This action might not be possible to undo. Are you sure you want to continue?
Beginners Guide: Spyware Protection and Removal
I spy with my little eye... IP 206.34.256.70 reading this page right now, so learn how to protect, and remove software that keeps tabs on you.
Dealing with the subject of "Spyware". If you've installed a peer-to-peer sharing program such as 'Kazaa Media Desktop' or 'Morpheus', or accidentally said yes to a 'Gator' pop-up, or gone on an excursion to some of the darker corners of the Internet, chances are your PC has developed an internet life of its own through one or more spyware applications. What is Spyware? While the actual definition of what constitutes Spyware is somewhat vague, there are a few distinguishing points that are generally agreed on. The most common definition of Spyware is a program that sends information from your computer to another destination on the Internet without your knowledge and without your explicit consent. The information can potentially include just about anything stored on, or accessible by your computer. In reality, most spyware programs limit themselves to sending specific types of demographic information, such as the URLs you visit on the Internet, IP and email addresses, or even something as mundane as a cookie. The potential of these kinds of programs is rather frightening though. On a modern Windows XP based computer, any program installed by a system administrator (that is, any of the users created during the install process, as well as the built in administrator account) has access to all files on the system. This allows all sorts of mischief to be committed with your implied permission. Permission really is at the heart of the issue when it comes to spyware, since to separate themselves from the makers of viruses and 'trojan horse' programs, creators of spyware need your okay to install their products on your system. Of course, standard operating procedure is to make this request as obscure as possible, so as to insure a large installed base of users. Some software uses a cerificate window request to attempt to gain your permission, as seen most famously with the Gator Corporation, whose ubiquitous ads are launched by any number of sponsored web-sites and software installation packages. If you click "ok" to the request, the Gator software will be installed on your computer. Others, as is commonly seen with spyware packages included along with common file sharing applications like Kazaa Media Desktop, use passages in the End User Licensing Agreement (EULA) to gain your acceptance. Since these legal agreements are rarely read by computer users and can be torturously worded, they are an easy vector for spyware to be installed as a component of a popular freeware programs. Once installed, spyware software can easily send any required information out to the Internet using the system's current connection. Such transactions occur in the background and are difficult to
notice or trace, since most firewall hardware and software, including Windows XP's built in firewall, does not interfere with information going out of the protected computer or network. Transmitting Information
The umbrella definition of spyware also includes other types of programs, such as software that will download specific advertising content constantly to your browser, regardless of where you happen to be on the Internet, software that hijacks your homepage to one of its own choosing, etc. The constant with all these forms of spyware is the element of consent. Legally, the manufacturers have obtained your consent to install their software on your computer and transmit information from it, and thus will claim (since most internet users have at least heard of the term spyware used negatively) that their product is not spyware. Their software was only installed after getting permission from the user, but it is unlikely that the majority of computer users hosting so-called spyware programs on their computer expect, approve, or are even aware that their computer may be transmitting information back to the manufacturer for its own use. Whether or not this lack of awareness should make a users' information fair game is not up to us to decide, but since entire businesses have been founded to exploit the tendencies of the average internet user, why not provide information that will help the idividual decide if they want to be surveyed or not? What's the point of Spyware? The major concern that keeps cropping up when spyware is discussed is privacy, certainly the number one issue with spyware as it is generally characterized in the media. While there are varieties of spyware (see our partial list of definitions below) that send little or no information out from your computer, the majority of spyware was created for customer demographic purposes, and as such, wants to know who you are, where you are going on the web, and what you like to buy when you go there. This information can then be sold or more likely just used to target you with customized advertising from the spyware creator's list of clients. As you have generally agreed to allow your information to be used this way when you allowed the program to install (and most likely bypassed the EULA, the End User License Agreement, as about 99% of computer users habitually do) you have no legal recourse to stop this data mining from taking place outside of uninstalling the offending program. It is doubtful that the majority of spyware users realize that their information is being gathered in this way, or even realize that the programs are installed at all in many cases. Indeed, the profits of manufacturers such as Gator corporation seem to be dependent on the unfortunate fact that the average computer user is not going to be aware of what these programs are intended to do, even when the information is presented to them (albeit in a confusing way). A secondary issue is the added difficulty some forms of spyware give to the already difficult task of introducing your children safely to the Internet. Granted, many school age kids are already more computer literate than their parents, but take for example the idea of a spyware 'browser hijacking' program installed on your computer due to an accidental click or incorrect security settings on your browser. Having Internet explorer
default to a pornographic "home page" each time it is opened, with no apparent way to change it back is most parents' idea of a nightmare. There are programs and websites out there that can make this happen. Also, varieties of spyware can degrade your Internet performance, connect to the Internet independently, and may even destabilize the computer.
