It seems like every time Microsoft or other software providers find
a better way to protect your computer, hackers and malicious individuals
find new ways to exploit computer vulnerabilities. In this section, we’ll
introduce the various techniques being used to attack computers and
discuss the software programs used to prevent these types of
attacks.1. Introducing Malware
Many people spend a lot of time on the Internet browsing
websites, downloading data, and never thinking of the potential problems
of malicious software (malware) creeping onto their computers. Some such
software simply reports your surfing habits, and other software tries to
take control of your computer. Malware consists of programs that are
suspicious in nature and have the malicious intent of infiltrating your
computer without your consent. The industry also defines malware as
software with a legitimate purpose that contains harmful bugs that
ravage a computer.
Before the proliferation of broadband Internet connections, most
malware was kept in check by the limited bandwidth of dial-up Internet
connections. When you dialed into your service provider, you didn’t
really have the bandwidth to allow your computer to be compromised
without your knowledge and most computers were not left online all the
time for people to try to connect to and harm. However, because
broadband connections are fast and always on, many people today simply
leave their computers connected to the Internet all the time. This works
against the computer owner, especially if she connects directly to a
cable or DSL modem. With a direct connection to the Internet, you have
left your computer open to numerous attacks. This is where malware comes
into play. Malicious individuals have the opportunity to fingerprint
your computer in an attempt to find vulnerabilities, and eventually your
computer succumbs to an attack, which allows someone to load software on
your computer without your consent.
When you are troubleshooting a problem with your ISP, you may be
asked to disconnect your computer temporarily from your router and
connect directly to the cable or DSL modem. Before you do this, you
should be sure that you have the latest updates to Windows and that
your antivirus and antimalware software is up to date. Many of the
attackers are actually automated scripts that sweep large chunks of IP
addresses at a time, so it is only a matter of time before your
computer is probed by one of these scripts. At the time of this writing, the SANS Internet Storm Center reported that an unpatched
Windows system would be likely to survive for no more than 70 minutes
upon being connected to the Internet without protection. For more information and precautions you can take, see
http://isc.sans.org/survivaltime.html. |
|
Another way for malicious software to get onto your computer is
via your own use of the Internet. You may recall a time when you visited
a website and were faced with numerous pop-ups asking you to vote for a
website or install specific add-ons in order to see the content of a
website. More than likely, you either purposefully clicked, allowing the malicious program to load, or
you were misled into clicking the wrong button and the software loaded
by itself. Many of these websites load harmful software to take
advantage of your computer without your consent. Some even load dialers
onto your computer to use your modem to make phone calls that are then
charged to you.
Other malicious programs get loaded onto a computer without the
owner knowing they are there because they are able to mask their running
processes. The industry calls this particularly heinous type of software
a rootkit. Rootkits
conceal their running processes and files, and sometimes they even morph
process names and files to conceal their true nature. Most of the time
rootkits disguise themselves as drivers, parts of the operating system,
or kernel modules.
Kernel-level rootkits replace portions of code programmed into the
computer kernel. The modified code added by the rootkit usually hides an
additional program, allowing remote users to use the infected computer.
Usually kernel-level rootkits replace a computer driver, device driver,
or additional module to accomplish their goal. If the rootkit has bugs
in the code, it may compromise the integrity of the computer from a
stability standpoint, in addition to introducing the security
implications of infection. These types of rootkits are extremely
difficult to identify and clean, which makes them extremely
dangerous.
Other common types of rootkits include library-level kits and
application-level rootkits. A library-level kit will replace a computer
call with modified code to mask the information about the hijacked
module. Application-level rootkits replace common applications with
modified code or a Trojan. These applications mimic the behavior of the
previous application and mask their modification of the computer.
Sometimes application-level
rootkits replace patches loaded onto a computer for security
purposes.
Virtualized rootkits modify the boot sequence of a computer to
load their content instead of the intended operating system. Once they
have introduced their payload, they load the operating system as a
virtual computer, which enables them to gain control of all calls to the
hardware by the guest operating system. Although no virtualized rootkits
exist in the wild, they do exist in controlled environments. For
example, Microsoft and the University of Michigan jointly developed a
virtual rootkit, which they termed Virtual Machine Based Rootkit, or VMBR.
