Building your PC:
Malware, Adware and Spyware
Spyware comprises a broad category of malicious software (sometimes referred to as malware that is generally designed to run on your computer and to take-over its operation without your consent; often for the benefit of a third party. It is probably fair to say that during 2005 spyware evolved into one of the pre-eminent threats to computers running Windows. However, unlike viruses and worms (to which they are related), spyware does not generally contain code by which it can self replicate.
However, spyware does share one feature in common with computer viruses in that spyware is generally designed to exploit infected computers for commercial gain. This is generally achieved by the delivery of unsolicited pop-up advertisements within web browsers or the display of a 'spoof' system message indicating that the computer's registry is damaged. Other forms of spyware hunt-out personal information within the system files before sending it to a third party (this can include credit card numbers as well as personal details). Other forms of spyware monitors web browsing activity for marketing purposes or performs the re-routing of web-page requests to advertising sites. More sophisticated forms of spyware can even interfere with web-search and web-advertising results so that certain websites appear.
The first modern form of spyware seems to have been written somewhere around the year 2000 and attacks have been increasing ever since. Indeed, a study performed by the US National Cyber-security Alliance in 2004 indicated that 80% of the computers surveyed had at least some form of spyware infecting them. Moreover, almost 90% of the computers' users were unaware of the spyware's presence despite the fact that on average there were 93 spyware components per machine. This reveals the true malicious nature of the problem in that most spyware elements are silent and work in the background. Despite this, these software elements are malicious in that they are harvesting details about you and transmitting these to someone else. This is also developing into a problem that is affecting everyone in that malware components, though they are far less common than on the Winds operating systems also affects Mac OSX and Linux.
Spyware: Where it Comes From, How it Infects
Unlike standard viruses which are generally transmitted from system to system, spyware does not attempt to directly transmit itself to another computer. Rather, spyware relies on the user himself installing it; though no sane user would deliberately install software that they knew would harm or disrupt their machine and their security. As a result these malicious applications tend to either piggy-back on a piece of useful or desirable software, being installed along with it (a problem with certain freeware/shareware applications and, unbelievably, certain products that purport to remove spyware!) [such software is called a Trojan Horse, in honour of Odysseus' ploy to enter Troy, as it smuggles something harmful in the guise of something intriguing or desirable] or they mimic system software of do something else that tricks the user into doing something that installs the software (bogus updates and patches to existing software being an example).
In some cases the spyware is distributed directly in the guise of a helpful piece of software such as a 'web accelerator' or a 'spyware eliminator'. The spyware may then generate popups that make it seem as if the registry is damages or that you have a virus present, all in an attempt at getting the user to buy additional software. Perhaps the most notorious example of spyware is that which comes bundled with shareware. The most infamous example of this is provided by the Gator spyware which is manufactured by Claria who actively encourage shareware developers to bundle this along with their software by paying them to do so. There are also cases of spyware authors re-packaging genuine and desirable shareware titles to deliver their own malicious code.
Other forms of spyware are delivered through security holes in the Windows Explorer web browser software. In common with other web browsers Explorer has been written to block unwanted downloads. This normally throws-up a dialogue box or a warning of some type. However, spyware authors have countered this by generating their own popups which may well mimic a standard Windows dialog box. Whatever the question asked and the options proffered by this dialogue box as soon as the user clicks on one of the options a download starts and the spyware is installed on the user's system. This has led many users to move towards alternate browsers such as Mozilla, Firefox and Opera. Though these browsers are now being targeted by spyware authors. The latest versions of Explorer have also had their security models tightened and this is one reason why it's very important to download the latest security patches from Microsoft's Windows Update Site.
The most insidious forms of spyware (eg Targetsoft) will modify system files so that it becomes very difficult to remove them. Such spyware also often change Windows Socket files and reduce web-browser and system-level security settings and even disable firewalls and anti-virus software so that it is easier for other viruses and spyware to infect the system. This is why a computer infected with spyware is often infected with multiple copies and types.
