Security Information

Everything You Need To Know About Spyware and Malware


You are at your computer, checking out software on EBay. The computer is really sluggish, and you are not running anything else. You click on a link, and BLAM you are redirected to a search page you've never heard of and the "back" button won't work.

You've got Spyware! Just what is "Spyware?" The word brings to mind exploding pens and shoe phones. In fact, software makers have struggled to define what spyware is, and is not.

The Anti-Spyware Coalition, a group of companies that include EarthLink, Microsoft, and Hewlett-Packard, have recently published a document that defines spyware as such: "Spyware impairs users control over material changes that affect their user experience, privacy or system security; use of their system resources, including what programs are installed on their computers; or collection, use and distribution of their personal or otherwise sensitive information"

In simpler terms, spyware "spies" the software on your computer, personal information, what web pages you look at, and in some cases, usernames and passwords. Ugh.

The first spyware distribution was in 1999, and is attributed to a popular freeware program called "Elf Bowling." Many users found to their dismay that this "harmless game," was sending information to the creators, Nsoft. This spawned the first anti-spyware program in the year 2000.

Now, both spyware and anti-spyware programs are too numerous to count.

There are several types of software that fall under the generic description of spyware. Let's look at a few, and what they do.

Adware - adware is an application that displays advertising banners. The reason this is criticized is that it can send information back to the company, who then "targets" you with specific banners based on the web pages you've opened. This is different from clicking on a banner for more information. This program sneaks in the "back door," not "advertising" its presence. Please note that the word "AdWare" is a trademark of AdWare Systems, an honest software company. They are not a part of adware, just share the unfortunate name.

Key loggers are just that. They collect the keystrokes you make, like logging into your bank account, and send it to the hacker. Now he has your account number, user name, and password.

Hijackers and Toolbars are another form of spyware. Hijackers take over your browser, opening pages you don't want, and preventing you from opening ones you need - like a site that tells you how to get rid of them. Toolbars are the same sort of thing. Now, you may want to have a toolbar like Yahoo or Google on your browser. They can make searches easier, and may have popup or ad blockers. The malware forms of these try to look like them, but they have completely different motives.

Malware is a generic term for "malicious" software. These programs don't just collect information; they are out to get your computer. Technically, these are not spyware, but a brief explanation seems to be in order. Malware spreads itself through the computer, changing files, making copies to send, even erasing the hard drive. Virus' and worms are a part of this group.

Other malware programs are "Trojan Horse, or Backdoor." These hide quietly in your computer until you connect to the internet. Then they creep around your browser, "reporting in" to the owner, who then uses your computer "address" to send out virus's, malware, and spam. Some hackers link several computers to send so much nonsense information to a particular web site that it is overwhelmed, causing it to shut down.

How does spyware end up on your computer? You're not going to like this . . . but most likely you loaded it on yourself! Wait! Before we get nasty letters, let us explain. Remember those "smileys" you downloaded last week? How about the cute cursor the nine year old picked? Most of these "free" programs have spyware attached, or imbedded in them. Even Adobe Reader loads a "Yahoo search bar" when you update the reader.

Remember when you installed the program and that gray box popped up with a thousand lines of small print? Did you read it? I doubt anyone does. The spyware distributor counts on that. If you do manage to slog through the legalese, and stuff only advanced programmers would know (or care about), there will be a few innocuous lines, something along the lines of: "this program will collect information to better your enjoyment of this program," or "a web search toolbar will be added to your browser." When you click on the "accept" button to install the software, you have also agreed to the spyware program.

Another way is when a box pops up claiming to be legitimate software needed to view the site properly, or that it is an update. It only has a "yes" button, implying that you are required to allow the download. These are copying legitimate updates from places like Microsoft, or Macromedia.

Just what is spyware going to do to your computer? Anything you can do, he can do better. It is an executable that can record keystrokes, read your files, watch your word processing program, change your home page, add and delete files, read your cookies (with personal info), then "phone home" with the info. Some spyware will crash your browser if you try to uninstall it. Others may "pretend" to be uninstalled, but they wait until your back is turned to load itself back on your system.

You don't know how the stuff was loaded on your computer, but it is causing all kinds of problems. The computer is running slower, certain programs are not working, and on occasion, you see the dreaded "blue screen of death." (crash). Don't worry, you are not alone According to an October 2004 study by America Online and the National Cyber-Security Alliance, 80% of surveyed users' computers had some form of spyware, with an average of 93 spyware components per computer. 89% of surveyed users with spyware reported that they did not know of its presence, and 95% reported that they had not given permission for it to be installed.

Now what do you do? There are several good "spyware removal" programs out there. But be warned! There are also a number of programs that claim to be anti-spyware that do not work, or worse add more spyware to your system! A good resource for "suspect" spyware is the list at:http://www.spywarewarrior.com/rogue_anti-spyware.htm They have a list of over 200 programs that claim to take care of spyware, but may not do what they claim.

Once you get your computer "clean," how do you avoid getting "dirty" again? There are firewalls and programs designed to watch for known spyware. When you register, the "known spyware" definitions can be updated on a regular basis.

You could use a browser other than Internet Explorer (most spyware exploits problems here). This writer loves Mozilla Firefox - it's free at www.mozilla.org

Our lawmakers are doing their best to stem the tide of spyware/malware. For example, in Washington State, USA, it is illegal for anyone other than the owner/operator of a computer to install software that alters web browser settings, monitors keystrokes, or disables computer security software.

The Gibson Research Corporation, www.grc.com, has several free fixes to "plug holes" in Internet Explorer's security.

There is hope. In 2005, NY Attorney General Eliot Spitzer brought suit against Intermix Media, Inc. Intermix's spyware program spread by drive-by download (loaded without permission), and installed itself in such a way it was very difficult to remove. Intermix settled for $7.5 million dollars.

Spyware is here to stay. Your best bet is to be informed - know the tricks used by spyware to load itself. Use a firewall or spyware blocker program. Most important, understand exactly what that new program will install on your innocent computer.

ABOUT THE AUTHOR:
Mike Christy is the owner of http://www.spywarecenter.info which is a free information site providing the latest Spyware news and instructions on how to remove Spyware from your computer.


MORE RESOURCES:




































































































home | site map
© 2006