Rootkits also serve as a tool to abuse an infected computer using
a program called a backdoor. Backdoors also fall into
the category of malware. Backdoors are programs that allow attackers to
use a computer for their personal use or profit. Backdoors allow the
attacker to manipulate the compromised computer to perform single or
even strategic attacks against other people’s computers. In addition to
allowing remote connectivity to the computer, backdoors may also allow
an attacker to run software at an elevated level usually reserved for
administrators of the compromised computer.
Additional malware programs include key loggers and denial-of-service attack tools. Key loggers usually log or
directly send keystrokes from the compromised computer to another user
on a remote computer. Denial-of-service attack tools are loaded by an
attacker or rootkit and allow the compromised computer to be used
against web servers, denying users the ability to connect to the web
server.
Denial-of-service tools accomplish their task by overloading the
server with requests until the computer under attack runs out of
available resources to honor the overwhelming number of requests for a
particular resource. Although a standard denial-of-service attack uses a
single computer to try to accomplish this goal, a distributed
denial-of-service attack uses any number of compromised computers,
making it even more difficult to stop the attack by blocking requests
from a single IP address.
Whatever the flavor of malware, most of it provides no value to
the computer on which it exists. Malware has many impractical purposes,
including malicious use of the infected computer. It may also allow the
use of personal information housed on the infected computer for
profiteering, or identity theft. Malware makes up a very large portion
of the problems inherent to the Internet in its current state, and it
poses a great threat to private information housed on private networks.
The worst part of malware seems to be computer users’ lack of knowledge
of how to remove and prevent these types of programs from infecting
their computers. This includes home users and corporate IT professionals
alike. Malware may arguably be the worst threat against computers to
date.
2. Understanding Antimalware Programs
Recently more companies have realized the potential harm
of malware programs, and they have tried to take steps to begin removing
malware from their environments. With the onset of the Sarbanes-Oxley
and HIPAA acts, compliance is on the rise and many people have started
to realize how vulnerable their private data has become to outside entities. Armed with
this knowledge, security practices have become increasingly important
for many organizations, and everyone feels the pain as we struggle to
maintain a balance between user-friendly computing and secure computing.
To combat the problem with malware, many vendors now offer tools that
will remove even the toughest malware out there. The industry refers to
these programs as antimalware tools.
Antimalware tools scan and remove malware from infected computers.
If you type “antimalware” in a search engine, you will discover some of
the more than 6 million web pages on the topic. The reason for this
relates directly to the inexhaustible amount of malware floating around
on the Internet. As discussed previously, most users have become aware
of the problem with this type of software only in the last few years.
Some people were aware of the problem early and tried to explain to
others how difficult it may become, especially in the corporate world,
but mostly it was ignored. Now antimalware has taken the lead in the
battle for securing your data.
Antimalware programs work similarly to antivirus
scanners—identifying malicious programs on the suspect computer, whether
in RAM, on the hard drive, or on network shares connected to the
computer. Once the antimalware program has identified the threat, it
will either alert the user for further instructions on how to handle the
problem, or it will delete the program and eliminate any registry
entries associated with the rogue program.
As with antivirus engines, multiple malware scanners are your best
bet for eliminating malware programs from suspect computers. You can
find these types of programs online, and using them will eliminate the
vast majority of malware on an infected computer. For the purposes of
malware removal, Windows 7 offers Windows Defender, arguably the largest
and most powerful antimalware engine available.
Antimalware programs can identify and remove many of the unwanted
programs on your computer, including unwanted browser help objects,
startup programs, registry settings, toolbar buttons, Winsock hijackers,
Internet Explorer plug-ins, ActiveX controls, DNS hacks, and anonymous
proxy rerouters. Each type of unwanted program relates to methods that
malware writers employ to get their malicious code onto your computer.
Some of the methods employ deceptive tactics to make you believe you are
loading a beneficial program onto your computer while manipulating data
on your computer so that it can be accessed on remote servers. These
programs leave you vulnerable to the less than savory strategy of the
malware writer.
