Spyware

 

"Spyware" is such an interesting term. I wonder what it makes you think of? James Bond perhaps, something "Q" would dream up maybe? The reality is much less glamorous than something Q would suggest 007 has in his wardrobe.

Spyware - what is it?

Spyware is a generic term to describe software that is installed on your computer without your full knowledge, consent and understanding, and that really serves the interests of commercial or criminal parties rather than yours.

The term "Spyware" is actually a catch-all type of term. The name suggests that it is software which spies. This is true for some spyware but not all. Some people have suggested we use other terms such as "junkware", "malware", "adware" or even "crapware". However the name Spyware has stuck so we should stick with it too.

The behaviour of spyware varies, but the following are the main types of activities:

• Causing unsolicited pop-up windows to appear (which may sound innocent but is very annoying and if it causes 50 or more to appear in a few seconds then it will stop you doing anything else)
• Monitoring your web browsing activity to allow marketing organisations to better work out what adverts to display in subsequent web pages
• Re-routing the URL you typed or clicked on to another site or an intermediate site to deceive you
• Stealing personal information such as bank account numbers, passwords etc.

I think it's horrible and hate it with a passion!

Spyware Infection - How does it get onto my computer?

Spyware can be installed on your computer in a number of ways, but all of them involve surfing the net, perhaps agreeing to download one item of software not realising that the download included other less desirable items. Some spyware simply installs itself using some "open doors" on your browser.

Examples of software which is known for bringing spyware with it or at least opening a door to it are:

• Bonzi Buddy
• CoolWebSearch
• DivXPro
• Kazaa and other peer to peer (P2P) file sharing network
• Go!Zilla
• MessengerPlus! (This software itself isn't spyware but does packaged with spyware - if you use it ensure you choose not to install the "optional software" and you should be OK.)

Read the Small Print

Note in most cases there will be an end-user agreement which you will have clicked or agreed to at some point which allows the organisations behind some of this software to gather your information or monitor what you're doing. It may even contain clauses which say you may not un-install the software except via the official uninstaller (which is not provided)!

As an example, here is a partial extract from the licence agreement on the DivXPro free trial download:

BANNERS: This software will download product banners and/or similar marketing devices from our servers and display them within the software GUI. A message will be sent to our servers indicating that a banner or similar marketing device has been served. No personal information will be communicated to DivX, Inc. or its affiliates during this process.

SOFTWARE INSTALLATION: Components bundled with our software may report to Licensor and/or its affiliates the installation status of certain marketing offers, such as toolbars, and also generalized installation information, such as language preference and operating system version, to assist Licensor in its product development. No personal information will be communicated to DivX, Inc. or its affiliates during this process. Licensor may in the future offer additional components (such as a toolbar) through our version checking/update system.

Now it's your choice, but the licence agreement is clear - just make sure you read it!

Some companies behind such software have started taking legal action against the makers of anti-spyware software which labels their software as spyware an uninstalls it. This is a tricky area, hopefully the courts will eventually make some rulings which can be used against this type of activity.

Drive-By Downloads

A Drive-By Download is where a dialog box of some sort is popped to your screen when you visit a web site or as you try to leave it. Be very wary of any box like this.

Many are innocent enough - just asking for a name and email address in return for a free report or such like - these are what they appear to be and you should just decide whether you want the free report or not. If not, close the window using the "X" or other mechanism provided.

Others though require more careful handing. Sometimes these boxes are offering to provide some service such as syncing your PC time, installing some software to protect your computer (!) or fix some problem which has supposedly been detected. Sometimes they can be menacing - click this or else... Now you must be on your guard. If there is an "X" available on the top right of the dialog box use that to close it. If it doesn't go away or if that option isn't available, read the dialog carefully. Typically you must select "Yes" or "No" but it will not be immediately obvious which is the correct choice not to install whatever it is being offered - they are trying to trick you into agreeing by mistake.

Spyware Protection  - How to Protect Against Spyware?

Three things to do:

• Have your configuration set so that your computer tends to resist spyware
• Inoculate your computer by installing spyware resisting software
• Regularly scan you computer with Anti-Spyware software

These topics are all discussed on this page.

Configuration Options

First things first, if you are running Windows XP then get the Service Pack 2 (SP2) upgrade installed. See the Windows Update page for details on how to do that. SP2 contains a number of useful enhancements including a popup blocker and privacy & security improvements.

