User Friendly PC - Spyware Protection

Spyware Protection

Some call it spyware, others malware. Some of it goes by the names Trojan horses and some are referred to as backdoor programs. And let's not forget the adware. With all of these hidden dangers out there, it is hard to believe that we ever get anything done if connected to the internet. So what exactly are all of these wares and what should we do with them. Malware, short for malicious software, is software designed to infiltrate and damage a computer system without the owner's consent. Malware includes computer viruses, worms, Trojan horses, rootkits, spyware, dishonest adware, crimeware, rogue programs and other malicious unwanted software. The U.S. Federal Bureau of Investigation says these programs have raked in more than $150 million for scammers. To begin with, let's define some of these terms:

Virus - Computer viruses are small programs or scripts that can negatively affect your computer. These malicious programs can create files, move files, erase files, consume your computer's memory, and cause your computer to malfunction. Some viruses can duplicate themselves, attach themselves to programs, and travel across networks infecting other systems.
Worms - Computer worms tunnel through your computer's memory and hard drive. A worm is a self-replicating computer program, but does not alter any files on your machine. Worms cause havoc by multiplying so many times that they take up your computer's memory and hard drive space, slowing the computer, causing system crashes, and hampering the ability to save files. Worms replicate themselves and travel between systems without any user intervention causing harm to networks if only by consuming bandwidth.
Trojan Horses - A Trojan horse is non-self-replicating malware that appears to perform a desirable function for the user but instead facilitates unauthorized access to the user's computer system. Trojan horses are designed to allow a hacker remote access to a computer system. Once a Trojan horse has been installed on a computer system, it is possible for a hacker to access it remotely and perform various operations. Those operations are limited by user privileges on the computer system and the design of the Trojan horse.

Operations that have been performed by a hackers in the past: Use of the machine as part of a botnet to perform spamming or to perform Distributed Denial-of-service (DDoS) attacks, Data theft (e.g. passwords, credit card information, etc.), installation of software (including other malware), downloading or uploading of files, modification or deletion of files, keystroke logging, and viewing the user's screen to name just a few.

Trojan horses require interaction with a hacker to fulfill their purpose, though the hacker need not be the individual responsible for distributing the Trojan horse. It is possible for hackers to scan computers on a network using a port scanner in the hope of finding one with a Trojan horse installed, that the hacker can then use to control the target computer.
Rootkits - A rootkit is software that consists of one or more programs designed to obscure the fact that a system has been compromised. An attacker may use a rootkit to replace vital system executables. These may then be used to hide processes and files the attacker has installed, along with the presence of the rootkit. A rootkit is intended to seize control of the operating system. Typically, rootkits act to obscure their presence of standard operating system security scans such as anti-virus or anti-spyware scans. Techniques used to accomplish this can include concealing running processes from monitoring programs, or hiding files or system data from the operating system. Rootkits may also install a "back door" in a system by replacing the login mechanism (such as /bin/login) with an executable that accepts a secret login combination, which in turn, allows an attacker to gain access to the system.
Spyware - Spyware is software that "spies" on your computer. Spyware can capture information like Web browsing habits, e-mail messages, usernames and passwords, and credit card information all without the user's knowledge. Typically, spyware is secretly installed on the user's personal computer. Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users. This information is then transmitted to another person's computer over the Internet.
Adware - Adware is often free software supported by advertisements. Common adware programs are toolbars for your desktop or web browser. They include features like advanced searching of the Web or your hard drive and better organization of your bookmarks and shortcuts. Adware can also be programs such as games or utilities. They are free to use, but require you to watch ads as long as the programs are open. Since the ads often allow you to click to a Website, adware typically requires an active internet connection to run. Most adware is safe to use, but some can serve as spyware, gathering information about you from your hard drive, the Web sites you visit, or your keystrokes.
Crimeware - Crimeware is designed to perpetrate identity theft in order to access a computer user's online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts or completing unauthorized transactions that enrich the thief controlling the crimeware. Crimeware also often has the intent to export confidential or sensitive information from a network for financial exploitation. Crimeware represents a growing problem in network security as many malicious code threats seek to pilfer confidential information.

Cybercriminals use a variety of techniques to steal confidential data through crimeware including, installing key loggers to collect sensitive login and password information for online bank accounts, redirecting a user's web browser to a counterfeit website controlled by the thief even when the user types the website's proper domain name in the address bar, stealing passwords cached on a user's system, and crimeware can wait for the user to log into their account at a financial institution, then drain the account behind the scenes. Crimeware can even enable remote access into applications, allowing hackers to break into networks for malicious purposes.

Facts about Spyware

Now that we've defined some of the terms, what are some of the facts about spyware? Spyware by design is software with malicious intent. It is usually installed on computers without the consent or knowledge of the operator. Sometimes, it is bundled with other software and takes advantage of the fact that the majority of users click the, "I Agree" button without reading the terms. Spyware infects millions of computers every year with one purpose in mind. Steal your personal information and sell it to anyone willing to pay for it. This is accomplished by hijacking your computer and tracking your online activity thus enabling identity theft.