Currently many antivirus companies are beginning to enter the
world of malware removal by either using third-party applications or
purchasing the engines of antimalware programs and integrating them into
their own products for malware identification and removal. Although
malware may seem similar to a virus, it is indeed a separate category of
malicious code. Viruses replicate themselves from computer to computer;
malware is a silent threat that users usually unknowingly
install.
Also, note that you may have to hand-edit the registry to remove some types of malware. If
you require this type of intervention, take great care when editing your
computer’s registry. Editing the registry can render a computer unusable
and require the intervention of a recovery service or large amounts of
time to correct. If you are not comfortable editing the registry,
consult a computer service or repair shop to remove these types of
malicious programs. Most computer service companies can remove these
programs within a short period and require only a small fee to clean
your computer. This can help immensely when the programs are embedded
into the computer or have metamorphic qualities.
3. Understanding Computer Viruses
The industry defines a computer virus as a program that spreads by
inserting itself into executable code, documents, or programs, and then
self-replicates to other documents, users, or computers when the
compromised file is shared. We refer to a computer with a virus as
infected, and we try to inoculate the computer
against future infections. Viruses are usually malicious and sometimes
harbor backdoors or Trojans.
Viruses were extremely prevalent in the earlier days of personal
computing and they had a devastating effect on computers. Viruses come
in all shapes and sizes, as well as varying strengths of maliciousness.
Some of the methods viruses used to execute included time bombs that
would go off at a predetermined time, and logic bombs that a user
triggered by completing some predefined action on the computer.
Another very nasty virus included the stealth boot virus, which
attacked the boot sector of the host computer or floppy disk. This virus
would not allow the computer to boot, and it required considerable work
to remove. This type of virus was more common due to the lack of
networks available. Most files were moved from computer to computer via
floppy disks. Once the infected floppy was inserted into the receiving
computer, the virus code executed, infecting the new computer.
Viruses are terrible in the sense that they can replicate
themselves at an inexhaustible rate. Luckily, because more people use
virus protection, they are not as widespread as before. However, now
that we have the ability to transmit data at gigabit speeds and process
data in the gigahertz range, viruses pose an even greater threat than
previously known. This brings us to the subject of worms.
Computer worms have taken on the traditional bogeyman role of the
computer virus, though viruses continue to present a real threat. A
worm is defined as a piece of
software using a computer network to copy itself and generate new hosts
by compromising security flaws in applications or the host operating
system. Once a worm makes it onto a network, it begins to scan for other
computers with a similar or identical flaw used to infect the first
host. The more hosts the worm can find to replicate itself, the greater
the impact it has on the host computer and network. Some worms have
generated so much traffic that they have literally brought the Internet
to its knees.
The first worm was created at the Xerox PARC laboratory in Palo
Alto, California. One of the computer scientists at the lab created a
worm to use on the different host computers in the facility to process
data for a centralized program. This was in the early days of the PC.
Before this, all users connected to a CPU. To garner the processing
power of the individual PCs in the facility as a single unit, the
scientist broke his data into chunks for each PC to process. Once the
PCs finished their work, they transmitted the results back to the
controlling node. At one point, the worm began using more and more
resources of the host’s computers, until it failed to give the user
computer availability. This required the creator to find a way to disarm
the worm, which in turn gave the user use of the infected computer and
the network it flooded with traffic. Although this worm had no malicious
intent against the host computer, some of the more recent incarnations
of this type of program have caused considerable damage to entire
networks. Some worms have rendered entire networks unusable for days,
weeks, and even months, due to their inherent capability to replicate
themselves.
The most recent embodiment in the computer virus family comes in
the form of email viruses. Recent years have given us some particularly
nasty specimens, including (but not limited to) the ILOVEYOU, MELISSA,
and, of course, Mydoom viruses. Each of these email viruses had a
devastating effect on computers, causing many providers to turn off
their email computers to prevent the virus from taking over and
spreading. Most email viruses use the address book of the user executing
an email program to spread themselves to other users, who in turn
execute the program, allowing their address books to be manipulated by
the virus and spread even farther.
