From:         Patrick Douglas Crispen 
Subject:      Tourbus - 24 Oct 04 - Adware, Spyware, and Malware

TODAY'S TOURBUS TOPIC: HOME COMPUTER SECURITY, PART SIX

The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
Copyright © Bob Rankin and Patrick Crispen - All rights reserved
Adware, Spyware, and Malware

It's late Sunday afternoon, so it must be time for me to write last Thursday's Tourbus post. :P

Howdy, y'all, and greetings once again from deep behind the orange curtain in beautiful Irvine, California, the fourth most serious of the seven deadly sins. [Go SLOTH!]

TOURBUS is made possible by the kind support of our sponsors. Please take a moment to visit today's sponsors and thank them for keeping our little bus of Internet happiness on the road week after week.

On with the show...

Today's post is the sixth and final part [YAY!] of my home computer security series. If you missed any of the previous parts, you can find them all online in the Tourbus archives:

Part One: Exploits and Patch Management http://tinyurl.com/4gdt6

Part Two: Firewalls http://tinyurl.com/66vfa

Part Two and a half: Odds and Ends http://tinyurl.com/5ru8z

Part Three: Testing your Firewall http://tinyurl.com/46zuz

Part Four: Update your Antivirus http://tinyurl.com/4gzhb

Part Five: Microsoft Baseline Security Analyzer http://tinyurl.com/5rhzf

I've also combined all of those posts into two giant presentations you are free to download and burn in effigy. Just point your web browser to

http://netsquirrel.com/classroom/

and look for Home Computer Security and Privacy parts one and two. Both presentations are available in Microsoft PowerPoint and Macromedia Flash formats.

Now that we've got that out of the way, let's talk about adware, spyware, and malware.

------ Adware ------

"Adware" is software that displays advertisements when you open and use a particular program. A good example is the email program I have been using since 1995: Eudora. There are three "flavors" of Eudora:

  • Paid Mode. For about US$50 you can buy the full version.
  • Sponsored Mode. If fifty bucks is more than you are willing to
  • pay for an email program, you can actually get Eudora for free. Sponsored mode is almost identical to paid mode -- the only thing missing is the paid mode's Bayesian spam filter -- but there's a catch: Sponsored mode displays an ad window and up to 3 sponsored toolbar links every time you use Eudora.

  • Light Mode. This mode offers only basic email sending and
  • receiving with no built-in ads. But it's free.

    Check out http://eudora.com/ for more information.

    What does Eudora have to do with adware? Well, that middle version-- sponsored mode--is a perfect example of what I call "pure adware." Pure adware is a GOOD thing. You get software that you otherwise wouldn't be able to afford. In return, the software displays some ads. Sounds like a perfect trade-off to me.

    Unfortunately, pure adware is rare.

    ------- Spyware -------

    Unlike adware, "spyware" is software that tracks what you do and where you go online. "Pure spyware" like the Google toolbar [see Tourbus, July 29, 2003: http://tinyurl.com/4xj4n ] respects your privacy and doesn't share this tracking information with anyone else.

    Unfortunately, pure spyware is the exception, not the rule. An overwhelming majority of spyware [like, oh, ALL of it] sells your personal information to marketing companies.

    Why is spyware so bad? Well, besides the privacy implications, spyware often breaks your computer. Spyware code is often poorly- written, and you may have so many spyware programs running on your computer at the same time that your computer slows to a crawl or crashes.

    Even worse,

  • Spyware has been linked to an increase in both spam and pop-
  • ups.

  • Pornographers use spyware to push explicit advertisements to
  • your computer. ["Will some please think about the children?"]

    How pervasive is spyware? According to our friends at AOL, over 90% of broadband users have some form of spyware installed on their systems [source: http://tinyurl.com/5kdh9 ]. PestPatrol has identified 124,474 different spyware programs or objects on the loose as of a few weeks ago.

    Where does spyware come from? Well, when a mommy spyware program and a daddy spyware program love each other very much...no, wait... that's not it. Actually, spyware comes from a whole mess of different places. Some spyware piggybacks on top of free software you download and install from the Internet. Software that comes bundled with spyware include:

  • File-sharing programs like Grokster and Kazaa
  • DiVx
  • Weatherbug
  • Even removing these programs may not remove the piggybacked spyware. You may also need special removal tools [see below.]

    You can also get spyware by clicking on dubious pop-up ads. Another way to get spyware is from a virus or Trojan Horse, but that's rare. And if you use Internet Explorer, you can even get spyware just by visiting a particular website. You don't have to click or download anything. Internet Explorer automatically installs the spyware for you. ["Thank you, Microsoft!"] Fortunately, you can download the fix at mozilla.org. :P

    ------- Malware -------

    MANY of these drive-by installations involve not only spyware but "malware." Malware is a type of computer program that can

  • Replace legitimate ads on commercial web sites with ads from
  • vendors who financially support the malware's author [a.k.a., "scumware."]

