Demystifying Spyware/Malware :: Demystifying Spyware/Malware Security Series - Part 2

Demystifying Spyware/Malware

Overview

In this part of the series we'll give a good tug to that shroud of mystery that seems to surround the word spyware and to a lesser degree it's first cousin adware. Quite possibly these terms invoke a sense of being some sinister, mysterious force that leaks into your computer from the dark side of the world of the Internet because the terms:

1. Tend to be used in a vague manner by the media and the public in general perhaps because they do cover such a range of obnoxious programs that mysteriously (or so it seems) just show up.
2. While WHAT they do can be mostly grouped into several fairly definite categories the HOW they accomplish these ends is more wide and varied.

As a starting point lets refer back to our brief definition in part one where we introduced and briefly defined some of the major players in the world of malicious software. There I noted that the words adware and spyware have in the past often been used interchangeably and recent trends seem to see the word adware fading from use and being replaced by the term spyware. Using the definitions that are generally accepted we have:

• Adware: Any type of software that after having infected a computer causes various advertisements, usually in the form of pop-ups, to appear on the infected computer.
• Spyware: Acts in a similar matter but more importantly typically includes taking some degree of control of the infected computer such as changing default web pages for browsers, tracking user surfing habits and reporting that information to others usually without the consent of the computer owner/user and other clandestine breaches of privacy.

Historically software of this type came into the world of the Internet around 1998-99 and reached epidemic proportions by the latter half of 2004 with the terms having intermingled along the way. For simplicity we're going to use the term spyware to refer to all software of this class being any software that causes advertisements to appear on your computer or monitors and reports in any way your use of the Internet. Moving on most folks are more interested in the next question!

How Did It Get on My Computer?

An understandable question and one I've heard a lot. The hard part in answering this question is the fact that there's a high possibility you have installed it yourself. Before you say "No Way" let me ask you if you've ever installed a free screen saver or downloaded some other free software? Do you have teenagers that use one of the free file and music sharing programs such as KaZaa? In fairness some of these packages have cleaned up their act so to speak and have either largely or completely removed the spyware components or are much more forthright in the disclosure. But not all by any means.

The issue here is that many of these packages DO disclose the presence of the "tag along" software that you are consenting to install on your computer in the EULA (End User License Agreement). The EULA of course is that usually long, somewhat unintelligible bit of legalese that virtually nobody reads that you have to agree to when installing software. Yep, that's where you didn't know you agreed to let those rascals put a good bit of software you really didn't want on your computer. And these are the good guys as they're at least disclosing the presence of the other software!

The Not So Nice Guys

But you say you've read the EULAs, never agreed to any that weren't clear and yet there's still spyware on your computer. This brings us to that even less savory bunch of Internet operators, who usually love to euphemistically refer to themselves as free marketers or similar nonsense, that simply don't feel any need to ask for your permission to install their software. Some view your computer to be roughly akin to your mailbox and thus susceptible to all the junk mail, or in this case junk programs, they wish to send. Some of the several means by which you end up with spyware on your system are:

1. The spyware is embedded, without being disclosed, within another usually free program such as a screen saver that you have installed.
2. You clicked on a pop up box that behind the scenes downloaded and installed the spyware or other malware on your system. This one of several methods often referred to as a "drive-by download."
3. You visited a web site that installed the software without any notice or consent. This is another instance of "drive-by download."
4. In the more malicious attacks, a web site that has either been intentionally crafted or has been compromised (hacked) is programmed to exploit known security flaws in the operating system and/or the web browser to be able to bypass normal security measures and force the installation of the spyware / malware. A recent example of this were the many web sites discovered that were exploiting the Microsoft Windows Meta File vulnerability to install malicious software. Some security purists claim that this scenario is the only true definition of a "drive-by download."

Now we've covered some of the more common ways that spyware gets on to your system the question always arises ...

How Do I Know if My Computer is Infected?

The short answer is the average user, outside of running one or more quality anti spyware programs, isn't likely to know for sure. But, there are a number of telling signs.

The computer seems to be running a bit slower than it was.

