Combating the Insidious Threat to Your Privacy posed by Spyware
Spyware is any software that uses your Internet connection in the background without your knowledge or explicit permission.
It has the ability to: -
- Read cookies
- Scan files on your hard drive
- Monitor your keystrokes
- Install other Spyware programs
- Alter your default home page
- Send information back to its creator
In general Spyware is produced by a group of people for profit whereas viruses were produced by an individual for kudos.
Network performance can also be adversely affected by a Spyware attack. For a business the act of tracking down and removing the offending software will lead to disruption and loss of productivity.
Types of Spyware
Spyware generally fall into one of two categories; Adware, or Malware.
Adware
Adware is generally benign and is usually produced by advertising companies. Adware generally generates annoying on-screen advertisements (normally pop-ups).
The worst forms hijack links on websites and take you to destinations of your choice. The reason for this is that by artificially inflating the amount of traffic to their websites, your friendly neighbourhood hijacker can command higher advertising revenues. This can be worrying if you've got a child who surfs the net as the destinations routed can be anywhere on the web and pornography companies do make use of Adware in this manner.
Adware uses cookies to hold details of your browsing habits which are periodically sent to the marketers.
Although not directly compromising your system in the way that the far more more malign Malware does (see below), such software can cause it to become unstable and have a detrimental effect on its performance.
Malware
Malware is an abbreviation of malicious software and is often written to harm your system, much in the way that a virus can. Other forms use key logging to send details of your typing to the perpetrators. This has implications of identity theft and other criminal acts being perpetrated on you. A hacker potentially could use these programs to get your credit or bank card details.
A Growing Threat
"Over the past three months, EarthLink and Webroot found more than 29.5 million instances of spyware. This figure equates to an average of nearly 28 spyware items per computer and demonstrates the broad proliferation of spyware." said Cobb. "While most spyware is Adware-related and relatively benign, it's disturbing that over 300,000 of the more serious System Monitors and Trojans were uncovered. This figure represents how real a threat identity theft or system corruption is for users."
Earthlink and Webroot
Spyware has been around for less time than viruses but is rapidly becoming a greater threat.
In a recent survey by Earthlink and Webroot an average of 28 pieces of spyware were found on infected PC's. Most were relatively benign Adware, but 300,000 cases of more serious Trojans and System Monitors were found (from 1,062,756 scans).
It is currently thought that 90% of all computers connected to the internet are infected.
The Legal Position on Spyware
While the legal position regarding viruses is pretty well laid out the legality of Spyware is not.
Direct advertising companies sometimes use the spurious argument that because a user agrees to the terms and conditions of a piece of software they download, which includes mention of dubious activities in the smallest of small print, they consent to having Spyware running on their machine. Furthermore they state that to legislate against these nefarious products would have a dire effect on the economy. I seem to remember similar arguments were used when the slave trade was abolished, which is ironic considering that the zombification of your PC by some Spyware constitutes a form of cyber slavery.
The legal position of Spyware in the United States is also murky, in some states it constitutes a criminal activity, in others it doesn’t.
How You Can Get Infected?
Spyware can be installed by clicking on a weblink, opening an attachment in an email or by the payload of a virus. In fact you only have to visit a website, known as drive-by installation, or view a HTML e-mail message to get infected.
Spyware can also piggyback on the back of a utility you install (such as a P2P file sharing system).
Symptoms of Spyware
As with any disease there a number of tell tale signs that you've probably got it. Some typical spyware symptoms include: -
- Your browser being hijacked i.e., it takes you to sites other than the ones you type in
- A repeated, or sudden change, of your browsers home page that you didn't make
- Your being inundated by a plague of pop-up ads
- New toolbars appearing in your browser you don't expect to see
- Unexpected new icons appearing in your system tray
- Keys that don’t work properly when pressed (e.g. the 'Tab' key doesn't work or is delayed when used on a Web form to move to the next field)
- Poor system performance when saving files or opening programs
- Random error messages appearing
Take Care When Downloading Software
Be careful what software you download and install on your PC. Only download software from reputable sources.
Carefully read the End User License Agreement (EULA) of any software you plan to download. Often buried within the EULA will be a disclaimer stating something along the lines that
"...information about you and your browsing habits will be sent to the company's website."