Second you can alter the settings in your browser to be more restrictive on what web sites can and can't do. Assuming you're using Internet Explorer,  use the following steps:

1. Go to the Tools Menu and click "Internet Options". The Internet Options dialog box should open.
2. Select the "Security" tab.
3. On the window which is now displayed you see the various web zones shown at the top, (Internet, Local Intranet, Trusted Sites and Restricted Sites). Internet should be selected automatically but if not select it.
4. In the lower part of the screen is a section called "Security level for this zone". In this area there will be a vertical slider displayed and a button "Custom Level...". If not click on the "Default Level" button and the window should to be as described. This slider allows you to set the general level of security. The recommended level is "Medium". If it is set to Low or Medium-Low then reset it to Medium.  See the picture below.

You could also try setting the security level to "High", but if you do then a number of web sites won't work correctly. If you choose this route then when you encounter a web site you'd like to use you must add it to your Trusted Sites list. To do that, when you have the website displayed, copy the URL (the entry in the Address bar that begins "http"). Then go back to the Security tab on Internet Options (as above), click on the "Trusted Sites" icon (green circle with a tick), click the "Sites" button and paste the URL into the "Add the web site to the zone" box and click "Add".

 

Inoculate your computer against spyware!

Yes, I know it sounds odd but really it's quite a simple thing and no needles are involved at all. We are basically adding to our computer's ability to resist spyware by setting it in advance to block known sources of spyware. There are a few ways to do this but the way I'm going to recommend involves downloading a free product called SpywareBlaster from Javacool Software. To install, click on this link and follow the instructions. (When you are given a choice of download sites, I suggest using Download.com as it is less confusing to use.)

SpywareBlaster's user interface is a little funky but I'm sure you can figure it out. Remember to keep it updated, either by purchasing their Autoupdate facility or by manually checking for updates, say once a week.

 

Install & Run Spyware Detection

The final step is to install and run one or more of the spyware remover programs which will detect spyware and then remove it. You will probably be surprised when you first run one of these programs to find your computer is already infected. (Ugh!). The good news is that there are a wide choice of anti-spyware programs to choose from, the bad news is that none of them detects all spyware and that there are a number of them on the market which are just out to make money from you - they offer free scans and then "find" spyware when none is to be found! i.e. they lie in order to get you to buy product.

So how do we know a good one? We go to a reputable source who has nothing to gain from mis-leading us and see what they have to say. I  recommend the articles by Eric L. Howes for this. Eric did some work to compare all the main players in this market, to see which ones really worked well, which ones were OK and which ones were out to rip people off. He also found that a number of brands were nothing short of copies of some of the others with slightly amended screens. Not a pretty story, if you want you can read it here. The links for Rogue software are one that page. (If you'd like to read even more material, try Wikipedia.org.)

Recommended Spyware Blockers

We recommend using two spyware detector programs for the simple reason there is no single program which does it all.

Our first one is Spybot Search and Destroy. This is a great piece of software which comes with a number of added value features - in particular I like the fact that it locks the "hosts" file to prevent it being updated by malicious software. Spybot is free but you are asked to make a donation. When you install it you will be taken through a few steps, update, backup registry and so forth. One step I will mention is that you are asked whether you want to run "Tea Timer". For novice users I suggest you do not choose to run Tea Timer; I think it's a confusing to run if you don't understand what it's trying to do.

For the second one to install there is a choice. Go with either:

• Microsoft Windows Defender  (free)
   
• Or, CounterSpy from Sunbelt-Software - $19.95  (free trial download)

These two programs share an original code base in something called Giant Anti-Spyware - an excellent program which is no longer available. Sunbelt Software bought a copy of that code just before Microsoft bought the company and used it to create Windows Defender. The feedback I'm reading is that both companies have continued to develop the software but Sunbelt have done the better job. The good news is you can try CounterSpy for free to decide if you wish to pay to continue using it.

Timing of Scans

One of the things you soon realise is that running these scans takes quite some time, and while they're running the rest of your computer feels like its moving through treacle. Therefore you want to run these scans when you don't need to use the computer for anything else. You could run them at night if you don't mind leaving the machine on, or perhaps just sometime when you'd rather watch the TV than surf the web, but however you choose to organise it, you should aim to run scans about once a week. This is the sort of area which you have to put in the initial effort to get set-up but which shouldn't require too much effort after that beyond downloading the latest updates and kicking off a scan.