|
What is
Spyware?
Spyware
is Internet jargon for Advertising Supported Software, aka
Adware.
Adware was originally intended as a unique revenue source for software programmers,
web content providers,
and advertising agencies. Rather than sell the
software or sell subscriptions to web content, they
would provide free access to anyone prepared to tolerate
built-in advertising. Sometimes there was an option to remove
these ads and banners, but only if you paid a fee.
Why is it
called "Spyware" ?
While this may be a interesting
idea, the downside is that
adware
advertising companies also install
additional tracking software on your computer, which is continuously
sending back information, using your Internet connection!
While according to most privacy policies of these companies, there
will be no sensitive or identifying data collected from your system
and you shall remain anonymous, it still remains the fact that you
have software on your computer that is
sending information about you, your computer, and your internet habits to a remote
location.....
Are all
Adware products "Spyware"?
No, but most are. There are also products that display advertising
but do not install any tracking software on your system.
Is
Spyware illegal?
Even though the name may indicate so, Spyware is not an illegal type
of software (at least not yet). However there are certain privacy issues that a
user may object to and therefore prefer not to use the product. This
usually involves the tracking and sending of data and statistics via
a server installed on the user's PC and the use of your Internet
connection in the background.
What
about privacy?
While "legitimate" adware companies will disclose the nature of data
that is collected and transmitted in their privacy statement, there
is almost no way for the user to actually control what data is being
sent. The fact is that the technology is in theory capable of
sending much more than just internet statistics - and this is why many
people feel uncomfortable with the idea.
Will it harm
my computer?
Many internet users are using advertising supported "spyware"
products and are unconcerned about the privacy issues. In fact
some "Spyware" and "Adware" programs are among the most popular
downloads on the Internet. Weatherbug®
for example is considered adware but technically not spyware
(visit
www.pchell.com
for more info on the adware vs. spyware debate of Weatherbug®).
However,
the real problem with most spyware is the fact
that is can cause
computer
failures
- system slow-downs, lock-ups, and internet connection failures.
This costs users and companies millions of dollars each year to
remove and repair problems related to spyware. Also, most spyware
cannot be easily removed. Just imagine 10 or 20
different spyware programs on your computer system, all working at
the same time, collecting data and transmitting this back to a
remote web site. Just one code related bug or incompatibility can
send your system into failure, or make it work so slow you think
your system is un-responding. You might even think you need an
upgrade! It is quickly becoming the most reported computer
related problem so far, even more serious than viruses.
Real spyware...
There are also many
PC surveillance tools
that allow a user to monitor all kinds of activity on a computer,
from keystroke capture, snapshots, email logging, chat
logging and just about everything else. These tools are often
designed for parents, businesses, and similar environments, but can
be easily abused if they are installed on your computer without your
knowledge.
These tools are perfectly legal in most places, but, just like an
ordinary tape recorder, if they are abused, they can seriously
violate your privacy.
How do computers get infected with spyware?
There are several ways computers become infected with spyware (and
malware in general). First, the most common way to become
infected is by clicking on links that take you to web sites with
built-in content that is intentionally programmed with code that
infects your computer (i.e. active scripting. See the section
below). You cannot know when a web site has
this code, so don't blame yourself for using the internet as it was
intended. Second, your computer can become infected by
installing software on your computer that also has this code.
For example, you may see a download link for a "free" utility that
you might find useful, only to discover that this was just a trojan
horse intended to only infect your system with spyware. There
are two ways to prevent your system from getting infected: 1) Turn
off active scripting in Internet Explorer (or use Firefox, a browser
that does not use active scripting). To turn off active
scripting in Internet Explorer, see the section on active scripting
below. 2) Add a blocked list of know web sites with
malware content to your restricted sites in your browser
preferences.
Scripting
Active scripting is
"Microsoft's® technology that
allows different software components to interact with one
another in a networked environment" such as the internet.
ActiveX controls (also a Microsoft®
technology) are downloadable software controls that
enhances your Internet Explorer web browser by
providing content such as buttons and pop-up menus. Together
these are know as "Active Content".
The simple fact is that not all internet content is "friendly" -
some web sites contain carefully crafted scripting code that can harm your
computer by silently installing malware or by modifying your
operating system. The
problem is that you have no way of knowing which web sites are
"friendly" and which are not. Until the industry
solves this problem, you can protect yourself by turning off
browser scripting and ActiveX controls or by using a browser (such as
Firefox®)
that does not use either. Although the exact method of
disabling scripting is different in each version of Internet
Explorer, read Microsoft's®
article on
"How to disable active content in Internet
Explorer". Be aware that
active scripting is required to receive Microsoft® Windows™ and Office™
updates. If you use Microsoft's Outlook Express, read the
article
"How to Disable Active Scripting in
Outlook Express".
For now, we recommend using
Firefox®
for most internet browsing, and Internet Explorer (with active
scripting enabled) for getting updates.
Another popular, more secure language is
Java™.
Java code requires a "interpreter" to execute, and is
known as the Java™
Virtual Machine (JVM). Most web browsers can execute Java™
applets because the JVM is built-in to the browser.