  • Permanently and irreparably change your browser's home page and
  • search settings so that they point to the malware author's site [a.k.a., "homepage hijackers."] The site is usually overflowing with advertising and pop-ups. Fixing homepage hijackers is often quite difficult.

  • Cause your modem to automatically dial 900, long-distance, or
  • international telephone numbers whose revenues support the malware's author [a.k.a., "autodialers."]

  • Open security holes on your computer that can be used later to
  • remotely take control of your computer [a.k.a., "Trojan horses."]

  • Degrade your computer's performance and cause errors thanks to
  • it being badly-written [a.k.a., "Microsoft Windows"]

  • Provide no uninstall feature and put its code in unexpected and
  • hidden places to make it difficult to remove [ibid]

    Software to the rescue

    To detect and delete both spyware and malware on a PC, download and install *both*

  • Ad-Aware Personal SE
  • http://www.lavasoftusa.com/

  • Spybot Search & Destroy 1.3

  • http://www.safer-networking.org/

    Why both? Ad-Aware catches stuff that Spybot misses, and vice-versa. And they're both free.

    Mac users will eventually be able to download an antispyware tool called MacScan at

    http://macscan.securemac.com/

    I say "eventually" because it looks like it looks like the folks at Securemac.com are still working on it.

    What about [insert your favorite spyware removal tool's name here]? There are some great spyware removal tools out there--some free, some not--but Ad-Aware and Spybot are truly the market leaders. Ad-Aware has been downloaded 73 million times and Spybot 34 million times. AND BOTH ARE FREE!

    Keeping current

    Both Ad-Aware and Spybot are similar to your antivirus program in that they both use definition files to know what to look for. ALWAYS update the definitions before you scan your computer. In Ad-Aware, click on "Check for updates now." In Spybot, click on "Search for Updates."

    And to prevent future spyware and malware installations on your PC, click on "Immunize" in Spybot. It's not perfect, but it blocks 1,626 known spyware applications from installing on your computer.

    Dealing with spyware/malware

    To get rid of spyware and malware, run Ad-Aware and Spybot weekly.

    If your computer still has spyware or malware that neither Ad-Aware or Spybot could remove, check out Hijack This and CWShredder at

    http://www.spywareinfo.com/

    To prevent future spyware and malware installations, enable the Immunize feature in Spybot. Also, don't download and install ANY free software without first verifying that it is free of spyware [Search Google for the name of the software +spyware].

    And, finally, choose a safer browser.

    IE v. [insert browser name here]

    When I started this six-part series back in July I wrote that

    Over the next several weeks I am going to show you, step-by-step, how to protect your computer from most types of assaults. We'll talk about patch management, firewalls, antivirus programs, antispyware programs, and whole bunch more. And finally, at the end of all of this, we'll look at other web browsers. The choice of whether or not to keep using Internet Explorer will be completely up to you. But even if you decide to keep using Internet Explorer, your computer is going to be considerably more safe than it is right now.

    To TRULY protect your PC from most spyware and malware, stop using Internet Explorer. No, really. I'm not kidding. Not only do the alternative browsers browsers--Mozilla Firefox [mozilla.org], Opera [opera.com], Safari [apple.com]--better protect you from drive-by spyware and malware installation, they also automatically block most pop-up ads! To block pop-up ads in IE you have to download and install special software like XP Service Pack 2, the Google Toolbar [toolbar.google.com], or WebWasher Classic [webwasher.com]

    IE has WAY too many security holes in it, and there hasn't been a major IE upgrade in over three years. Worse still, Microsoft only supports IE on XP. There will be no more free IE security updates for non-XP users.

    My suggestion? Keep IE around so that you can access the sites that require it--Windows Update, Expedia, MSN, Shutterfly, etc.--and use an alternative browser [like Mozilla Firefox, Opera, or Safari] to access everything else!

    The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
    Copyright © Bob Rankin and Patrick Crispen - All rights reserved

    And that's what we'll talk about next time: how to download, install, and use an alternative web browser. Have a safe and happy week, and we'll talk again soon!

               .~~~.  ))
     (\__/)  .'     )  ))       Patrick Douglas Crispen
     /o o  \/     .~
    {o_,    \    {              crispen@netsquirrel.com
      / ,  , )    \            http://www.netsquirrel.com/
      `~  -' \    } ))    AOL Instant Messenger: Squirrel2K
     _(    (   )_.'
    ---..{____}                  Warning: squirrels.
    

    TOURBUS
    HOME PAGE
    LINUX
    TUTORIAL
    TOURBUS
    ARCHIVES
    Adware Spyware and Malware, viruses, hoaxes, urban legends, search engines, cookies, cool sites
    TOURBUS Site Search