Y2U.co.uk

 
 

Computers & Technology


 


Don't forget to have your say

Get the software from Amazon.co.uk

Spyware 2

Remedies and prevention

As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of getting spyware on a system.

Nonetheless, spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system.

Anti-spyware programs

Many programmers and some commercial firms have released products designed to remove or block spyware. Steve Gibson's OptOut, mentioned above, pioneered a growing category. Programs such as Lavasoft's Ad-Aware SE and Patrick Kolla's Spybot - Search & Destroy rapidly gained popularity as effective tools to remove, and in some cases intercept, spyware programs. More recently Microsoft acquired the GIANT AntiSpyware software, rebadging it as Windows AntiSpyware beta and releasing it as a free download for Windows XP, Windows 2000, and Windows 2003 users. In early spring, 2006, Microsoft renamed the beta software to Windows Defender, currently "beta 2." The renamed software for now exists as a time-limited beta test product that will expire (beta 1 in July 2006, and beta 2 in December, 2006). Microsoft has also announced that the product will ship (for free) with Windows Vista. Other well-known anti-spyware products include Webroot Spy Sweeper, Trend Micro's Anti-Spyware, PC Tools' Spyware Doctor, ParetoLogic's XoftSpy, iS3's STOPzilla and Sunbelt's CounterSpy (which uses a forked codebase from the GIANT Anti-Spyware product).

   

Major anti-virus firms such as Symantec, McAfee and Sophos have come later to the table, adding anti-spyware features to their existing anti-virus products. Early on, anti-virus firms expressed reluctance to add anti-spyware functions, citing lawsuits brought by spyware authors against the authors of web sites and programs which described their products as "spyware". However, recent versions of these major firms' home and business anti-virus products do include anti-spyware functions, albeit treated differently from viruses. Symantec Anti-Virus, for instance, categorizes spyware programs as "extended threats" and now offers real-time protection from them (as it does for viruses).

Anti-spyware programs can combat spyware in two ways:

  1. real-time protection, which prevents the installation of spyware
  2. detection and removal of spyware.

Writers of anti-spyware programs usually find detection and removal simpler, and many more programs have become available which do so. Such programs inspect the contents of the Windows registry, the operating system files, and installed programs, and remove files and entries which match a list of known spyware components. Real-time protection from spyware works identically to real-time anti-virus protection: the software scans incoming network data and disk files at download time, and blocks the activity of components known to represent spyware. In some cases, it may also intercept attempts to install start-up items or to modify browser settings.

Earlier versions of anti-spyware programs focused chiefly on detection and removal. Javacool Software's SpywareBlaster, one of the first to offer real-time protection, blocked the installation of ActiveX-based and other spyware programs. To date, other programs such as Ad-Aware and Windows AntiSpyware now combine the two approaches, while SpywareBlaster remains focused on prevention.

Like most anti-virus software, many anti-spyware/adware tools require a frequently-updated database of threats. As new spyware programs are released, anti-spyware developers discover and evaluate them, making "signatures" or "definitions" which allow the software to detect and remove the spyware. As a result, anti-spyware software is of limited usefulness without a regular source of updates. Some vendors provide a subscription-based update service, while others provide updates gratis. Updates may be installed automatically on a schedule or before doing a scan, or may be done manually. Not all programs rely on updated definitions. Some programs rely partly (for instance Windows Defender) or entirely (BillP's WinPatrol, and certainly others) on historical observation. They watch certain configuration parameters (such as the Windows registry or browser configuration) and report any change to the user, without judgment or recommendation. Their chief advantage is that they do not rely on updated definitions. Even with a subscription, a "critical mass" of other users have to have, and report a problem before the new definition is characterized and propagated. The disadvantage is that they can offer no guidance. The user is left to determine "what did I just do, and is this configuration change appropriate?"

If a spyware program is not blocked and manages to get itself installed, it may resist attempts to terminate or uninstall it. Some programs work in pairs: when an anti-spyware scanner (or the user) terminates one running process, the other one respawns the killed program. Likewise, some spyware will detect attempts to remove registry keys and immediately add them again. Usually, booting the infected computer in safe mode allows an anti-spyware program a better chance of removing persistent spyware.