Spyware mongers take your acceptance of this as giving them Carte Blanche to infect your PC, so be careful.
If the EULA is hard to find, or understand, or contains a clause like the one shown above, then seriously reconsider installing the software.
Be Wary of Gadgets
Use the active protection inherent in Anti-Spyware products to help protect your PC (see Anti-Spyware Products below).
With the advent of Windows Vista the use of Gadgets is becoming more and more prevalent. A gadget is an application that you can embed in a web page that delivers a piece of functionality to the user, such as showing the weather forecast for your area or displaying a digital clock on their webpage.
Quite often gadgets are created by hobbyists and delivered free of charge. Quite often they will also have a hidden payload of Spyware hidden in their code.
You can add gadgets to a website you administer or to a blog you post to. The revamped version of Google's homepage, iGoogle, also allows you to add gadgets.
In Windows Vista you can add gadgets to the windows sidebar. Unlike installing a gadget on a webpage where the Windows & Browser security will stop them accessing your file system, Vista gadgets have full access. That means that they can copy any embedded DLL, file or program to your hard drive. Vista gadgets execute with full system permissions and so can then execute those programs.
To quote the old saying, there's no such thing as a free lunch. In the case of gadgets the cost of your free lunch may end up being more than a Champagne and Caviar feast at the Ritz.
Take Care When Opening Attachments
If you receive an email with an attachment you are not expecting, the safest course of action is not to open it, and just delete it. If you later find that it was legitimate then you can always arrange to have it resent to you.
Ramp Up Your Browser Security
Ensure that the level of your browser security setting is sufficient to detect unauthorised downloads. In the case of Internet Explorer this should be set to at least 'Medium'.
This minimises the risk of drive-by downloads getting their teeth into your system.
Turn Off the Preview Pane in your Email Client
As previously mentioned the mere act of viewing HTML can cause Spyware to be installed. If you automatically view your current email in your email client this could potentially result in infection. To stop this from happening, turn off the preview pane. In MS Outlook on the View menu clicking Preview Pane toggles whether it is displayed or not.
Use a Browser Other Than Internet Explorer
The main way that Spyware is spread is through your web browser. A lot specifically target vulnerabilities in Internet Explorer, such as ActiveX, so one way of improving your security is to use an alternative web browser, such as Firefox, Opera or Safari. These browsers are not targeted as much as IE. Unfortunately a large number of websites only work using Internet Explorer so you may still need to use it. If this is the case make sure that you upgrade to at least IE7, security in this version was significantly improved.
Add Known Bad sites to IE's Restricted Sites Zone
If you are forced to use Internet Explorer it is worth considering blocking known bad websites. To avoid these you can install IE-SPYAD. This free program adds known bad sites to Internet Explorer's Restricted Sites Zone.
If you do use it then remember to update it on a regular basis to keep your list up to date.
Screen websites via a Browser Add-on
An alternative to blocking known bad sites via IE's restricted zone, which can be technically demanding, is to use a product such as Sitehound to alert you before you enter a known bad site.
Sitehound is a plug-in for Internet Explorer and Firefox. It works by using a list of known bad sites to check an entered URL against before you are directed there. The basic version of the product is free but requires you to manually update the bad site list. The pay for version does so automatically and also includes other features such as giving additional information about a suspect website.
Don't Click any Pop-Up Links
If a pop-up window appears don’t click any links within it. Doing so may cause the installation of Spyware on your computer. When a pop-up appears, close it by clicking the 'X' icon in its title bar.
Don't click on links in Spam
If you receive e-mail that claims to offer anti-spyware software, don't click on any of the links in it. Some of the Anti-Spyware products offered in spam actually install the spyware they claim to protect you from! If you want to install any Anti-Spyware products then a good place to start is with those listed later in this blog
Use Anti-Spyware Products
Use the active protection inherent in Anti-Spyware products to help protect your PC (see Anti-Spyware Products below).
Update Your System Regularly
Use Windows Update regularly to ensure that your operating system and web browser always has the latest patch or security update applied. Configure Windows Update to update automatically.
