Google

Sunday, August 03, 2003

Fight Spyware

Spyware: They Came From Cyberspace

Ken Dwight sneers at a survey showing more than 90 percent of computer users who access the Internet via high-speed connections have spyware on their computer. He doesn't believe it.
"From what I'm seeing, it's more like 100 percent," he says.

Dwight, a Houston computer consultant who specializes in virus and spyware removal, works mostly with small businesses and home users.
No one is spared, he says.

"Just about every PC I look at has something on it, whether it's a hijacked Web page, some kind of search bar that phones home, or adware that comes as part of another program," he says.
Forget viruses. Spyware, adware, hijackware and parasiteware have become the new Axis of Evil for computer users. The programs can report your computing behavior to others, serve up ads you may or may not want, or change your browser's startup and search pages. They are often piggybacked on software offered as free.

These programs can ruin both the online and offline experience, slowing a personal computer to a crawl, changing system settings and even prevent victims from getting to common pages on the Internet.

The problem has become so widespread that there's now talk of anti-spyware legislation similar to the federal CAN-Spam Act passed last year.

The National Cyber Security Alliance, a collaborative effort between the computer industry and the U.S. Office of Homeland Security, determined in a June 2003 study that 91 percent of all home users of broadband Internet access -- typically the phone companies' DSL service and the cable TV industry's cable modem option -- have some form of spyware or adware on their PCs.
Increasingly, users may have some kind of spyware or adware on their systems and not even be aware of it. Even scanning software designed to detect and remove it may be ineffective.
"I've seen programs that can change the names of their .EXE files," said Dave Methvin, PC Pitstop's chief information officer, referring to the part of a Windows-based software package that actually launches the program. "You go to delete the file, and it comes back with a different name."

Spyware is primarily a problem for Windows users, and particularly for those who use Internet Explorer.

Here's a guide to avoiding and removing spyware, adware and browser hijackers on Windows PCs that use Internet Explorer. It requires a basic knowledge of how Windows works, and it is highly recommended that you back up any crucial data or programs on your personal computer before trying to remove spyware.

Step 1: Avoid Spyware

The best strategy in the fight against spyware is to avoid it altogether. With a little vigilance, common sense and safe-surfing practices, you may never need to follow the steps in the rest of this guide.

• Update software. Keep your operating system and most-used programs updated with the latest patches and fixes. Some spyware programs, like viruses, take advantage of known security flaws in Windows and Internet Explorer.

• Avoid bad online neighborhoods. Just as you wouldn't go walking late at night in a bad part of town, don't go wandering around Web sites with questionable content. Sites that offer pornography, free downloads of copyrighted music and hacked copies of popular software programs are often also distributors of spyware and browser hijackers.

• Just say no. Web sites of all types may try to install plug-ins to your browser. Some are fine, such as Macromedia's popular Shockwave plug-in for viewing Flash animations. Others, though, can install spyware or hijack your browsers. When a site wants to install software, you'll see a popup called a certificate that will give you some information about the software and who is offering it. If it's a name you know -- such as Microsoft, Macromedia, Apple, etc. -- it's probably safe. But if you don't recognize it, or particularly if the plug-in offers to provide free software, music or porn, then decline.

• Tweak your settings. Your browser's security settings for Internet Explorer should be set to at least medium to prevent automatic launching and installation of Active X and Java programs which are often used to perform actions in a Web browser. In IE, click on Tools, Options, then Security. From here you can adjust your settings. Keep in mind that if you increase security above medium, some Web sites may not work properly.

• Investigate free software. Although there is lots of free software that really is free, a lot of it comes with a catch. Do some research before downloading a program by entering its name into a search engine such as Google along with the words "adware" or "spyware." Carefully read the fine print on the program's source Web site, and if you do install it, pay close attention to the licensing agreement that will appear as art of the installation routine.
Certain kinds of software are more apt to contain spyware or adware than others. For example, peer-to-peer, music-file-sharing programs, such as Kazaa or Grokster, are notorious for components that come along for the ride. In general, any free software that purports to get you something else for free is likely to contain spyware or adware.

