Anonymity
Privacy
Security
vanish.org

SPYWARE - continued

Overview

In the previous part we talked about what forms of spyware exist and how spyware can be contracted. Now we’ll talk about how to prevent spyware from entering our systems and in cases where it has already sneaked onto the PC detail what should be done to remove it. Throughout the material we’ll discuss what settings can be tweaked in order to increase the overall spyware protection of a computer, plus briefly touch upon the use of dedicated spyware-neutralizing software.

Symptoms of an infection

There are several symptoms of possible spyware activity on a computer. Your computer start up time may have increased significantly, it may appear to run more slowly or you can see network traffic even with all programs closed (this last one is the most reliable indicator, though software updates – notably Windows Update – can also be responsible). The modification of your browser’s default startup page, search page hijacking, numerous pop-up windows with unrelated content appearing, unsolicited new toolbars, unknown browser Favorites entries and extra desktop icons all suggest that spyware or adware is the likely culprit.

Spyware Removal

A couple of free utilities like Process Explorer and Port Explorer will help spot suspicious programs on your computer and give you a hint whether spyware is indeed present on your PC.

Unfortunately, spyware makers go to great lengths to prevent their products from being removed (even blocking access to major security websites) and further steps may be needed to completely clean your system. In such cases, it is recommended to download (but don’t run yet!) a copy of HijackThis!, also available from numerous download mirrors including download.com and softpedia.com with a tutorial at bleepingcomputer.com. You may also visit one of the forums at techsupportforum.com or castlecops.com. Check the forum instructions about using HijackThis (not all accept HJT logs) and posting results and follow these to receive advice on what needs to be done. Be aware that HJT analysis does require time and skill so only post on one forum and do follow all instructions given.

In the worst case (where a rootkit is used to modify Windows itself to hide the spyware) it may be necessary to reformat and reinstall Windows – this should be a last resort since it will result in the loss of all data on the system but if this is the only option, then

  • make a copy of important data (documents, photos, passwords, software registration details)
  • make a copy of your security software
  • print out documentation on doing a fresh install (since you will be able to access the Internet with that PC until the process is finished) - for Windows XP, instructions can be found HERE
  • install and configure your security software
  • connect to the Internet and update Windows
  • my guide for this procedure is HERE

Finally, if a keylogger (a program that monitors keys typed in order to find passwords) was reported by any of the previous programs then contact any sites where you have password access – especially online banking and share-trading sites – to inform them that your account may have been compromised. This needs to be done swiftly to avoid possible financial loss (banks may refuse to compensate you for fraud if spyware on your system was responsible).

Heightening security

An insecure web browser is the most likely avenue for spyware infection. Visiting a spyware-distributing web site with one can automatically trigger a spyware install. Users of Windows XP should apply Service Pack 2 and then download all subsequent security fixes from Microsoft through Windows Update service to make sure they are not susceptible to numerous Windows security flaws (this also applies to other Windows versions). Internet Explorer users should, at a minimum, set their browser security level to Medium and then turn “Run ActiveX controls and plug-ins” setting in IE to “Prompt” in order to prevent the automatic execution of webpage content that may try to install spyware. This modification may cause numerous confirmation windows popping up on websites using ActiveX - to alleviate this IE users can use a filter (such as Outpost’s Active Content filter) to Block ActiveX by default. Where a site you trust requires ActiveX to function, an exclusion entry can be created to permit this that site.

Many people are adopting other browsers as a means to bolster overall system security and to protect themselves from spyware. These browsers sometimes won’t work with Microsoft services (like Windows Update, which demands the use of Internet Explorer and ActiveX) and IE-specific web pages, but for the majority of sites, they offer usability and performance enhancements over IE (commonly quoted ones being tabbed browsing, fast search engine access, more control of webpage display and better standards-compliance). The good thing with those browsers is that they are better equipped to resist spyware and get updated more often than Internet Explorer. Browsers such as Firefox and Opera are gaining popularity and both are free.

It is also important to take basic security precautions when browsing the Net: you should never download and, most importantly, execute files obtained from doubtful sources – especially file-sharing networks, Internet Relay Chat, Usenet or “warez” websites. When visiting unknown or suspicious sites, adjust browser security setting to maximum (i.e. “Restricted Sites” in IE). Spam is one popular method of inciting people to visit a malware website (one tactic has been to include a message about a high-value credit-card transaction that will be charged to you unless you click a link). Be extremely cautious about such emails – and never use Internet Explorer to investigate any links (since they are likely to use recently-discovered and therefore unfixed vulnerabilities in IE).

Spyware defense using specialized software

Prevention is better than cure with spyware. If spyware is installed on the system, it is extremely hard to manually remove it, so it is best to ensure that spyware-detection and removal software is always present on a PC (anti-virus software can in many cases detect general malware when it enters your system, but tends to perform less well in cleaning existing infections). A firewall and an antispyware scanner can provide sufficient protection against infection (especially if the firewall offering filtering of web pages, like Outpost’s Active Content plugin). A properly configured firewall will detect (and allow you to block) any attempts by spyware to communicate over the Internet (it will still need to be removed, but the most serious damage is done by spyware that successfully sends private information to its distributor), while a good antispyware program will detect spyware in memory or on disk and remove it.
  • Outpost Firewall combines the functionality of both these security products and under one hood can provide comprehensive protection against spyware.
  • Ad-Aware SE Plus [ Affiliate Link ] is an anti-spyware software designed to address the menace of malicious software. Adding the background-running Ad-Watch real-time monitor to the free Personal edition, Ad-Aware SE Plus is now capable of not only scanning the system after the fact but also preventing infection before it happens.
  • CounterSpy is a powerful anti-spyware tool that detects, deletes and protects your personal computer from a broad range of malicious software. CounterSpy has one of the best spyware database in the industry and the one of fastest scan times. CounterSpy also has sophisticated protection against recurring spyware threats that protects you in real-time.
  • Spyware Doctor has advanced technology designed specially for people, not experts. It is automatically configured out of the box to give you optimal protection with limited interaction so all you need to do is install it for immediate and ongoing protection.


Conclusion

Spyware is a dangerous, escalating and increasingly complex problem that should be fought on multiple fronts. One of them entails correctly setting up system security settings and the other one depends on the right choice of security software.

Source : Parts of this article originally appeared in Agnitum - Security Insight
Copyright © 2006, Agnitum

Vanish.Org Copyright © 2006 All rights reserved