Articles.DirectoryM
Anti-Spyware Products

Spyware is a malicious program installed on a computer without the user's consent. It attempts to prevent you removing it, and it monitors how you use your computer. It will try and stay on your system for as long as possible.

This Prayer Can Change Your Life

About Spyware
Viruses can cause enormous damage to your computer system. Yet although viruses may cause a lot of inconvenience, in many ways spyware poses an even greater threat. These malicious programs can be used to invade your privacy, plunder your bank account and help others steal your identity. Even if the worst doesn't happen your PC's performance will be compromised, with webpages taking forever to load and the desktop cluttered with pop-ups.

You can't afford to leave your system unprotected. But as well as effective anti-spyware software, you also need to know exactly what spyware is and how it works to ensure that you don't become a victim.

KNOW YOUR ENEMY

Spyware is a malicious program installed on a computer without the user's consent. It attempts to prevent you removing it, and it monitors how you use your computer. It will try and stay on your system for as long as possible. Spyware doesn't want you to get rid of it.

Adware programs are typically classed as spyware. However, freeware and shareware programs can use adware legitimately, if you know you are agreeing to allow it when you install the program. Adware delivers adverts to the user, usually in the form of pop-up windows. If adware is installed without the user knowing, it is considered spyware.

Because a spyware program sometimes uses techniques employed by viruses and other nasty files, anti-virus programs may detect it. However, they won't give you full protection. So, the first step in protecting yourself against spyware is to get a good anti-spyware program. You'll find all the main packages tested in our Labs test on page 122.

WHO ARE THE CULPRITS?

Many people have been blamed for spyware. At one end of the scale are companies, largely in the marketing industry, that use programs that the user agrees to install, to monitor web behaviour. These aren't generally spyware, but sometimes these companies overstep the line, as happened last year when Intermix Media was fined $7.5 million (around £4m) by New York Attorney General Eliot Spitzer for installing spyware via users' browsers without their consent.

At the other end of the scale are the organised criminals. According to APACS, the UK payment association, fraud losses through internet banking last year trebled in 12 months to £14.5m. A large proportion of that fraud is down to spyware stealing login information and other personal details. Last year, Sunbelt Software researchers discovered that CoolWebSearch, a notorious and widespread spyware program, was using a keylogger to record personal data. It sent the transcript files to a remote server. A keylogger is a tool used to record the keystrokes you make. Its original, benign, purpose was to aid software developers. These simple programs are now widely available on the internet and often used in less savoury programs such as spyware.

In the past few years, police and software companies have been cracking down on this practice. In the US, the owner of Smartbot.Net was fined over $4 million (around £2.2m) by the Federal Trade Commission for installing spyware through improperly patched browsers. A custodial sentence is also an option, as Kenneth Kwak, an IT worker at the US Department of Education, found out when he was given five months for installing a keylogger on his boss's computer.

But for everyone sent to jail there are more spyware writers waiting in the wings, and the routes to infection are becoming more devious.

MEANS OF TRANSMISSION

In the early days of spyware, the most common way the programs would get on your PC was by enticing you to install them yourself. Then spyware designers began to write malicious programs that could lurk on webpages, and the internet is now awash with them. The code gets on your computer via your browser, usually because the browser has known security flaws that can be exploited or because the security settings are applied incorrectly.

Most spyware is aimed at Microsoft's Internet Explorer browser. Whether this is down to lax security in Microsoft's coding or the fact that it has over 80 per cent of the market is a matter of heated debate. It is also becoming less relevant, as an increasing amount of spyware aimed at Mozilla, Safari and Opera browsers is surfacing.

By far the best way to protect yourself from a browser attack is by adjusting the security settings within your browser, which we'll explain later, and backing this up by installing anti-spyware software. If you're worried about cookies, Internet Explorer 6 allows you to look at a site's privacy report to see what data is being collected (go to the View menu and select Privacy Report).

BEWARE HITCHHIKERS

Peer-to-peer file-sharing networks are often used by makers of spyware to spread their programs. Typically, they disguise their spyware as popular downloads on such networks. Increasing amounts of spyware are being spammed on peer-to-peer networks under the guise of music, video and games. When they are downloaded and run, the spyware is activated.

Some sites are quite upfront about including adware with their programs. In these cases it is a much-needed source of revenue: you want something for free but somehow it has to be paid for, and including adverts is a good way to do it. At least you're given the choice before you install the software.