Spyware Vs. Ad-supported software
As a society, we expect advertising. We are used to the idea that advertising provides a source of revenue for businesses that would otherwise find it difficult to charge for their service or content, keeping television, radio and the Internet available and mostly affordable for the average citizen. Ads have become an essential part of the Internet economy, and will likely stay that way for the foreseeable future. As such, it is important, at least for the health of some sections of the software industry, to make the distinction between spyware and ad-supported software. Again, as stated in the section above, there are no official or legal definitions of these types of software, but as a generally accepted guideline, ad-supported software can be defined as a freely available product that is funded by advertising. Of course, this means the entire Internet is essentially ad-supported software, but I digress… ad-supported software products will inform you prior to installation that advertising is part of the provided package, and that information may be transmitted from your computer to aid in targeting these adverts, allowing you to make an informed choice. Ad-supported software is a major source of revenue for many smaller software companies, and can provide consumers with economical alternatives to costly software. A good example of ad-supported software is the 'sponsored mode' of the popular Eudora mail client. Note the presence of advertising is clearly stated. Ad-supported software can be an excellent way for small companies to market their products provided they are upfront with their methods. The point at which spyware branches off from ad-supported software is when the software does not clearly state its intended purpose. Varieties of spyware Spyware is a blanket term that covers all kinds of generally unhelpful software, from tools that enable companies to deliver ads to you based on your surfing habits, to programs that attempt to hijack your browser settings, all the way to software designed to steal ad-revenue from legitimate online businesses by covering or replacing their adds. Here's a brief guide to some of the categories of nastiness that you may see. Adware: The most common form of spyware, these are programs which will observe your surfing habits, then report them to one or more servers on the Internet who will then tailor advertising content to your preferences and deliver it to your computer through pop-ups or other methods. Adware is generally bundled in with various freeware applications to help the producers defray the costs, or in some cases, bundled with software produced by the same company, where the license to use the software hinges on the users'
acceptance of the adware working in the background. Examples of adware applications include Gator and Doubleclick. Almost all major peer-to-peer file-sharing programs, such as Kazaa Media Desktop, contain adware. There is a fine line between adware and ad-supported software, and it's generally at the point where you decide the loss of privacy is worth the value of the product you are being offered. In many cases, the products are being marketed towards novice computer users, under the obvious assumption that they will not realize the functionality of the software can be found in other products without unnecessary adware bundled in. This possible exploitation of the unwary, and the idea that some companies involved do not necessarily reveal the extent of the information they are harvesting or the uses to which they intend to put it, tilts the scales. Be aware that using some of the methods detailed later on to block or remove adware can violate the license agreement of the programs it was included with. This is true in the case of the Gator Corporation's software such as Ewallet and Weatherscope, and also with Kazaa Media Desktop.
Varieties of spyware
"Browser hijackers": A very noticeable and annoying type of program that changes your browser homepage setting to one of its choosing, and generally includes a small executable file that will run on start up, ensuring that it keeps coming back. Technically this is not spyware, since it does not generally send any information out, but can be included under the same umbrella term. Browser Hijackers are typically Activex controls triggered by visiting a specific URL. Some notable hijackers from recent history are xupiter.com and lop.com (and no, we don't recommend you try those links out). "Scumware/thiefware": Another vague category, (named originally by affected webmasters, see www.scumware.com and www.thiefware.com ) containing the occasional forays made by adware providers into the more potentially lucrative territory of attempting to divert advertising revenue from other websites to themselves, using 'contextual advertising' among other methods. It hit a peak in 2001-2002, with webmasters decrying the existence of spyware bundled with popular applications like Kazaa, Limewire and Morpheus that could alter the ID tags attached to advertising on a website, redirecting and effectively stealing the commission. Widespread protest soon curbed this practice, as it did the Gator Corporation's attempt to redirect advertising revenue by placing its own popup adds directly over the banner ads on websites. Gator soon reverted to using non-strategically placed ads, and the major Peer to peer file-sharing companies removed or altered the offending software from their products. The current focus of webmasters' ire is companies who market client side 'contextual advertising' software. The idea of this is that the software, once installed, will superimpose its own hyperlinks on top of the text of any website you might be visiting, or place pop-up ad windows overlaying the site window, triggered by the content of the text or the URL you are visiting. The targets of these links or pop-ups will be companies that advertise through the makers of the software, of course. Essentially, the software is parasitically attaching its own advertising to websites and diluting the
advertising revenues they receive. Companies producing contextual advertising software include eZula Inc. (www.ezula.com), WhenU (www.whenu.com) and the Gator corporation (www.gator.com) What can you do about spyware? As you have probably realized by now, there are many different ways in which spyware can manifest itself on your computer. In many cases, it may not be at all obvious that your system and your privacy are being compromised. To safeguard yourself against unwanted software, first and foremost read the fine print. The majority of spyware applications attempt to install themselves either from security permission windows such as this one,
or as 'opt-out' components of the installation process of other software. 'Opt-out' meaning that the software will be installed by default, and you must specifically request during the install process that it not be added. Both can be easily avoided if you are diligent about reading screens and licenses before you click 'ok'.