However, some Java™
exploits have been discovered, so it is recommended that you
install the most recent JMV. Goto
www.java.com
to download and install the latest version. You can
disable Java™
by
following these instructions from CERT.
See this
US-CERT
article on how to protect yourself from scripting
attacks.
How do I know
I have Spyware on my computer?
Most people start to notice
problems with their computer such as a sudden change in their web
browser's home page, or lots of pop-up ads. You may start to
get porn-related ads, or be re-directed to web sites that you have
never visited or would ever visit. You may notice that your
computer is slower than usual. Or you might not notice
anything at all. Here is a short list of some things to look
for:
 An abundance of pop-up
ads
Porn related advertising
(including sudden change in e-mails)
Sudden change in your
browser's home page
Web redirection (also
know as hijacking) to unusual web sites
Over-all slowness
Inability to surf the web
or dial-up your internet provider
Sudden lock-ups
Changes to Windows
Background Wall Paper
Search Engine has been
changed to one you have never seen before
How do I
detect and remove Spyware from my computer?
There are
several programs available that can be used to detect and remove
spyware from your computer. No single anti-spyware solution is
perfect, so often two or more different programs are required to completely remove all
spyware from your computer.
Adaware™ (free)
Spybot Search & Destroy™ (free)
Microsoft's Windows Defender™
(free)
Spy Sweeper™
(commercial)
Don't be surprised that you may need expert help in
removing some spyware from your computer. There are variants
of some very nasty spyware that will do everything it can to prevent
removal from your system. Aside from backing up your files and
re-installing your operating system from scratch, the best way to
keep your system clean is prevention.
Should I use any
Anti-Spyware removal software?
No! There are hundreds of trojan (i.e.. fake) anti-spyware programs that
are in fact spyware! This is a new way to get unsuspecting
users to actually infect their systems - by pretending to be an
anti-spyware program. Be very careful when selecting your
anti-spyware software. At this time, we recommend only the 4
software programs list above. For more information on fake
anti-spyware programs, go to
www.spywarewarrior.com/rogue_anti-spyware.htm
My computer has a pop-up that says I'm infected with
spyware. What should I do?
Unless this message is from your anti-virus or anti-spyware program,
DO NOT BELIEVE IT! Spyware programmers are reaching new lows
by actually generating totally fake "scare boxes" to get
unsuspecting users to install software that supposedly cures the
computer of any detected spyware or malware. These pop-up boxes may
look like real Windows error messages, but are in fact fake - they
attempt to scare you in to believing that your computer is infected
with malware, and then attempts to get you to install and later
purchase the "cure". If you see any message like these, you
are already infected with some kind of malware - time to call your
computer Tech for help.
Other Links:
Microsoft's® Anti-Spyware Home Page
Carnegie Mellon University, "Computer Security" Guide
Center for Democracy
and Technology, "Spyware Legislation"
Spywareguide.com's list of know spyware
Spyware Warrior.com
How do I stop
Pop-up Ads?
First, stop
the Windows messenger service in 2000/XP.
Click here for instructions.
Next, detect and remove any spyware. See the links above.
If you have
Windows® XP SP2 installed, make sure the
pop-up manager
is activated. For other versions of Windows, install
a pop-up blocking program such as
Panicware's™ Pop-up
Stopper Free Edition, or
Google's™ toolbar
add-in.
Protect Yourself by "Sandboxing"
One of the
newest ways to protect yourself from malware is to use a form of
software virtualization called browser
sandboxing. Basically
it's a software program designed to act as a gateway between the
internet and your computer that prevents scripting code from
infecting your system with spyware or viruses (or any kind of
malware). Once your internet session is terminated by
closing your browser any scripts that remain in memory are also
terminated. As a result, your computer stays clean.
Although not perfect, it currently one of the best ways to
prevent malware infection. You could also take sandboxing
to the next level, by completely
virtualizing the entire
computer, not just your browser. This is often done by
software developers that want to test programs or operating
systems for stability (i.e. errors). A popular free browser sandbox
is "Sandboxie".
For a more system-wide approach "Blink®
Professional" provides
intrusion detection, anti-virus, and program sandboxing.
The personal version is free.
For total computer virtualizing see Microsoft's™
"Virtual
PC", and
Parallels'™
Workstation.
The Next
BIG thing..
Now that
spyware has been targeted as a threat to both security and
system stability, spyware programmers have found a new and
potentially dangerous way of circumventing detection -
Rootkit Technology.
Basically, this is a way for a program to bypass normal API
programming rules and hook directly into the Windows operating
system. This will have the effect of making the spyware
totally hidden and un-removable! Currently,
most anti-spyware tools cannot detect Rootkit Technology and cannot
remove them from your system. Thankfully, you can detect Rootkits on your computer by downloading and running
SysInternals™ free
RootKitRevealer program. Also,
Grisoft.com has a free
rootkit revealer. For
more information on Rootkits, read Trend Micro's article "Rootkits
- The new wave of invisible malware is here" (Acrobat® Reader
or PDF reader
required).
(Click
Here to print this article.
Acrobat® Reader
or PDF Reader
is required.)
|
Facts
There are thousands of spyware
tracking software on the internet.
Spyware
Central