- Category: January - February 2009
Do you feel your computer is getting slower or do you see more pop-up ads while surfing the internet? If yes, your PC is most probably infected by spyware! Spyware sneaks into your computers without your knowledge or consent in many different ways and it can be very tedious to get rid of it.
It’s shocking to read recent statistics claiming that approximately 95% of all PCs worldwide are infected with spyware and that around 80 new spyware programs emerge every week, which is double the number of new virus threats. These new releases of spyware are more advanced than most computer viruses and can harm computers tremendously.
Spyware is often unknowingly installed by Internet surfers, as these malicious applications are often bundled with software that is willingly download in bona fide to fix a computer problem or to speed up the system or simply together with desired music or games. There are even some programs that claim to remove spyware from the computer, when, in fact, it installs only more. Spyware can be disguised as software updates or use a similar trick to convince clicking on pop-up ads to start the spyware installation. Another common way to slip onto computers is through peer-to-peer file sharing programs or browser toolbars, such as Hotbar. Offering, for instance, to enhance browsing experience or allow internet search directly in the toolbar, spyware is secretly installed through "drive-by downloads" or by piggybacking on other applications. Once installed, these mean programs can actually capture keystrokes and send sensitive data to a third party or outside the company. It is able to track web surfing behavior, take advantage of Internet connections, and slows down computers systems and even causes complete system failures.
If you accidentally only visit one infected webpage your PC can get infected with the spyware. Such a page typically makes use of ActiveX controls and exploits weaknesses in Internet Explorer. Spyware can be spread through email programs as well, such as Microsoft Outlook and Outlook Express. If a message is encoded in HTML (instead of plain or rich text) the HTML document’s head can call a malicious script. The email doesn’t even have to be read to infect the system, sometimes just having the message displayed through Outlook’s preview pane is enough to cause the malicious script to execute. Fortunately, newer versions of Outlook allow the blocking of external HTML code.
No wonder then that Microsoft blames spyware for up to one-third of application crashes on Windows XP computers and estimates that more than half of all Windows operating system failures are caused by it. The fact is that spyware is a major threat for individuals and enterprises and the longer a network is unprotected, the more damage spyware can cause. In all intents and purposes it’s getting worse every day. So let me give you some insights into the spyware problem and some advices on how to fight it.
The mentioned methods in which spyware are spread are only one part of the problem, the other is the lack of reliable methods for detecting and removing this unwanted application. At least since last year, more spyware detection and removal capabilities have been built into anti virus programs and this is really good news, Although most people know that running any computer these days without a good anti-virus program would be cyber-suicide, only a few have realized that these programs tend to pay no attention at all to the numerous spyware that’s going around. In general, preventing a computer from spyware is a lot the same like protecting it from viruses or any other security risk. It includes regularly security updates, being careful with visiting web pages or clicking a link, being cautious with opening emails from people you don't know or attachments you don't trust, and being alert to any site offering to speed up your computer or improve your internet connection, especially when it’s for free. As an additional safety measure it’s also good to build layers of security into your network with firewalls and web proxies to block access to Web sites known to install spyware.
Anti-spyware programs can combat spyware in two ways: Real-time protection, which prevents spyware from being installed and the scanning and removal of spyware. Scanning and removal is usually simple. The program inspects the contents of the Windows registry, the operating system files, and installed programs, and removes files and entries which match a list of known spyware components. Real-time protection from spyware works identically to real-time anti-virus protection: the software scans incoming network data and disk files at download time, and blocks the activity of components known to represent spyware. In some cases, it may also intercept attempts to install start-up items or to modify browser settings. Early versions of anti-spyware programs have been mainly focused on scanning and removal. But as you will see, many programmers and commercial firms have released products designed to remove or block spyware. All claim to be the best, and the choice is yours. However, cleaning an infected PC can be relatively tricky and a number of anti-spyware applications have emerged to counteract the problem. Be cautious as some of them just install more spyware instead of removing them in the first place. But fortunately a few good and effective programs exist and two of the best anti-spyware programs are even free, which I will present you in more details besides some commercial ones. From the point of experts there is unfortunately still no product that provides comprehensive protection against these malicious threats.