Step 2: Let Windows Remove It

Some spyware and adware programs do allow computer users to remove them easily. Check in the Add/Remove Programs module in the Windows control panel for the offending item. Try running the uninstall process.

If you don't see it listed there, check in the Windows Program Groups -- Start, Run, Programs -- for a folder related to the program. If there is a corresponding folder, there may be an uninstall icon inside it.

Some spyware uninstallers, though, will only generate error messages. If that's the case -- or if no uninstaller can be found -- you'll need to take more drastic measures.

Step 3: Spyware Removal Software

Spyware has become such a universal problem that an entire industry has grown up around software designed to remove it. Initially the purview of developers of shareware and freeware, the demand for spyware removal tools has inspired giants such as Symantec and Network Associates to jump into the market.

But the most popular programs -- and often the most effective -- remain those developed and created by programmers as freebies online.

A warning: Spyware removal programs aren't perfect. They won't remove all programs, and using them could cause other programs to stop functioning -- for example, if you remove adware that's required for another program to work. And some of them make changes to key system files, including the Windows Registry. Use at your own risk.

• AdAware -- www.lavasoft.de One of the most popular removal programs, AdAware takes aim both at spyware and browser cookies. It's also one of the simplest to use.

After installing, check for online updates to its database of bad programs and download it if one's available. Follow the prompts to check your computer for spyware and tracking cookies.

When it's completed -- it may take several minutes -- you'll see a list of cookies and possible programs. Right-clicking on any program in the list brings up a menu with lots of options, including the ability to select all the items on the list. Once you've chosen the items to remove, click Next and AdAware will delete them.

If you remove something you later wish you hadn't, AdAware's Quarantine feature lets you restore it.

• Spybot Search & Destroy -- www.safer-networking.org A little harder to use but more thorough, Spybot Search & Destroy is the other leader in spyware removal.

After installing, you can launch Spybot in either advanced or easy mode. Spybot also can download updated information about new spyware programs, so be sure and download its definition files before scanning.

Like AdAware, a scan takes a few minutes and produces a list of suspects. You can click on some items and get more detail about them before deciding whether to delete them.
Spybot also has an Immunize feature, making it impossible for some programs to change them. In Advanced mode, you can delve deep into system settings, including turning off programs that are set to launch at startup.

Here's a tip for both AdAware and Spybot. Restart your computer before running either one, and don't launch any browsers before launching Spybot or AdAware. This prevents programs designed to launch with the browser from loading into Windows' memory and can can keep them from being removed. Failing that, try running both in Windows' Safe Mode (at bootup, just before the Windows startup logo appears, hit the F8 key, and at the menu that appears, choose Safe Mode). This keeps spyware from launching when Windows itself starts up.

• Hijack This! -- www.spywareinfo.com/~merijn/ A program designed to fix browsers whose home pages and settings have been altered or "hijacked," Hijack This! requires some knowledge to be used safely.

After scanning your system, which takes just a few seconds, it shows in a single window a list of items that could be related to browser hijackings.

• CW Shredder -- www.spyware.info.com/~merijn/ Developed by the same author as Hijack This!, CW Shredder removes a very common piece of spyware known as the Coolwebsearch Trojan. It takes advantage of a flaw in a key component of Windows -- Microsoft's version of the Java Virtual Machine -- to install itself via popups often found on porn and illegal software (a.k.a. "warez") sites.

Run CW Shredder after installing, and have it look for updates. Then click the "Fix" button, and the the program will both scan and fix any problems it finds. If your system does not have this kind of spyware, it will give you the good news.

Step 4: Turning Off Spyware

In those cases where spyware is stubborn, you may be able to prevent it from starting up when Windows launches.