 Logitech Wave Keyboard from Amazon.co.uk

"this is a perfectly adequate keyboard, with above average quality of construction."

 

Fake anti-spyware programs

Malicious programmers have released a large number of fake anti-spyware programs, and widely distributed Web banner ads now spuriously warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware or worse, may add more spyware of their own. [17] [18]

The recent proliferation of fake or spoofed antivirus products has occasioned some concern. Such products often bill themselves as antispyware, antivirus, or registry cleaners, and sometimes feature popups prompting users to install them. This is called Rogue software.

Known offenders include:

  • Malware Wipe
  • Pest Trap
  • SpyAxe
  • AntiVirus Gold
  • SpywareStrike
  • SpyFalcon
  • WorldAntiSpy
  • WinFixer
  • SpyTrooper
  • Spy Sheriff
  • SpyBan
  • SpyWiper
  • PAL Spyware Remover
  • Spyware Stormer
  • PSGuard
  • AlfaCleaner

For details, please see "Rogue/Suspect Anti-Spyware Products & Web Sites"

On 2006-01-26, Microsoft and the Washington state attorney general filed suit against Secure Computer for its Spyware Cleaner product. [19]

Virtual Machines

Using a virtual machine (such as a pre-built Browser Appliance for VMware Player) can inhibit infection by spyware, malware, and viruses. Virtual machines provide separate environments, so if spyware enters the virtual environment, the host computer remains unaffected. One can also use snapshots to remove one's private information, transporting the snapshot of the VM.

This environment resembles a sandbox. It has drawbacks in that it uses more memory (compared to a standalone browser) and it uses a lot of disk space.

Security practices

To deter spyware, computer users have found a number of techniques useful in addition to installing anti-spyware software.

Many system operators install a web browser other than Microsoft's Internet Explorer (IE), such as Opera or Mozilla Firefox. Though such web browsers have also suffered from some security vulnerabilities, because most users that are likely to fall for spyware aren't using them, these browsers are not targeted as much as Internet Explorer. Not a single browser ranks as safe, because in the case of spyware the security comes with the person who uses the browser.

Some Internet Service Providers particularly colleges and universities have taken a different approach to blocking spyware: they use their network firewalls and web proxies to block access to Web sites known to install spyware. On March 31, 2005, Cornell University's Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, Marketscore, and the steps the university took to intercept it. [20] Many other educational institutions have taken similar steps against Marketscore and other spyware. Spyware programs which redirect network traffic cause greater technical-support problems than programs which merely display ads or monitor users' behavior, and so may attract institutional attention more readily.

Some users install a large hosts file which prevents the users computer from connecting to known spyware related web addresses. However, by connecting to the numeric IP address, rather than the domain name, spyware may bypass this sort of protection.

Spyware may get installed via certain shareware programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack. Recently, CNet revamped its download directory: it has stated that it will only keep files that pass inspection by Ad-Aware and Spyware Doctor.

Notable programs distributed with spyware

  • Messenger Plus! (only if you agree to install their "sponsor" program)
  • Bonzi Buddy [21]
  • DivX (except for the paid version, and the "standard" version without the encoder). DivX announced removal of GAIN software from version 5.2. [22]
  • Dope Wars [23]
  • ErrorGuard [24]
  • FlashGet (free version) [25]
  • Grokster [26]
  • Kazaa [27]
  • Morpheus [28]
  • RadLight [29]
  • WeatherBug [30]
  • EDonkey2000 [28]

Sony's Extended Copy Protection involved the installation of spyware from audio compact discs through autorun. This practice sparked considerable controversy when it was discovered.

Notable programs formerly distributed with spyware

  • AOL Instant Messenger [31] (AOL Instant Messenger still packages Viewpoint Media Player)
  • EDonkey2000 [28]
  • LimeWire (all free Windows versions up to 3.9.3) [28]
  • WildTangent [31]

References and Notes

Wiki Source

Comments

a good introduction


 


Text and images from Wikipedia, the free encyclopaedia. under the GNU Free Documentation License  - Disclaimers  Please verify all information from other sources  as no liability can be accepted for the accuracy of this page.Published by Y2U.co.uk 

back to top