Setting Activex Controls
Assuming you are using Windows XP and Internet Explorer, there are some browser settings that can be configured to ensure a safer surfing experience, primarily dealing with how activex controls are handled by your browser. Activex controls are essentially programs that can be run by Windows operating systems straight from a web page. These can include many things such as web forms, sound and graphics, but what we are primarily concerned about is installation programs. Many vendors, such as Gator Corporation, use Activex controls to enable the installation of their software from participating websites. By default, all Windows operating systems will prompt users for permission to install such applications, but it is possible to set your browser to bypass user permission and automatically run Activex controls. To avoid this:
From Internet Explorer, click 'tools' then 'internet options' and select the 'security' tab.
Select the 'custom level' button.
To begin with, ensure that 'download unsigned Active-X controls' and 'initialize and script Active-X controls not marked as safe' are disabled.
Spyware removal utilities
For increased security, set all other Active-X referencing options on this page to 'prompt' or even 'disable.' I would recommend 'prompt' to give you the maximum choice as you are surfing, though you may find the constant Active-X prompts annoying. Disabling them is unlikely to significantly affect your web experience. The most common vector for unwanted installation of spyware programs (besides clicking the 'ok' button without looking) is using low security or incorrect settings of these Active-X control buttons. If your internet security is set to the 'low' setting, or you have manually enabled 'download signed active-x controls,' spyware can be installed on your computer without any further prompt for permission. By enabling signed active-x controls to run, you have given consent for any software using a valid security certificate purchased from Verisign or obtained from another location, to run on your system. Always ensure that the signed active-x controls option is set to 'prompt'. Software like Gator is positively friendly next to some software that can end up installed due to this loophole. Another method of protecting your computer is to use the Windows update feature frequently, since Microsoft generally patches security holes quickly after they are exposed. Spyware removal utilities If you suspect that your computer has been infested with one or more varieties of spyware, the best thing to do first is to install and run one of the freely available spyware detection and removal tools. Since manual removal tends to be rather complicated and differs for each program, and there is no real centralized body of information for dealing with spyware as there is for Trojan horse and virus programs (www.sarc.com ), using the removal software is certainly the first option. Lavasoft's Ad-Aware is the most well known of these spyware removal tools. Now up to version 6, it works essentially like a virus checker, scanning locations on your computer for the signature files, registry entries and cookies (tracking files) of well-known spyware programs and websites/vendors. It is available both in a free personal edition and as a commercial package for businesses.
It is extremely easy to use, as it employs the familiar one-button scan, one button update mechanism seen in most popular anti-virus packages, and as such will feel familiar to most users. Ad-Aware will categorize files it finds during a scan, and recommend their removal. Ad-Aware is available here.
More removal utilities
Another excellent free tool for finding and removing spyware programs is "Spybot Search and Destroy" by PepiMK Software. Though slightly less user friendly than Ad-Aware, it scans for a greater range of possible threats by default (including some Windows security exploits) and also contains an 'immunization' feature. The immunization feature attempts to pre-block certain known spyware active-X installation routines from running in IE, and locks the HOSTS file and Internet Explorer settings to prevent them from being changed. Spybot S&D also provides a greater body of information about the threats that it locates on your computer than Ad-Aware, helping you make the decision to remove them or not. It uses an online signature update model similar to Ad-Aware, and is available here.
Ad-Aware and Spybot S&D complement each other well, and it is recommended that you use them both for maximum peace of mind. Be sure to update them frequently through the built in update features. Either can be set to schedule updates and spyware checks for specific times, so you can schedule a daily sweeping of your system for unwanted spyware. In addition to protecting yourself with spyware removal utilities, using a firewall that is capable of blocking information going out from your computer to the Internet is also a good idea. Various freely available software firewalls such as Zone Lab's Zonealarm are capable of this.
Other Resources to Turn to
To use Zonealarm as an example, the firewall monitors all attempts to access the Internet from inside the computer, and pops up a request for permission to access the Internet for each application.
Once you ok it, that particular application will be allowed access permanently. This is a great tool for making you aware of what is going on inside your computer. Zonealarm is available from www.zonealarm.com More resources: If you are having difficulties with some form of spyware but can't get it resolved through any of the suggested methods, there are several sites and forums that contain helpful information to aid you in ridding yourself of the pest.
• • • • •
CEXX Spyware forum: http://boards.cexx.org Forum members can be extremely helpful in aiding spyware victims. Spybot S&D support forum: (http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?s=42f3dc20d9ddc66e94cee1c47b86325a;act=SC;c=7) www.Spywareguide.com www.cexx.org/adware.htm www.spywareinfo.com
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.