Y2U.co.uk

Computers & Technology

Spyware 2

Remedies and prevention

As the spyware threat has worsened, a number of techniques have emerged to counteract it. These include programs designed to remove or to block spyware, as well as various user practices which reduce the chance of getting spyware on a system.

Nonetheless, spyware remains a costly problem. When a large number of pieces of spyware have infected a Windows computer, the only remedy may involve backing up user data, and fully reinstalling the operating system.

Anti-spyware programs

Many programmers and some commercial firms have released products designed to remove or block spyware. Steve Gibson's OptOut, mentioned above, pioneered a growing category. Programs such as Lavasoft's Ad-Aware SE and Patrick Kolla's Spybot - Search & Destroy rapidly gained popularity as effective tools to remove, and in some cases intercept, spyware programs. More recently Microsoft acquired the GIANT AntiSpyware software, rebadging it as Windows AntiSpyware beta and releasing it as a free download for Windows XP, Windows 2000, and Windows 2003 users. In early spring, 2006, Microsoft renamed the beta software to Windows Defender, currently "beta 2." The renamed software for now exists as a time-limited beta test product that will expire (beta 1 in July 2006, and beta 2 in December, 2006). Microsoft has also announced that the product will ship (for free) with Windows Vista. Other well-known anti-spyware products include Webroot Spy Sweeper, Trend Micro's Anti-Spyware, PC Tools' Spyware Doctor, ParetoLogic's XoftSpy, iS3's STOPzilla and Sunbelt's CounterSpy (which uses a forked codebase from the GIANT Anti-Spyware product).

Please be aware of fake_anti-spyware_programs

Major anti-virus firms such as Symantec, McAfee and Sophos have come later to the table, adding anti-spyware features to their existing anti-virus products. Early on, anti-virus firms expressed reluctance to add anti-spyware functions, citing lawsuits brought by spyware authors against the authors of web sites and programs which described their products as "spyware". However, recent versions of these major firms' home and business anti-virus products do include anti-spyware functions, albeit treated differently from viruses. Symantec Anti-Virus, for instance, categorizes spyware programs as "extended threats" and now offers real-time protection from them (as it does for viruses).

Anti-spyware programs can combat spyware in two ways:

real-time protection, which prevents the installation of spyware
detection and removal of spyware.

Writers of anti-spyware programs usually find detection and removal simpler, and many more programs have become available which do so. Such programs inspect the contents of the Windows registry, the operating system files, and installed programs, and remove files and entries which match a list of known spyware components. Real-time protection from spyware works identically to real-time anti-virus protection: the software scans incoming network data and disk files at download time, and blocks the activity of components known to represent spyware. In some cases, it may also intercept attempts to install start-up items or to modify browser settings.

Earlier versions of anti-spyware programs focused chiefly on detection and removal. Javacool Software's SpywareBlaster, one of the first to offer real-time protection, blocked the installation of ActiveX-based and other spyware programs. To date, other programs such as Ad-Aware and Windows AntiSpyware now combine the two approaches, while SpywareBlaster remains focused on prevention.

Like most anti-virus software, many anti-spyware/adware tools require a frequently-updated database of threats. As new spyware programs are released, anti-spyware developers discover and evaluate them, making "signatures" or "definitions" which allow the software to detect and remove the spyware. As a result, anti-spyware software is of limited usefulness without a regular source of updates. Some vendors provide a subscription-based update service, while others provide updates gratis. Updates may be installed automatically on a schedule or before doing a scan, or may be done manually. Not all programs rely on updated definitions. Some programs rely partly (for instance Windows Defender) or entirely (BillP's WinPatrol, and certainly others) on historical observation. They watch certain configuration parameters (such as the Windows registry or browser configuration) and report any change to the user, without judgment or recommendation. Their chief advantage is that they do not rely on updated definitions. Even with a subscription, a "critical mass" of other users have to have, and report a problem before the new definition is characterized and propagated. The disadvantage is that they can offer no guidance. The user is left to determine "what did I just do, and is this configuration change appropriate?"

