Monday, April 12, 2004

PUBLIC SERVICE ANNOUNCEMENT

April 11, 2004, 11:27AM

SPYWARE: THEY CAME FROM CYBERSPACE
Step 1: Avoid spyware
By DWIGHT SILVERMAN
Copyright 2004 Houston Chronicle
SPYWARE

THEY CAME FROM CYBERSPACE
• Intro
• Step 1: Avoid spyware
• Step 2: Let Windows remove it
• Step 3: Removal software
• Step 4: Turning off spyware
• Step 5: Removing browser objects
• Types of spyware
• Got spyware?


The best strategy in the fight against spyware is to avoid it altogether. With a little vigilance, common sense and safe-surfing practices, you may never need to follow the steps in the rest of this guide.

• Update software. Keep your operating system and most-used programs updated with the latest patches and fixes. Some spyware programs, like viruses, take advantage of known security flaws in Windows and Internet Explorer.

• Avoid bad online neighborhoods. Just as you wouldn't go walking late at night in a bad part of town, don't go wandering around Web sites with questionable content. Sites that offer pornography, free downloads of copyrighted music and hacked copies of popular software programs are often also distributors of spyware and browser hijackers.

• Just say no. Web sites of all types may try to install plug-ins to your browser. Some are fine, such as Macromedia's popular Shockwave plug-in for view Flash animations. Others, though, can install spyware or hijack your browsers. When a site wants to install software, you'll see a popup called a certificate that will give you some information about the software and who is offering it. If it's a name you know -- such as Microsoft, Macromedia, Apple, etc. -- it's probably safe. But if you don't recognize it, or particularly if the plug-in offers to provide free software, music or porn, then decline.

• Tweak your settings. Your browser's security settings for Internet Explorer should be set to at least medium to prevent automatic launching and installation of Active X and Java programs which are often used to perform actions in a Web browser. In IE, click on Tools, Options, then Security. From here you can adjust your settings. Keep in mind that if you increase security above medium, some Web sites may not work properly.

• Investigate free software. Although there is lots of free software that really is free, a lot of it comes with a catch. Do some research before downloading a program by entering its name into a search engine such as Google along with the words "adware" or "spyware." Carefully read the fine print on the program's source Web site, and if you do install it, pay close attention to the licensing agreement that will appear as art of the installation routine.

Certain kinds of software are more apt to contain spyware or adware than others. For example, peer-to-peer, music-file-sharing programs, such as Kazaa or Grokster, are notorious for components that come along for the ride. In general, any free software that purports to get you something else for free is likely to contain spyware or adware.

Step 2: Let Windows remove it

Some spyware and adware programs do allow computer users to remove them easily. Check in the Add/Remove Programs module in the Windows control panel for the offending item. Try running the uninstall process.

If you don't see it listed there, check in the Windows Program Groups -- Start, Run, Programs -- for a folder related to the program. If there is a corresponding folder, there may be an uninstall icon inside it.

Some spyware uninstallers, though, will only generate error messages. If that's the case -- or if no uninstaller can be found -- you'll need to take more drastic measures.


Step 3: Spyware removal software

Spyware has become such a universal problem that an entire industry has grown up around software designed to remove it. Initially the purview of developers of shareware and freeware, the demand for spyware removal tools has inspired giants such as Symantec and Network Associates to jump into the market.

But the most popular programs -- and often the most effective -- remain those developed and created by programmers as freebies online.

A warning: Spyware removal programs aren't perfect. They won't remove all programs, and using them could cause other programs to stop functioning -- for example, if you remove adware that's required for another program to work. And some of them make changes to key system files, including the Windows Registry. Use at your own risk.

• AdAware -- www.lavasoft.de One of the most popular removal programs, AdAware takes aim both at spyware and browser cookies. It's also one of the simplest to use.

After installing, check for online updates to its database of bad programs and download it if one's available. Follow the prompts to check your computer for spyware and tracking cookies.

When it's completed -- it may take several minutes -- you'll see a list of cookies and possible programs. Right-clicking on any program in the list brings up a menu with lots of options, including the ability to select all the items on the list. Once you've chosen the items to remove, click Next and AdAware will delete them.