The distinction between adware and spyware starts to blur when the permission to install spyware is put in a long Terms and Conditions (T&Cs) statement. Hardly any of us read the T&Cs, even though we click to say we agree and accept them. Until it was blocked by anti-virus firms, the Friend Greeting software did just that. On the surface it was a standard greetings card application; hidden in the small print, though, was a clause allowing it to email everyone in your address book.

There are also many bogus programs that contain spyware, perhaps claiming to speed up your internet connection or optimise your PC. Have you ever been surfing the web and seen a pop-up that looks like a Windows dialog box, telling you that you need to download XYZ now, or your computer could be at risk? This is a popular way for bogus programs to get on your computer. When you see one of these pop-up boxes, never click on any of the buttons in the dialog box. Instead, you should shut down the window in one of three ways; click the top right-hand corner button; press Alt-F4 or find the page on the Windows taskbar, right-click on it and choose Close.

ROGUE TRADERS

More pernicious are rogue anti-spyware products, which hide spyware in supposed security software. This is a recent tactic, but one that is proving successful against less-experienced computer users. A regularly updated list of such software can be found on the Spyware Warrior website at spywarewarrior.com.

Typically, unsuspecting users are introduced to these programs by adverts spammed via email and messaging applications. They often offer a 'free scan' of the user's computer before telling them that they need to install anti-spyware software. In fact, many of these programs are little more than spyware generators themselves and can be extremely difficult to remove.

Since last year, the US Federal Trade Commission has been acting against this type of code. It has levied stiff fines and shut down offending companies, but the problem persists.

KNOWING YOU HAVE A PROBLEM

Spyware can be easy to spot, depending on its type. Pop-up generators and software that either changes your homepage or web favourites is instantly obvious. You should also run a scan if you try to visit one website, particularly a search site, and are redirected to another page.

You may also notice a slowdown in your PC's performance if you are heavily infected, and more frequent crashes. If you suspect this, press Ctrl-Alt-Del, click on the Processes tab and see what software is running. Click on the CPU button to see what's using the most processor power.

The System Idle Process and applications such as Explorer, Firefox and Taskmgr (Task Manager) will naturally take up a fair amount of processor run time. Windows is fairly good at not letting you shut down processes that are vital to the safe running of the PC. However, if you are unsure about another program that is taking up power, make a note of the name and search for it with Google for more information.

Another good tactic is to pay close attention to your firewall. Some spyware, particularly recorders, communicate the information they have gathered and you can pick this up in firewall logs, which you'll find in the application control part of your firewall program.

reinforced windows

You need to check the security settings of your computer and make sure that security weaknesses in individual programs won't let in infections. For Windows XP users running Service Pack 2 (SP2), this has been made easier by the inclusion of the Security Center in the Control Panel. If you aren't running SP2 you should upgrade before 10th October, when Microsoft stops supporting Service Pack 1.

The Security Center allows you to configure three key areas: the internet connection, the firewall and updating. You can alter the settings of the browser and firewall independently using their own controls as well.

Configuring your internet security settings should be your priority. Open the Security Center and click on the Internet Options link in the 'Manage security settings for' section. This opens the Internet Options dialog box. The first tab you need is Security. On this page you can rely on the four preset security settings or create your own custom rules. Windows XP defaults to the medium security setting, which is good enough for most situations.

MAKE YOUR OWN RULES

To make life even harder for spyware programs, click on the Custom Levels button (Internet Properties, Security tab), and manually go through each security function. Some are obvious, such as disabling the installation of unsafe ActiveX controls, but others are less so. If in doubt, choose the Prompt option where available. This will let you make a decision each time and you can reset your choices whenever you like. When you've finished, click OK.

Next, go to the Privacy tab, which gives you six default security settings, ranging from blocking all cookies to very limited protection. You can also block certain websites and import lists of blocked sites from others. Click on the Advanced button on the Privacy tab to manage first- and third-party cookies more delicately.

FORTIFY THE FIREWALL

A firewall is still important in the fight against spyware. Even the firewall that comes with Windows will help stop unwanted programs from loading themselves on your computer. Other firewalls go one further by making sure that any requests to use the internet by a program are authorised by the user.

The firewall in Windows XP SP2 is now turned on by default and has more features. Although it is much better to use than no firewall at all, the Windows firewall doesn't monitor outgoing transmissions. ZoneAlarm (www.zonelabs.com) is free, and alerts you when a program tries to contact the internet from your PC. Kerio Personal Firewall (www.sunbelt-software.com) has more features, and costs £6 a year (see our Labs test of firewall programs in Shopper August 2006).