If a spyware program is not blocked and manages to get itself installed, it may resist attempts to terminate or uninstall it. Some programs work in pairs: when an anti-spyware scanner (or the user) terminates one running process, the other one respawns the killed program. Likewise, some spyware will detect attempts to remove registry keys and immediately add them again. Usually, booting the infected computer in safe mode allows an anti-spyware program a better chance of removing persistent spyware.

Fake anti-spyware programs

Malicious programmers have released a large number of fake anti-spyware programs, and widely distributed Web banner ads now spuriously warn users that their computers have been infected with spyware, directing them to purchase programs which do not actually remove spyware — or worse, may add more spyware of their own. ^[17] ^[18]

The recent proliferation of fake or spoofed antivirus products has occasioned some concern. Such products often bill themselves as antispyware, antivirus, or registry cleaners, and sometimes feature popups prompting users to install them. This is called Rogue software.

Known offenders include:

Malware Wipe
Pest Trap
SpyAxe
AntiVirus Gold
SpywareStrike
SpyFalcon
WorldAntiSpy
WinFixer
SpyTrooper
Spy Sheriff
SpyBan
SpyWiper
PAL Spyware Remover
Spyware Stormer
PSGuard
AlfaCleaner

For details, please see "Rogue/Suspect Anti-Spyware Products & Web Sites"

On 2006-01-26, Microsoft and the Washington state attorney general filed suit against Secure Computer for its Spyware Cleaner product. ^[19]

Virtual Machines

Using a virtual machine (such as a pre-built Browser Appliance for VMware Player) can inhibit infection by spyware, malware, and viruses. Virtual machines provide separate environments, so if spyware enters the virtual environment, the host computer remains unaffected. One can also use snapshots to remove one's private information, transporting the snapshot of the VM.

This environment resembles a sandbox. It has drawbacks in that it uses more memory (compared to a standalone browser) and it uses a lot of disk space.

Security practices

To deter spyware, computer users have found a number of techniques useful in addition to installing anti-spyware software.

Many system operators install a web browser other than Microsoft's Internet Explorer (IE), such as Opera or Mozilla Firefox. Though such web browsers have also suffered from some security vulnerabilities, because most users that are likely to fall for spyware aren't using them, these browsers are not targeted as much as Internet Explorer. Not a single browser ranks as safe, because in the case of spyware the security comes with the person who uses the browser.

Some Internet Service Providers — particularly colleges and universities — have taken a different approach to blocking spyware: they use their network firewalls and web proxies to block access to Web sites known to install spyware. On March 31, 2005, Cornell University's Information Technology department released a report detailing the behavior of one particular piece of proxy-based spyware, Marketscore, and the steps the university took to intercept it. ^[20] Many other educational institutions have taken similar steps against Marketscore and other spyware. Spyware programs which redirect network traffic cause greater technical-support problems than programs which merely display ads or monitor users' behavior, and so may attract institutional attention more readily.

Some users install a large hosts file which prevents the users computer from connecting to known spyware related web addresses. However, by connecting to the numeric IP address, rather than the domain name, spyware may bypass this sort of protection.

Spyware may get installed via certain shareware programs offered for download. Downloading programs only from reputable sources can provide some protection from this source of attack. Recently, CNet revamped its download directory: it has stated that it will only keep files that pass inspection by Ad-Aware and Spyware Doctor.

Notable programs distributed with spyware

Messenger Plus! (only if you agree to install their "sponsor" program)
Bonzi Buddy ^[21]
DivX (except for the paid version, and the "standard" version without the encoder). DivX announced removal of GAIN software from version 5.2. ^[22]
Dope Wars ^[23]
ErrorGuard ^[24]
FlashGet (free version) ^[25]
Grokster ^[26]
Kazaa ^[27]
Morpheus ^[28]
RadLight ^[29]
WeatherBug ^[30]
EDonkey2000 ^[28]

Sony's Extended Copy Protection involved the installation of spyware from audio compact discs through autorun. This practice sparked considerable controversy when it was discovered.