Use a Hosts File
A Hosts file allows you to specify an IP address that will be accessed when you enter a specific IP address in your web browser. By creating a file where the IP address for known malicious sites point back at your own computer, you can effectively make it impossible to visit them in the first place thus removing the chance of infection. Host files of this nature can be found on-line.
It is debatable however how effective this strategy is as Spyware can connect directly to the IP address, and thus circumvent this form of protection.
As an aside some Spyware modifies the host file as a means of redirecting you to sites of the authors choosing.
Consider Using a Program to Check Your E-Mail
As e-mail is one method that Spyware and viruses can infect your computer you could consider using a product to scan your e-mail for potential threats. One such product, Mail Washer Pro, is ostensibly a Spam removal tool but as the emails it screens for can also contain a virus or Spyware, it also provides another line of defence against infection. The preview pane it uses just shows the message in plain text so allows you to safely check your mail before you download it.
Detecting Spyware
Network and systems administrators can detect Spyware by: -
- Capturing and studying network transmissions for suspicious packets using a network analyser.
- Using the Netstat utility to monitor all ports. This is a TCP/IP application that reads network data structures. It can be used to find any suspicious ports open on your PC; they can then conduct a Web-based search on any suspect ports which may reveal the existence of Spyware.
A more effective means of detecting Spyware is to use a dedicated Anti-Spyware application.
Anti-Spyware Applications
Some anti-virus products profess to also protect your computer against Spyware but the truth of the matter is that none of them do a very good job of it. To protect yourself properly from Spyware you should run a dedicated anti-Spyware product.
The pick of the crop of products at time of going to press are: -
Freeware
Commercial Products
- Spyware Doctor - Spyware Doctor has consistently topped the ratings in reviews of anti-Spyware products and has a detection rate of around 97%. Another advantage of Spyware Doctor is that updates for new threats are made available for download within days (or in some cases hours) of the threat being identified. In the case of some well known products, it can be a week or more before countermeasures are made available.
As well as scanning for Spyware some products, generally the ones you have to pay for, also provide active defence to stop your PC getting infected in the first place. These active defences, although not 100% reliable, do provide some protection and are therefore recommended. The only downside to running active defence is you may find some degradation in performance.
One thing I would recommend is periodically scanning with more than one anti-Spyware tool. Even the best software won’t detect all current Spyware, so by scanning with more than one product you increase the chances of finding it. A combination of the current best commercial and the best of the free ones run on a regular basis will give you the best protection.
Keep Your Spyware Product Up-to-date
Update your Spyware signatures on a daily basis.
Scan Your PC for Spyware Often
You should perform a full Spyware Scan at least once or twice a week. In addition to this, if you have the option, configure your product to scan key areas on a daily basis, if possible on start-up.
Sometimes Spyware can mask itself during start-up making it difficult to detect and remove. To counter this, you should periodically run a full scan in Safe Mode. Safe Mode can be accessed by repeatedly pressing the F5 key (or on some systems F8) during the boot sequence.
False Alarms
Anti-Spyware programs use the following methods for detecting Spyware: -
- They contain a list of known Spyware which the use to compare against;
- They detect suspicious activity including Windows registry entries that are out of place, suspicious network connections and programs that exhibit suspicious behavior.
Blocking Spyware Transmissions Using a Firewall
As previously mentioned, Spyware sends information back to its creator. Running a firewall, such as Zone Alarm, not only stops unwanted intrusions getting in, but can also stop unsolicited transmissions getting out.
By configuring your firewall to only give internet access to legitimate applications you run, you can deny any Spyware that has managed to evade your defences the ability to accomplish its objective.
Some Useful Web Sites
For further reading on the subject, check out the following websites.
- Spyware Warrior - Spyware Warrior lists free and pay for software. It also lists bogus spyware that, when installed, spy on you.
- Spywareinfo - this site has a number of spyware forums where experts in the area participate. As such it provides a good port of call should you have any questions.
- Malware Removal - a site with a number of Malware related forums. It also has some useful downloads that help you remove some specific Malware infections.
Conclusion
Today most individuals and organizations measures in place to deal with the threat posed by viruses; they should also invest in separate countermeasures to combat the rise of Spyware.
Failure to do some can harm your efficiency, reputation, productivity and ultimately, your financial wellbeing.
No comments:
Post a Comment