The first very useful program I want to present you is Spybot Search & Destroy. Many experts consider is as the most effective anti-spyware program, provided by a small group of programmers on their web site for free. Their programmers will ask you to donate something for the service – and I think you should support them if you like the program - but it isn’t required. The program aims to remove all spyware it can find on your computer without any false positives. A false positive is when an anti-spyware program identifies a legitimate file as spyware when it shouldn't. Spybot Search & Destroy is easy to install, easy to use, easy to update, and most importantly, very effective. It eliminates spyware on your system and blocks it from coming back. The newest version also offers real-time protection by blocking spyware programs as they try to install themselves and is warning you if anything acts out of turn. The installation is straight forward and you can download Spybot Search & Destroy here (http://www.safer-networking.org/en/index.html). Every time you run it, make sure to get all available updates first (through the "search for updates" feature inside the program.) Then, use the immunize feature, which blocks known bad programs and finally, run a scan.
However, as good as this program is, experts recommend to install always at least one other anti-spyware program to be on the safe side. As there is still no anti-spyware software on the market that can clean everything a second program can mop up the rest of spyware from your PC which hasn’t been covered before. Therefore, I recommend you a second free anti-spyware software that received very good critics for their good scanning results. Lavasoft’s Ad Aware SE Personal Edition (www.lavasoftusa.com) is one of the few reliable anti-spyware programs. The program is focused on completeness and does a very through scan of your computer to remove all spyware. It risks having a few false positives to guarantee privacy, so make sure you check the list of files it identifies for false positives before deleting. Be assured that Ad Aware usually catches what was missed out by Spybot’s Search & Destroy. And to whom this is still not enough, or if you have to treat a very badly infected machine there are still many opportunity to use commercial anti spyware programs like for instance SpySweeper from Webroot, (http://www.webroot.com/products/spysweeper/) or Computer Associates’ Pest Patrol (http://www.pestpatrol.com/).
Other well-known anti-spyware programs are:
- HijackThis, which is not a scanner like the others, but more like a registry editor.
- Javacool Software's SpywareBlaster, which was one of the first to offer real-time protection, blocking the installation of ActiveX-based and other spyware programs. Spyware Blaster is more designed to prevent spyware than to remove it, which means that its program mainly changes Internet Explorer’s security settings to protect PC users from infecting themselves. Programs such as Ad-Aware and Windows AntiSpyware already combine the two approaches.
- Microsoft Anti-spyware works only on Windows 2000 and XP and provides real-time protection, auto-updating and automatic scheduling of scans. Currently only a Beta version exists which occasionally causes some connectivity issues, so back up your system before installing it.
- Major anti-virus firms such as Symantec, Sophos and McAfee have come later to the table, adding anti-spyware features to their existing anti-virus products. Early on, anti-virus firms expressed reluctance to add anti-spyware functions, citing lawsuits brought by spyware authors against the authors of web sites and programs which described their products as "spyware". However, their recent anti-virus product versions include anti-spyware functions, although treated differently from viruses. Symantec Anti-Virus, for instance, categorizes spyware programs as "extended threats" and does not offer real-time protection from them as it does for viruses.
If a computer is so badly infected that the infection does not seem to be removable by any anti-spyware program, you can try to solve the problem while working in Safe Mode. The idea is that when you boot Windows into Safe Mode, Windows is running under a minimum set of drivers and services, and you are also isolated from the Internet. The advantage of this method is that most of the time when anti spyware applications are able to detect an infection, but can’t clean it (or when the infection comes back immediately after cleaning it), it is usually because some spyware component is currently in the system’s memory. Most anti spyware programs focus primarily on the contents of the hard disk rather than the memory and spyware modules in memory consequently often go undetected. However, by booting the machine into Safe Mode, you can usually prevent spyware modules from loading while you try to clean the system. Keep in mind though that you must initially boot Windows normally so that you can download the latest updates to your anti spyware programs. Only then can you effectively boot into safe mode and begin the removal process. Hopefully, booting the machine into Safe Mode and running an anti spyware program will take care of the problem for you. Sometimes even this method fails though. There are some types of spyware that are so hard to get rid of that you will have to remove them manually, like browser hijackers.
Safeguard your privacy, data and know-how and start fighting all types of spyware!
By Daniela La Marca