Spyware's activity ranges from annoying the user to malicious and even criminal activity. Some of the problems most commonly reported:

Uses up system resources, memory and network bandwidth slowing boot times, performance and network connections.
Conflict with other programs and system files causing system crashes.
Deletes, modifies, copies and disables files, folders, programs and key operating system components and services. This may also allow a hacker to hijack your system.
Installs and uses worms, Trojans and "back doors" to open systems to further malicious actions.
Use your computer to send spam. It is believed that most spam is sent by home computers that have been infected with "spam Trojans" which were installed by spyware or worms. In some cases this may lead to your Internet connection being blocked if your ISP (Internet provider) traces instances of spam to you.
Hide the presence of other malware and protect it when you try and remove it. Upon restarting the computer, the malware is then reinstalled.
Install "keyloggers" that record everything you type into the computer. This is then used to steal your passwords, credit card and banking information along with other personal identifying data to then steal your identity.
Monitor your web surfing habits and record the web pages you visit. All of this data is then sold to companies for marketing or other criminals.
Collect your email address and target you with spam and pop-up ads even if pop-up ads are disabled in your web browser.
Hijack your web browser, change your home page, add favorites or bookmarks and redirect you to other web sites without your permission.
Most computers connected to the internet have or will be infected with spyware.
There is no software that provides a complete solution to the spyware problem. Often the user needs to have 2 or 3 different programs but beware!
Some spyware removal programs install spyware. Why? In order to hide their own spying software. You install anti-spyware software to protect yourself against spyware. The bogus anti-spyware program sweeps your PC for all spyware except its own secret list of allowed spy software. You think it's doing a great job and feel secure in using your PC when all the while secret spy software is sending out spam or monitoring your use looking for personal details. Wikipedia keeps a list of bogus spyware removal software here. There are other sites as well however we found a lot of them to be outdated. Unfortunately, there is so many rogue programs out there with many new ones popping up all the time that it is difficult to keep track of them all.
Many computer users re-install everything in an attempt to rid the system of spyware. While this will do the trick, there is no guard against re-infection which can occur the moment you re-connect to the internet.

Spyware's ability to do these things is a real security threat to your PC at home and work. It can lead to data loss, damage legitimate software, slow network performance, reduce productivity and if that is not enough, steal your identity.

How Did This Spyware Get On My Computer?

Spyware often hides inside of other programs installers. Many free programs like file sharing programs, screensavers, games and the like install some form of spyware. Sometimes, even spyware is contained in cheap store bought software. They may or may not tell you but if they do, it will be in the license agreement. After all, how many of us actually read the license agreements?

You've heard of a drive-by shooting? Some spyware is installed by a "drive-by download". That is, it is installed without your knowledge when you click on a link or visit certain web sites. Links to watch out for are advertising links from disreputable web sites or those that claim you have won something.

An email or website may require you to download something. For instance, to view a video or presentation of some sort, you need to download a special viewer or codec file. Computers are often infected by accessing porn sites, using peer-to-peer and bittorrent applications, downloading and installing pirated software and mistakenly installing rogue programs.

It may pretend to be something you need or want such as a free virus scanner (See SecurityTool) but be very careful as it can create havoc and cost you hours of productivity and even render your computer useless. Even if the website keeps pestering you to download the file, don't do it.

So What Do We Do About Spyware?

Don't download free programs, games, screen savers, etc unless it is from a reputable site. If you do want to try out new software, there is a nice program out there called Returnil System Safe. What is Returnil? Returnil turns your computer into a virtual system. Returnil System Safe uses a powerful combination of anti-virus, anti-malware and a virtual system to protect your computer from all types of viruses and unwanted system changes. While mainstream vendors continue to fight a losing battle against malware, Returnil has taken a completely different approach to security.

Returnil System Safe clones (copies) your operating system and creates a virtual environment in your PC. Instead of loading the native operating system, a clone is loaded that allows you to run your applications and perform your online activities in an entirely isolated environment. In this manner, your actual operating system is never affected by viruses, Trojans, malware and other security threats. To return to the actual operating system environment, you just need to restart your PC. After restart, the system will be restored to its original state, as if nothing ever happened. Remember however that if you decide the program is malware free and you want to install it permanently, after rebooting, you will need to reinstall it again, this time wieh Returnil disabled.

There is a free version of this program though the pro version is reasonably priced for the protection and added functionality you get. We at User Friendly PC have tested this program and found it to be extremely useful and it does everything it claims. We intentionally infected a machine, verified it was infected and upon reboot, there was no trace of the infection.

Don't click on ads, offers, pop-up security warnings or any alerts on web pages. If you use Firefox or Internet Explorer, we recommend installing award winning WOT (Web OF Trust). This is a free program that does a good job of steering the user away from dangerous web sites though it may not catch them all, especially new ones.

Before installing any software, search online to see if it contains spyware. Also, use trusted anti-spyware programs. There are many quality programs for this that are free.

Beware of closing a pop-up window with the "X" in the upper right-hand corner. Some pop-ups will add this as a part of the image and clicking on it will enable the spyware to start downloading. If you mouse over the red x and it changes, it is usually safe to click on it. Other methods would be to right click on the taskbar button for that application window and close it that way. There may be times when there is not an extra taskbar button in which case you may have to close and re-open the browser. If you can't close the browser, you can right click on the taskbar and choose "Task Manager" or hit the "Control-Alt-Delete" keys at the same time which will bring up a "Windows Security" window and then choose "Task Manager".

Recommended Anti-Spyware Programs

There are lots of anti-spyware programs out there and many with past awards but how to we pick the best one? The best answer is not to pick just one. Remember, there is no software that provides a complete solution to the spyware problem. First off, learn and practice the advice given above. Research the internet often for recommended spyware. In lieu of that here is what we recommend for the current moment in November 2009. We use and recommend Malwarebytes Anti-Malware, Ad-Aware Free Anti-Malware, and Spybot - Search & Destroy. The best news is that all three of these have free versions. These are all tried and trusted anti-spyware programs that have been around for awhile. All three programs have won awards and the latter two have been around since about the beginning of spyware. All three do a great job.

Back To The Top