If another manufacturer's firewall is used, Microsoft recommends shutting the Windows firewall down. In the Security Center, click on the Windows Firewall link under 'Manage security settings for'. In the dialog box that appears, go to the General tab. This has options to turn the software on, off or lock out all the applications you've previously allowed through.

The Exceptions tab lets you keep track of all incoming transmissions, including those needed by applications installed on the computer such as anti-virus software, file-sharing and remote-access software. You can add programs to this list and also configure which ports to shut down and leave open.

The Advanced tab lets you choose on which connections to use the firewall and the Settings button drills even deeper. It allows you to select the services you leave open, such as FTP or Telnet. The IMCP tab controls communications using the Internet Control Message Protocol to send error messages.

PLUGGING THE GAPS

The final Security Center configuration is Automatic Updates. Microsoft releases new patches on the second Tuesday of each month and will also publish critical patches outside this schedule. Automatic Updates allows you to choose how and when to patch.

Choosing the Automatic option will give you the best protection, since the patches are installed immediately as long as there's an internet connection. But the downside is that many patches require a restart after installation and if you're in the middle of something important, this might not be convenient. The process also takes up bandwidth and processor power.

Alternatively, you can choose when to install the patches yourself. This gives you more freedom but will leave you open to a fast-moving spyware writer.

LIMITED LIABILITY

Aside from the Security Center, there are other protective measures that can be used. Windows XP runs by default with full administrative privileges, but if you pick up a spyware infection as an administrator it would give the spyware sender full access to your system. This could allow them to turn off your security software, install other applications or use your hard disk as storage.

Instead, you should set up password-protected limited accounts for individual users of the computer. This means that if a spyware infection is picked up, it can be controlled and removed with minimal system disruption. To do this, go to the Control Panel, and double-click on the User Accounts icon.

As a rule, use peer-to-peer file-sharing software only with people you know, rather than just downloading any old file. You can search by username. Another useful tip is to look for odd file sizes. For example, if you are searching for a popular piece of music, compare how much space is used by each file. Look for those that are far too big or too small, since these could be spyware in disguise.

GETTING RID OF IT

Getting rid of software that is designed to be hard to remove is tricky at the best of times. If you have the knowledge it's a tedious process, and if you don't, it can be harmful to the system you're trying to clean.

Your first line of defence will be your anti-spyware program. If spyware has managed to slip past it, download the latest updates, and go immediately to its website to see what additional advice the manufacturer is giving.

Anti-spyware products work pretty much the same way as anti-virus software. The applications require regular updates of spyware signatures in order to remain effective. More advanced software looks not only for signatures but also for patterns of software behaviour, sometimes called heuristics. For example, some spyware runs two copies of itself so that if the first is deleted the second can reinstall it. This kind of suspicious behaviour will be brought to the attention of the user, who can make a decision on the problem.

Many anti-spyware and anti-virus removers suggest you scan using the PC's Safe Mode. It is easier to spot spyware when you are in Safe Mode, since it shuts down many of the computer's higher functions, and any program using them. For example, third-party Windows services won't be active in Safe Mode.

SAFE AS HOUSES

Safe Mode has another advantage when it comes to debugging your system. To go into Safe Mode, hold down the F8 key while starting your PC. Once you're in, run your security software and it has a greater chance of cleaning the system totally than if the scan were completed in normal mode. This is because some spyware is very difficult to remove if it is running.

More cunning spyware programs will always have at least two copies running and once one is deleted the other takes over. Running your scan in Safe Mode can defeat this, but spyware writers are becoming increasingly wise to this. New variants of the CoolWebSearch spyware, for example, can load even in Safe Mode.

Every so often, a particularly nasty piece of spyware will require the use of both your anti-spyware program and manual intervention. For these infections, use a handy tool called HijackThis to see exactly what is running on your system. Written by Dutch coder Merijn Bellekom, it has become one of the most popular tools for this kind of work because of its reliability at detecting system changes.

Typically, users of HijackThis are advised to run the program, then send the logs in for one of the experts to look at. However, you can have a go yourself. In our tutorial above we explain the various components of the program, and what sorts of things you need to look for.

With the way spyware is developing, some infections will always get through. But by using a variety of anti-spyware applications, correct computer configuration and good practice online, you can minimise the threat.

Spyware



Local Articles
Software
Home