Notable programs formerly distributed with spyware

AOL Instant Messenger ^[31] (AOL Instant Messenger still packages Viewpoint Media Player)
EDonkey2000 ^[28]
LimeWire (all free Windows versions up to 3.9.3) ^[28]
WildTangent ^[31]

Spyware 1 - Introduction >>>

References and Notes

^ a b Wienbar, Sharon. "The Spyware Inferno". News.com. August 13, 2004. ^ "Spyware Certification". International Charter. Retrieved July 10, 2005. ^ "AOL/NCSA Online Safety Study". America Online & The National Cyber Security Alliance. October 2004. ^ Spyware Info and Facts that All Internet Users Must Know ^ Bonzi.com. http://www.bonzi.com/bonzibuddy/bonzimail.asp. Retrieved July 10, 2005. ^ "Security Response: W32.Spybot.Worm". Symantec.com. Retrieved July 10, 2005. ^ The Effect of 180solutions on Affiliate Commissions and Merchants ^ Ecker, Clint (2005). Massive spyware-based identity theft ring uncovered. August 5, 2005. ^ "Massive identity theft ring" at Sunbelt ^ "Identity Theft? What to do?" at SunBelt ^ (link to nytimes, but only subscribers can access) ^ a b c "Parasite information database". Doxdesk.com. Retrieved July 10, 2005. ^ "State Sues Major "Spyware" Distributor". Office of New York State Attorney General. April 28, 2005. ^ Gormley, Michael. "Intermix Media Inc. says it is settling spyware lawsuit with N.Y. attorney general". Yahoo! News. June 15, 2005. ^ Gormley, Michael. "Major advertisers caught in spyware net". Business Week. June 24, 2005. ^ Festa, Paul. "See you later, anti-Gators?". News.com. October 22, 2003. ^ Roberts, Paul F. "Spyware-Removal Program Tagged as a Trap". eWeek. May 26, 2005. ^ Howes, Eric L. "The Spyware Warrior List of Rogue/Suspect Anti-Spyware Products & Web Sites". Retrieved July 10, 2005. ^ Antispyware Company Sued Under Spyware Law ^ Schuster, Steve. "Blocking Marketscore: Why Cornell Did It". Cornell University, Office of Information Technologies. March 31, 2005. ^ "Symantec Security Response - Adware.Bonzi". Symantec. Retrieved July 27, 2005. ^ "How Did I Get Gator?". PC Pitstop. Retrieved July 27, 2005. ^ Edelman, Ben (2005). "Claria's Misleading Installation Methods - Dope Wars". Retrieved July 27, 2005 ^ "eTrust Spyware Encyclopedia - ErrorGuard". Computer Associates. Retrieved July 27, 2005. ^ "eTrust Spyware Encyclopedia - FlashGet". Computer Associates. Retrieved July 27, 2005 ^ Edelman, Ben (2004). "Grokster and Claria Take Licenses to New Lows, and Congress Lets Them Do It". Retrieved July 27, 2005 ^ Edelman, Ben (2004). "Claria License Agreement Is Fifty Six Pages Long". Retrieved July 27, 2005. ^ a b c d Edelman, Ben (2005). "Comparison of Unwanted Software Installed by P2P Programs". Retrieved July 27, 2005. ^ "eTrust Spyware Encyclopedia - Radlight 3 PRO". Computer Associates. Retrieved July 27, 2005 ^ "doxdesk.com: database: WeatherBug". Doxdesk.com. Retrieved July 27, 2005. ^ a b "WildTangent". Sunbelt Software. Retrieved July 27, 2005.

Wiki Source

Comments

Awaiting your comments

Have Your Say

Text and images from Wikipedia, the free encyclopaedia. under the GNU Free Documentation License - Disclaimers Please verify all information from other sources as no liability can be accepted for the accuracy of this page.Published by Y2U.co.uk