Almost all viruses execute with the use of another program,
replicate themselves, and continue their path of destruction. Some
replace executable files on the computer they infect, which the
operating system executes, releasing the virus to spread to other
computers. All types of computers are susceptible to viruses.
Additionally, all operating systems have vulnerabilities allowing the
execution of virus-ridden code, so no one vendor offers a completely
safe product.
Although some viruses try to inundate a network to eliminate its
use, others are malicious and want to destroy data on a computer.
Viruses can be embedded in all types of files, including video, audio,
document, and image files. Some of the newer viruses are embedded into
JPEG images for execution. This is especially dangerous because the
browser has the intrinsic capability to execute and display images.
Browsers make up the largest group of applications in use on computers
today. With this fact evident, the propagation of viruses could become
even greater in the future than in the past.
As with malware, viruses that take the place of programs used by
the operating system may cause instability of the host computer. This
can cause crashes, hangs, and intermittent lock-ups. Trojans fall into
this category as well, but they work slightly differently than viruses.
Trojans follow true to their name. Trojans are also referred to as
Trojan horses, relating to the famous story told by Homer in
The Iliad of the great battle between the Greeks
and the Trojans over Princess Helen. To get a Trojan on your computer,
you must invite the program onto your computer. Usually you do this by
loading a utility or other program that has a purported valid use on the
computer. Unbeknownst to you, the program includes a Trojan, which gives
an external user the ability to use the computer remotely. The remote
user can then cause great harm to the data on the computer or expose its
use for personal gain.
The Trojan may lie dormant on the computer until you open the
program, and then it may require the use of a specific program to open a
predefined network port. Once you meet the criteria for the Trojan to
work, it allows a remote user to manipulate the infected computer for
his purposes. These purposes usually fall in line with malicious uses
including profiteering, denial-of-service attacks, distributed
denial-of-service attacks, key logging, and identity theft.
As you can see, the lines between malware and viruses are very
blurry in terms of the devastation they can wreak on a computer. The
difference lies in the way the program comes to reside on the infected
host computer. Malware makes its way onto the computer without your
knowledge and allows remote control of the computer. Malware does not
necessarily replicate itself to gain the use of other computers. Viruses
always replicate themselves. Sometimes viruses employ the same method of
installation on the infected host computer, but they always replicate
themselves to other computers. They act in very much the same way as a
virus acts in the human body, which is how they received their name. The
good news is that since the popularity of the Internet, many viruses
have been permanently eradicated from the industry, due to the
capability to transfer code to eliminate the viruses from infected
computers.
4. Introducing Antivirus Programs
The intent of an antivirus program is to identify,
inoculate, disinfect, or clean a virus or other malware program from a
computer. Antivirus programs usually work in two different ways. Most
scan a computer in its entirety, looking for known viruses based on
their databases of virus listings, and then they delete, inoculate,
remove, or quarantine the infected file. Other antivirus programs watch
file behavior on the computer. If the program detects unusual behavior,
it will usually capture the file, scan it, and then either ask the user
for input on how to handle the issue or quarantine the file for further
inspection and possible deletion.
Most current commercial antivirus programs use both of these
methods to detect and eradicate viruses from infected computers. This
helps eliminate the threat of infection by watching the most consistent
way viruses try to infiltrate computers. The most common elements of
virus removal involve repair of the file itself. This consists of the
antivirus program trying to remove the offending code from the infected
file. If the removal process does not work, the antivirus program
usually will quarantine the file discovered and prompt you for further
instructions on how to handle the problem with the infected file. When
you log on to the computer after the quarantine process, you must decide
whether to try to repair the file again or delete the infected
file.
It should be noted that you should always attempt to use multiple
antivirus programs to repair either files of a sensitive nature or those
used by the operating system before deleting the files. If you have a
virus in a file you want to keep, you should try to use multiple
antivirus engines to repair the file. This also holds true for operating
system files. Operating system files infected with viruses may render
the infected computer incapable of operating correctly, sometimes to the
point where the infected computer will not boot into the operating
system. Infections of this type sometimes require a boot disk with an
antivirus program to remove the virus from the computer.
