product. It uses not only its own database, but also input from users who identify spam the filter has missed. The networked result is one of the best anti-spam products on the market, and it's that same network principle that SpyNet uses on spyware.

Giant AntiSpyware now has more than a million signatures -- think of these as identifiers for spyware programs -- and counting. That spam connection I mentioned earlier shows up here. When I talked to the company's co-founders Ron Franczyk and Andrew Newman recently, they told me that many of the same people behind spam are now engaging in spyware activities. Spyware is the new frontier of fraudulence.

I don't recommend using just one spyware product. In most tests I've seen, the occasional spy program slips past even a comprehensive search. But when I use other products such as SpyBot to check my system, I find few problems since I've installed Giant AntiSpyware. Its auto-update feature keeps it current, and I like the security agents it provides to analyze all system changes, warning you if something could be the result of spyware activity.

One other spyware program I've found useful is the $40 PestPatrol (www.pestpatrol.com). Like the Giant AntiSpyware product, PestPatrol provides automatic updates that protect against everything from browser hijackers to spyware cookies. It's also got a nice interface, one showing just how dangerous a given spyware program is and what it can do to your security, with links back to the PestPatrol site.

What a world: We're swamped with spam that has gone from being a nuisance to a malicious attack upon our security, abetted by spyware authors who try to connect our PCs to their own shady networks.

With no easy remedy in sight, I urge you to do the minimum by downloading SpyBot or Ad-Aware SE Personal Edition (www.lavasoft.de), and then consider whether the additional protection provided by one of the above programs makes sense for you.