If you remove something you later wish you hadn't, AdAware's Quarantine feature lets you restore it.

• Spybot Search & Destroy -- www.safer-networking.org A little harder to use but more thorough, Spybot Search & Destroy is the other leader in spyware removal.

After installing, you can launch Spybot in either advanced or easy mode. Spybot also can download updated information about new spyware programs, so be sure and download its definition files before scanning.

Like AdAware, a scan takes a few minutes and produces a list of suspects. You can click on some items and get more detail about them before deciding whether to delete them.

Spybot also has an Immunize feature, making it impossible for some programs to change them. In Advanced mode, you can delve deep into system settings, including turning off programs that are set to launch at startup.

Here's a tip for both AdAware and Spybot. Restart your computer before running either one, and don't launch any browsers before launching Spybot or AdAware. This prevents programs designed to launch with the browser from loading into Windows' memory and can can keep them from being removed. Failing that, try running both in Windows' Safe Mode (at bootup, just before the Windows startup logo appears, hit the F8 key, and at the menu that appears, choose Safe Mode). This keeps spyware from launching when Windows itself starts up.

• Hijack This! -- www.spywareinfo.com/~merijn/ A program designed to fix browsers whose home pages and settings have been altered or "hijacked," Hijack This! requires some knowledge to be used safely.

After scanning your system, which takes just a few seconds, it shows in a single window a list of items that could be related to browser hijackings.

• CW Shredder -- www.spyware.info.com/~merijn/ Developed by the same author as Hijack This!, CW Shredder removes a very common piece of spyware known as the Coolwebsearch Trojan. It takes advantage of a flaw in a key component of Windows -- Microsoft's version of the Java Virtual Machine -- to install itself via popups often found on porn and illegal software (a.k.a. "warez") sites.

Run CW Shredder after installing, and have it look for updates. Then click the "Fix" button, and the the program will both scan and fix any problems it finds. If your system does not have this kind of spyware, it will give you the good news.

Step 4: Turning off spyware

In those cases where spyware is stubborn, you may be able to prevent it from starting up when Windows launches.

If you are using Windows 98, ME or XP, click on Start, Run, then type MSCONFIG and hit Enter. This will bring up the System Configuration Utility, and from here click the Startup tab.

Here you'll find programs that are activated when Windows boots, and by unchecking the boxes next to them, you can prevent most of them from starting. The list can be mystifying for even experienced computer users, but there's a searchable guide to the most common startup programs at www.sysinfo.org/startuplist.php.

Once you've determined what you need or don't need, you can uncheck the undesirables, then click Apply and OK. Restart your computer.

After the restart, the utility will appear again. You can check to see if any of the items previously unchecked have been rechecked, which some of the nastier spyware programs will do.

(Windows 2000 users will discover that the System Configuration Utility is not available on their PCs. Instead, try using Startup Control Panel, available at www.mlin.net/StartupCPL.shtml.)

Step 5: Removing browser-based spyware

Some spyware components are browser plug-ins, also known as Browser Helper Objects.

You can find Browser Helper Objects, or BHOs, in the Temporary Internet Files area. Click Tools, Options, then Settings on the General tab. From there, click on View Objects.

A folder called Downloaded Program Files will appear, and from here you can identify and possibly delete suspected BHOs. As with the startup items found in the System Configuration Utility, the item names can be cryptic. A list of common BHOs can be found at www.sysinfo.org/bhoinfo.php.

You may find you cannot remove some, because the browser is open and using them. An alternative is to restart the computer, then go to the Internet Options module via the Control Panel. This lets you get to the same menus without opening IE.

You can also get to it by clicking on My Computer, the C: drive, the Windows folder, and then opening the Downloaded Program Files folder.

Finally, if those tricks don't work, try removing the BHOs while in Windows' Safe Mode, again making sure you don't launch Internet Explorer first.

Even these strategies may not work. For advanced help, try some of the tips located at www.spywareinfo.com, or ask the experts that hang out in the forums there.

http://www.chron.com/cs/CDA/ssistory.mpl/tech/2496493

No comments:

Search This Blog