|
|
Spyware – continued
Overview
In the previous part we talked about what forms of spyware exist and how spyware can be
contracted. Now we'll talk about how to prevent spyware from entering our systems and in
cases where it has already sneaked onto the PC detail what should be done to remove it.
Throughout the material we'll discuss what settings can be tweaked in order to increase
the overall spyware protection of a computer, plus briefly touch upon the use of dedicated
spyware-neutralizing software.
Symptoms of an infection
There are several symptoms of possible spyware activity on a computer. Your computer start
up time may have increased significantly, it may appear to run more slowly or you can see
network traffic even with all programs closed (this last one is the most reliable indicator,
though software updates – notably Windows Update – can also be responsible). The modification
of your browser's default startup page, search page hijacking, numerous pop-up windows with
unrelated content appearing, unsolicited new toolbars, unknown browser Favorites entries and
extra desktop icons all suggest that spyware or adware is the likely culprit.
Spyware Removal
A free utility like
Process Explorer
will help spot suspicious programs on your computer and give you a hint whether spyware is indeed present on your PC.
Unfortunately, spyware makers go to great lengths to prevent their products from being removed
(even blocking access to major security websites) and further steps may be needed to completely
clean your system. In such cases, it is recommended to download (but don't run yet!) a copy of
HijackThis!.
Tutorial at
bleepingcomputer.com.
In the worst case (where a rootkit is used to modify Windows itself to hide the spyware) it may
be necessary to reformat and reinstall Windows – this should be a last resort since it will result
in the loss of all data on the system – but you did back up – didn't you?
Finally, if a keylogger (a program that monitors keys typed in order to find passwords) was
reported by any of the previous programs then contact any sites where you have password access –
especially online banking sites – to inform them that your account may have
been compromised. This needs to be done swiftly to avoid possible financial loss (banks may refuse
to compensate you for fraud if spyware on your system was responsible).
Heightening security
An insecure web browser is the most likely avenue for spyware infection. Visiting a spyware-distributing web site
with one can automatically trigger a spyware install.
Internet Explorer users should, at a minimum, set their browser security level to Medium and then
turn "Run ActiveX controls and plug-ins" setting in IE to "Prompt" in order to prevent the automatic
execution of webpage content that may try to install spyware. This modification may cause numerous confirmation windows
popping up on websites using ActiveX – to alleviate this IE users can use a filter to
Block ActiveX by default. Where a site you trust requires ActiveX to function, an exclusion entry can be created to
permit this that site. Many people are adopting other browsers as a means to bolster overall system security and to
protect themselves from spyware.
It is also important to take basic security precautions when browsing the Net: you should never download and, most
importantly, execute files obtained from doubtful sources – especially file-sharing networks, Internet Relay Chat,
Usenet or some torrent websites. When visiting unknown or suspicious sites, adjust browser security setting to maximum.
Spam is one popular method of inciting people to visit a malware website. Be extremely cautious about emails and never
use Internet Explorer to investigate any links.
Spyware defense using specialized software
Prevention is better than cure with spyware. If spyware is installed on the system, it is extremely hard to
manually remove it, so it is best to ensure that spyware-detection and removal software is always present on a
PC (anti-virus software will in many cases detect general malware when it enters your system, but tends to perform
less well in cleaning existing infections). A firewall and an antispyware scanner can provide sufficient protection
against infection. A properly configured firewall will detect (and allow you to block) any attempts by spyware
to communicate over the Internet (it will still need to be removed, but the most serious damage is done by spyware
that successfully sends private information to its distributor), while a good antispyware program will detect spyware
in memory or on disk and remove it.
-
Ad-Aware SE Plus
is an anti-spyware software designed to address the menace of malicious software.
-
vipre is a powerful anti-spyware tool that detects, deletes and protects your personal computer
from a broad range of malicious software. Vipre is not free.
Conclusion
Spyware is a dangerous, escalating and increasingly complex problem that should be fought on multiple fronts. One
of them entails correctly setting up system security settings and the other one depends on the right choice of
security software.
|
Vanish.Org |
Copyright © 2006 |
All rights reserved
|
|
|