Spyware: What it Does
Most spyware applications display adverts to the user; the most annoying display popups every few minutes. Others offer pop-ups based on the user visiting certain websites. Many of these popup ads are highly animated and very colourful, adding to their nuisance value. Eventually the sheer accumulation of such pop-ups not only drives the user to distraction but also begins to slow the system down as more and more system resources go to displaying the popups. The latest generation of spyware acts as a web proxy and replaces ads on a legitimate website with ads targeted by the spyware itself. A new version of this king of spyware has been dubbed 'stealware' and this software perpetrates what has been dubbed affiliate fraud by replacing a legitimate affiliate's tag with one that belongs to the spyware author. As a result legitimate payments that should have gone to the affiliate are directed to the fraudster instead. Other forms of spyware hijack a user's dial-up connection and these utilize a computer's modem to call premium-rated numbers. A user attacked by these can end-up with hundreds of pounds worth of call charged that they never made but which were initiated by the spyware.
Perhaps the most insidious form of spyware attempts to gain user details, user names, passwords and bank details from the user's web sessions. These are sent to a third party and are closely associated with the crime of identity theft. The problem with spyware is the accumulation of malicious code and the damage that can be done to a system. In the worst cases the only solution may be to back-up any critical data, to re-format the hard drive and to re-install everything.
|
We now have a good idea of what spyware is, how it infects systems and what it does when it gets there. But before you become completely paranoid there are things you can do about the problem. First disinfect your system with a spyware removal tool. Then follow the steps outlined here to secure your system. |
Spyware: How to Protect Yourself
- Install an anti-spyware scanner.
- Lock-down your browser.
- Use and alternative browser.
- Always use Windows Update.
- Consider Linux/BSD.
There are a large number of spy-ware scanners out there, some commercial and even a few free ones, but do be careful which ones you chose as a number of the less reputable ones are actually spyware in disguise. However, one of these applications should be in every computer user's programmatic toolkit. As of this current writing no single anti-spyware software offers all the functions that one needs. As a result it may be best to use both a free (but reputable) spyware cleaner such as Spybot Search & Destroy or Microsoft's AntiSpyware (Beta) along with a commercial product such as Lavasoft's Ad-aware or McAfee's AntiSpy. Such applications generally combat spyware in two ways. They both afford real-time protection by preventing the installation of spyware and they detect and remove existing spyware.
Once your computer is free of adware contamination and you have protected against further infection the next step is to increase the security on your browser (which is the primary route of infection). The first thing to do is to configure the Internet Zone of Internet Explorer. Add sites you trust to the Trusted Sites zone and known bad sites to the Restricted Sites zone (for details on how to do this see here). When this is done only defined trusted sites will be able to run active content (AxtiveX, Java Applications and Applets, JavaScript) on your browser.
As has already been mentioned, most spyware gains access to your system via your browser and the most prevalent browser being targeted is Windows Explorer. The security models in alternate browsers such as Mozilla, Firefox and Opera are better than those of MSIE and thus they are less open to spyware attack. Which is not to say that they are entirely invulnerable as spyware creators are now attempting to attack these browsers. You should also note that even if you are using an alternate browser, IE is so tightly integrated into Windows that you should also lock this down for it is vulnerable even when not running.
It is obviously advantageous to for Microsoft to eliminate as many means of attack from their software as possible. As a result, once they have identified a vulnerability they publish so-called 'Critical Updates' to plug the security hole. Indeed, Microsoft has an entire Windows Update site to automatically update users' systems and software with the latest patches and fixes. You should use this on a regular basis to update your system software.
This may be a very 'geeky' solution to the problem... But if you're not a heavy gamer and wedded to Windows because of games applications then you should seriously consider installing and running an unix-based operating system such as Linux/BSD/Mac OSX as the security model is much more secure in these.
As you can see, the threat is out there and prevalent but the means to protect yourself is available and good security can be achieved fairly cheaply.
|
If you enjoyed this page and would like to get more tips, tricks and offers to help you make the most of your most of your web presence please sign up for my Weekly e-mail newsletter. Please note that your details will never be sold and shared with others. You are signing-u for my e-mail only. |
|
A quick and simple way to fix and optimize your Registry.
|