Antivirus programs detect viruses via dictionary scans, behavior
analysis, and other methods. Each detection technique follows a specific
type of logic in order to find, repair, remove, or delete an infected
file. Each approach is unique. Most antivirus engines employ at least
two of these types of analysis in order to identify viruses. The third
category is usually used only when specific types of viruses are
encountered. Each approach helps us to identify the methods virus
writers employ to launch their code so that we can begin the process of
eradicating viruses from our environment:
- Dictionary scanning
This approach uses a database of known antivirus
types. When the antivirus program scans the computer in question,
it looks for specific code listed in the files it scans. If it
discovers suspect code, it will try to identify the virus strain,
report the infection, and complete whatever predefined options the
user has defined in case of corruption. Usually a dictionary-based
antivirus program scans the files when the operating system opens
the files for use. This includes files, programs, email, and other
known methods of attack.
Not all virus writers allow their code to remain static.
That means the code may be able to change or “morph” into
something different to eliminate the effectiveness of dictionary
scanning. These types of viruses fall into the polymorphic and metamorphic categories. They
modify themselves to prevent detection, and even employ encryption
to help hide portions of themselves from antivirus
programs.
Polymorphic code changes into different forms while keeping
the original algorithm intact, allowing the same action to occur
when executed but letting the code slip past dictionary analysis.
This helps the code hide its presence from antivirus programs
trying to detect and rid infected computers of viruses.
Malicious-virus programmers use this type of mechanism to keep
their code “in the wild,” allowing the virus to propagate freely
without detection.
Metamorphic code literally reprograms itself by translating
itself into a similar representation, and then back into the
original form. Metamorphic code can also use different operating
systems affected by the virus. That means a single virus could
employ different methods of infecting Windows, Linux, and BSD in
the same code. This method allows the virus to slip through
detection of dictionary analysis by antivirus programs.
Programmers go to great lengths to see that their viruses do
maximum damage by eliminating the simplest of detection efforts by
the public.
- Checking for suspicious behavior
This is a different approach to virus identification. This
approach does not employ dictionary databases to find and
eradicate viruses. Instead, it monitors a program’s behavior on
the computer. When the antivirus program sees a program attempt to
write data into an executable program, the antivirus program will
identify the behavior, flag it as a potential problem, and ask the
user what to do with the offending file.
Metamorphic viruses that reprogram themselves create
brand-new types of viruses. Because the new virus does not have a
signature to match in a database, the behavior analysis method
allows the antivirus program to capture and begin to identify the
new offending virus. However, if the user accepts the behavior of
the offending virus, this allows the virus to propagate,
eliminating the effectiveness of the antivirus program. This type
of analysis also lends itself to lots of false positives, making
it a less effective technique than other methods of virus
identification and eradication.
- Other approaches
Other approaches to identify, capture, and eliminate viruses
include heuristic analysis and
sandboxes. Each method employs
different processes to identify and capture viruses in an effort
to eradicate their capability to propagate. Heuristic analysis may
emulate the beginning lines of code executed by a program to
identify the program’s behavior as self-modifying, or it may use a
similar technique to discover that a program is looking for other
executable files. In either case, the antivirus program may flag
the file as a virus. Heuristic filters employ replicable methods
to study, ascertain, or identify viruses through their perceived
behavior.
Sandboxes emulate an operating system and allow code to run
in a simulated environment. When the code runs, the antivirus
program analyzes the emulated operating system for changes that
are perceived as a virus. These types of analysis require
sophisticated programs and use large amounts of computer resources
to run. These features lend themselves to finding new viruses and
keeping them out of the user environment, but they do not lend
themselves to real-time analysis, requiring the antivirus program
to run either as a managed background process or during off-peak
usage times.
Each process lends itself to different types of virus
identification and removal processes. Not all antivirus programs use the
same methods of identification and no one antivirus program can identify
and eliminate all viruses. Because of this, you may want to supplement
scans of your installed virus software with online scans using a
different virus engine. Take the time to research the different
antivirus programs available, including free scanners online, to help
identify and eliminate viral code from your computer.