If you are using Windows 98, ME or XP, click on Start, Run, then type MSCONFIG and hit Enter. This will bring up the System Configuration Utility, and from here click the Startup tab.
Here you'll find programs that are activated when Windows boots, and by unchecking the boxes next to them, you can prevent most of them from starting. The list can be mystifying for even experienced computer users, but there's a searchable guide to the most common startup programs at www.sysinfo.org/startuplist.php.

Once you've determined what you need or don't need, you can uncheck the undesirables, then click Apply and OK. Restart your computer.

After the restart, the utility will appear again. You can check to see if any of the items previously unchecked have been rechecked, which some of the nastier spyware programs will do.

(Windows 2000 users will discover that the System Configuration Utility is not available on their PCs. Instead, try using Startup Control Panel, available at www.mlin.net/StartupCPL.shtml.)

Step 5: Removing Browser-based Spyware

Some spyware components are browser plug-ins, also known as Browser Helper Objects.
You can find Browser Helper Objects, or BHOs, in the Temporary Internet Files area. Click Tools, Options, then Settings on the General tab. From there, click on View Objects.

A folder called Downloaded Program Files will appear, and from here you can identify and possibly delete suspected BHOs. As with the startup items found in the System Configuration Utility, the item names can be cryptic. A list of common BHOs can be found at www.sysinfo.org/bhoinfo.php.

You may find you cannot remove some, because the browser is open and using them. An alternative is to restart the computer, then go to the Internet Options module via the Control Panel. This lets you get to the same menus without opening IE.

You can also get to it by clicking on My Computer, the C: drive, the Windows folder, and then opening the Downloaded Program Files folder.

Finally, if those tricks don't work, try removing the BHOs while in Windows' Safe Mode, again making sure you don't launch Internet Explorer first.

Even these strategies may not work. For advanced help, try some of the tips located at www.spywareinfo.com, or ask the experts that hang out in the forums there.

Types of spyware

• Adware: Software that displays ads, a trade-off for the program being offered free. May or may not report surfing behavior to advertisers.

• Spyware: Software that reports anything from Web site visits to keystrokes and passwords to a third party. May or may not display ads.

• Parasiteware: Software that is included in a stealth fashion with another program. Indications that it's included with a program are usually buried in the host software's license agreement.

• Browser hijackers: Software that changes the home page and other settings on a Web browser. May also prevent access to some Web pages.

• Cookies: Mostly harmless, used by Web sites to store passwords and settings, or for webmasters to see what areas of their own sites are most popular. But some, called data miners, may report surfing behavior across Web sites.

Got spyware?

Here's how you may be able to tell:

• Lots of popups -- Excessive popup windows while in the browser. Some may appear when the browser isn't running. They may contain offensive images, such as pornography.

• Mystery icons -- The appearance of unknown icons on the desktop.

• Mystery toolbars -- The appearance of extra toolbars top Internet Explorers, linked to unfamiliar search engines, or with specific purposes, such as searching for pornography.

• Slow system performance -- Your PC behaves sluggishly, particularly when connected to the Internet.

• Instability -- Your system crashes, or in Windows 95/98/ME, system resources are quickly depleted.

• Hijacked startup pages -- Your browser's startup page changes to something you didn't choose, and attempts to restore it are unsuccessful.

• Redirected Web sites -- Clicking on a popular Web site (particularly search engines), or entering its address manually, brings up a completely different site.

------

This article originally appeared in the Houston Chronicle on April 15, 2004 and was written by Dwight Silverman.

2 Comments:

Blogger tweedledeetweedledum said...

This blog is awesome! If you get a chance you may want to visit this accounting software site, it's pretty awesome too!

7:05 AM  
Blogger Adele said...

Hi, I was just surfing around and found you!, if you would like to see my Anti Spyware related site. It isnt anything special but you may still find Anti Spywarestuff of some interest.

1:36 PM  

Post a Comment

<< Home

Who links to me?