A computer that suddenly slows down noticeably is often one of the more telltale signs of a fair amount of spyware having installed itself on your system. Spyware, like any program, needs to share processor time and thus consumes machines cycles. A large amount of spyware correspondingly needs a larger amount of processor time and deprives your applications of a share with all programs slowing down proportionately.

Pop Ups Appear Like Madness

If your formerly docile, obedient system suddenly becomes the main attraction in pop up hech (for systems not evil enough to descend to the next level) it's a fair bet the spyware demon has come to call.

You Do a Search, Click a Choice and ...

A link to a site offering a similar product or service appears instead of the one you requested.

Your Web Browser Start Up (Home) Page is Changed

A number of spyware programs will change your browser start up page and attempt to redirect you to various web sites.

Your Web Browser (such as Internet Explorer) Has Toolbars You Didn't Install

Toolbars while commonly useful are also a common method used by spyware developers and promoters to sneak there rascally wares onto your system. The ISearch toolbar is a good example of a toolbar that installs software geared towards sending advertising messages (adware) to your computer. (Note: Protection against and removal of such items is covered below)

Spyware Removal - I Think My Computer is Infected with Spyware!

Honestly I would be more surprised if you didn't have at least some spyware on your system. Unless you're running one or more quality anti spyware products the odds are you do have some amount of unwanted software living on your system. In a nutshell the simplest solution in both time, money and avoided frustration is to get good anti spyware software on your machine.

Preventing Spyware Infection : Other Ways to Secure Your Machine

Anti Spyware Software : Install a Proven Package

As mentioned above regarding spyware removal the first step I always recommend in solving the spyware problem is to install a proven, ,known anti spyware package. It's important to note that a number of the software products available on the Internet that purport to be anti spyware software actually INSTALL spyware.

Web Browser : Install Mozilla Firefox as your primary web browser

With all the news coverage over the past year or so of all the security related problems with Microsoft's Internet Explorer there's a greatly increased of awareness of the alternatives for a web browser. One browser in particular, Mozilla Firefox, has been in the spotlight for its good performance and improved security which gives protection against the installation of spyware and other malware when browsing the web. Note we'll cover how design flaws in Internet Explorer are exploited by malware authors in a later section of this series, "Software Bugs and Exploits" so I'll leave that be until then.

In the interim you can help protect your machine from online exploits on the web by using Firefox as your main browser.

Firefox is a snap to install, requires NO configuration on your part and you can still use Internet Explorer if needed. There's no rule against having several web browsers installed. Just ask any professional web site developer. They usually have five or six of the big name browsers (Internet Explorer, Firefox, Netscape etc) installed to check how their sites look in the different ones.

I've been using earlier versions of what became the Firefox browser since around 2002, started using Firefox since it's earliest days in testing, am presently using version 2.0.0.14 and the truth is there are very few web sites that require using Internet Explorer. I should also mention that I'm on the web for hours every day researching items in my consulting work and have NO spyware problems. It's a potent combination for spyware prevention of running Firefox for your web browser and a good anti spyware product.

Here's what others have to say: (links open in new window)

1. Washington Post: "Firefox Moves Farther Ahead of the Hunt"
2. Forbes Magazine : "Ross' Firefox Turns Up Heat On Internet Explorer "

Learn more about Firefox

Internet Explorer : Tighten the Security Settings

While the default settings for more recent updates of Internet Explorer have improved from a security standpoint there's still much to be desired. There's a number of small tweaks one can easily do to make using Internet Explorer a more secure web browser. To re-iterate the previous point the single best thing you can do is use Firefox as your primary browser and only use Internet Explorer when absolutely necessary for the few web sites that require it.

Either way it's a good thing to tighten the security settings in Internet Explorer to make your computer more resistant to spyware and other malware infections. Here's a list of easy "must do's" to begin the process:

1. Set your browser security to High
2. Add Web sites you consider safe to your trusted sites list
3. Block pop-up windows in your browser

Note: Given the breadth of this topic and the need for specific details we're adding a separate set of pages on how to secure Internet Explorer.

Related Reading

Links to articles related to the issues of spyware and other malware. (All links open in a new browser window)

1. Information Week : "Another Fight To Wage"
2. Remove Spyware