5. Understanding Spyware
Spyware falls into a broad category
of software designed to gain control of a computer without the user’s
consent. As the name suggests, the program loaded onto the computer
spies on the user, and the industry has come to realize that spyware
also allows a remote user to control how the computer operates.
Sometimes spyware only offers the data housed on the computer for use in
spying on a user’s habits. Some companies use this data for targeted
advertising or to manipulate content based on the user’s browsing
habits.
Spyware watches what you do on your computer and sends the data
over the Internet to a collection point for future use. Sometimes these
collection points are data warehouse computers that let marketing groups
purchase browsing habits to begin an advertising campaign based on the
way you and other people browse the Web, thereby allowing them greater
financial gain. Some types of spyware will attempt to record your
keystrokes in the hopes of getting personal information for monetary
gain. These programs try to intercept any usernames, passwords, or
credit card information you use while online, and they are the most
dangerous type of spyware.
Other spyware programs monitor the use of websites on the
compromised computer. They then attack you with a barrage of pop-up windows. Some simply begin popping up
advertisements of competitor websites in the hopes of gaining
advertising dollars through your clicking on the advertisements. Most of
these types of programs fall into a category called adware. Not all
pop-up windows are associated with programs loaded on the computer; some
simply are generated by the code on a website. With this in mind, if you
see pop-ups on a regular basis whenever you use your browser, you
probably need to look into cleaning spyware off your computer. If you
visit a website and get the same pop-up or a similar pop-up every time,
it is probably due to the code on the website. For example, the Barnes
& Noble website (http://www.bn.com) used to
display a pop-up with the latest advertisement whenever you visited the
home page. This type of pop-up is not the result of adware or spyware.
However, if you visited the Barnes & Noble website and got pop-ups
for competing or unrelated sites, this was probably the result of adware
or spyware.
Most spyware capitalizes on the integration of the Internet
Explorer browser into the Windows operating system. This integration
allowed individuals to write code to get information from the browser
and the operating system, and it allows companies to pull information
from unsuspecting users when they visit a website using ActiveX controls
and other applications loaded onto your computer.
An example of a program that integrates the Internet Explorer
browser into the Windows operating system is the Alexa toolbar. The
Alexa toolbar is an application defined as a browser helper object that
includes some useful tools, such as a pop-up blocker, a search engine,
and a link to Alexa.com and Amazon.com. The toolbar also reports the
website usage of the local computer to a collection point at Alexa. Some
dispute the Alexa toolbar spyware classification, because the user has
to agree to an end-user license agreement (EULA).
One of the most prolific spyware programs was Gator. This program
offered to house your personal passwords for applications and websites.
Although the program held on to your personal data, it also spied on the
browsing habits of users and sent the information back to Claria
Corporation. Another prolific spyware program was called Bargain Buddy.
Bargain Buddy loaded onto the computer in a not-so-above-the-board
manner. Exact Advertising then paid the installing website money for
loading the software, and the program began popping up advertisements to
the user.
Some of the more recent applications of spyware include software
advertised as a spyware removal tool. Though these tools advertise
removal of spyware on infected computers, they actually cause damage to
the computer on which they are installed. Some argue against the use of
the term spyware for these programs because they
actually require the user to install them on the computer, and some
include a EULA, which flies in the initial definition of spyware.
Another prolific installation path for spyware programs includes
the offer of a usable program for peer-to-peer file transfers or other
uses that then piggyback the spyware onto the computer when the user
installs the program. Kazaa worked in this manner by tricking the user
into installing the program, and then allowing the spyware to work in
the background without the user’s knowledge. After its prolific use on
the Internet, someone noticed the problem with the application and made
it publicly known that the software was pilfering data from the computer
on which it was installed. Kazaa then proceeded to create a new, “lite”
version of the product without the spyware attached. Of course, most of
these programs have fallen under attack by the Recording Industry
Association of America (RIAA) in the battle against music theft and user
rights, and they do not have the same user base as they once did.
Not all spyware comes packaged in the cloak-and-dagger style.
Another prolific spyware program, named BonziBUDDY, advertised itself as
a companion for children while they surf the Web. It even claimed to
allow product price comparisons for the user. What the user did not
understand when he or she loaded the program was that it was spying on
the usage of the computer. It goes to show that you need to take the
time to research the programs asking for your approval before you
install them on your computer.
You are the main line of defense against spyware and other
malicious programs targeting your computer. Take the time to consider
what you are installing, and block your children’s ability to install
programs onto computers. Some spyware applications come packed with
freeware utilities or even games. This makes children a prime target for
the installation of programs that may undermine the stability of the
computer or that may allow someone to steal your private data.
6. Introducing Antispyware Programs
Antispyware falls into the same category as antimalware
does. Before the proliferation of this type of code across the Internet,
a distinction was made between the two types of programs. However, in
recent years, these antispyware and antimalware programs have morphed
into the same program. Usually you can eliminate spyware using freeware
antimalware tools or antivirus scanners. Some specialty tools list
themselves as spyware removal tools, but they also help eradicate
malware.
It may be more accurate to call spyware adware or nuisance software. Although some of
these offending programs do actually send user data across the Web, they
usually do not have a malicious intent against the user. They typically
use the data to advertise goods or services to the user by scanning the
user’s computer for patterns of behavior on browser use. Windows
Defender, which is included with Windows 7, will find most types of
spyware programs on your computer.
For many in the industry, spyware programs were both a wake-up
call and the proverbial straw that
broke the camel’s back. Many companies in the security business
underestimated the threat posed by spyware and were not ready to combat
the unique problems it created. This left many people running McAfee, Norton, and other security products without real
protection against spyware, until recently. Not only did this leave many
longtime users of these security products outraged, but it also created
a backlash that was heard throughout the security industry. Why did this
occur? Well, most of the security products—even those sold as total
security shields—protected your computer from viruses, hackers, abuse,
and sometimes even spam, but they did not protect your computer from
spyware. In fact, only the 2007 and later editions of the McAfee and
Norton security products truly protect you from spyware as well as all
the other bad things out there on the Internet.
The backlash created by consumer outrage did have some positive
effects, though. As ISPs noticed that people were increasingly canceling
their memberships because their computers simply could not be made safe
on the Internet, many began offering free security solutions. At the
time of this writing, two of the largest ISPs in the United States—Comcast and AOL—provide McAfee
security products free to subscribers. Comcast subscribers get a free
subscription to McAfee VirusScan, Personal Firewall Plus, Privacy
Service, and SpamKiller. AOL included McAfee VirusScan and Personal
Firewall Plus in the AOL Safety and Security Center, and also offers
spyware protection, phishing protection, and spam protection.
You should note that not all antispyware programs work as
advertised. Some of these programs disguise themselves as removal tools,
but in fact they install and advertise themselves for use to remote
users for malicious intent, or they install advertisement programs onto
the computers themselves. Take the time to research any product before
you install it on your computer. All reputable programs have websites
explaining the use and purpose of their programs, and should have
reviews on reputable websites and publications.
Most of the tools available require you to go online to update
their databases of known spyware to aid in the removal of these
programs. As with any tool you use to remove unwanted programs, take the
time to either update it regularly or allow it to connect and retrieve
its updates automatically. Most of these programs have a mechanism built
in to allow this type of automation and allow the user to go on without
the effort to check them as frequently. This does not mean you should
set it and forget it. You still need to take the time to verify that
they are updating correctly, because from time to time they may not work
as advertised.
As with malware, you may occasionally have to hand-edit the registry to remove some types of spyware. If
you require this type of intervention, please take great care when
editing your computer’s registry. Editing the registry can render a
computer unusable and require the intervention of a recovery service or
large amounts of time to correct. If you are not comfortable editing the
registry, consult a computer service or repair shop to remove these
types of malicious programs. Most computer service companies can remove
such programs within a short period and require only a small fee to
clean your computer. This can help immensely when the programs are
embedded into the computer or have metamorphic qualities.
