Troubleshooting Q&A - October 2, 2003
Ill Intentions: Adware and Spyware Applications
Arming yourself with up-to-date anti-virus software should be top priority, but even with virus protection in place you'll still be vulnerable to the threat of adware and spyware applications. Learn what these insidious tools can do and how you can protect yourself from them in this week's Q&A.
By Ron Pacchiano
Q. The other day at the office, one of my co-workers and I were discussing a recent virus problem I had encountered and ways to prevent it from happening again. He had suggested that installing Norton Anti-virus or McAfee VirusScan on my system would limit my chances of getting re-infected. During our conversation one of our company’s network technicians came by and said that as good as those packages are, they aren’t going to be able to completely safeguard my system against all types of threats.
He suggested that I also look into software that guards against Adware and Spyware. Now I have heard of these types of programs before, but to be honest I don’t really understand how they differ from other viruses, and I find it even more unlikely that an application like Norton or McAfee would be unable to detect and remove them. However, if this is true, how do I go about protecting my system from them, and do I still need to invest in Norton or McAfee for virus protection? Thanks for all your help!
A. Your technician friend is correct in telling you that neither Norton nor McAfee is completely capable of protecting you from Adware or Spyware programs. The primary reason for this is that these programs operate somewhat differently than your typical virus. By definition a virus is a piece of programming code normally disguised as something else that causes some undesirable effect on the target PC. They are often designed to automatically spread to other computer users via e-mail attachments, as downloads, or by sharing infected floppy diskettes.
In most cases, the sender of the virus you've received is often unaware of its existence. Some viruses go into effect as soon as their code is executed, while others lie dormant until circumstances cause their code to be executed. This could be triggered by the user or by something as simple as a date change. Some viruses are playful in intent and effect, while others can be quite harmful, erasing data or causing your hard drive to require reformatting.
Anti-virus software like Norton or McAfee is generally designed to identify certain classes of viruses. Most viruses usually come in the form of file infectors, system or boot-record infectors, or Macro viruses. A more detailed description of each of these virus classes can be found here. In recent years, these classes have expanded to also include trojan horses (define) and worms (define).
Adware and spyware programs, however, act somewhat differently. Even though they possess many of the same characteristics as viruses, they aren’t necessarily viruses. This is one of the main reasons anti-virus programs don’t typically address the problem very well. Before covering how to go about removing these applications from your system, let's first look at exactly what these programs are.
Adware can do a number of things from monitoring your online surfing and spending habits to generating those annoying popup ad windows as you surf. There are numerous ways for your PC to become infected with adware. In some cases, adware has been bundled with other software without the user's knowledge or slipped into the fine print of a EULA (End User License Agreement).
This is actually quite common with many of the peer-to-peer file swapping services (like KaZaA). Adware can also be picked up by simply visiting various websites. Another form of adware is referred to as ParasiteWare. ParasiteWare is the term for any adware that by default overwrites certain affiliate tracking links. These tracking links are used by webmasters to sell products and to help fund websites.
While in general adware isn’t really dangerous, it can be quite obnoxious in that it performs "drive-by downloads." Drive-by downloads are accomplished by providing the user with a misleading dialogue box that forces a stealth installation. Many times users have no idea they have installed the application at all, and it's quite typical for adware developers to make their applications very difficult to uninstall.
Unlike adware, spyware is potentially a more dangerous beast because of the type of information it can gain access to. Spyware covertly gathers confidential and private information, and monitors system activity without the user's knowledge. Spyware can record your keystrokes as you type them, obtaining passwords and credit card numbers, tracking where you surf, and logging chat sessions, and can even take random screenshots of your activity. Basically, whatever you do on the computer is completely viewable by the spy. Spyware is often sold as a spouse monitor, child monitor, surveillance tool, or simply as a tool to spy on users that gain unauthorized access to your PC.
You do not have to be connected to the Internet to be spied upon. The latest permutations of spyware include the use of surreptitious routines that mail out user activity via e-mail or post information to the web where the controlling spy can view it at his or her leisure. Many spyware vendors also use "stealth routines" or "polymorphic" (changing forms) techniques to avoid detection and removal by popular anti-spy software. In some cases, spyware vendors have gone so far as to counter-attack anti-spy packages by attempting to shut-down their use. In addition, they may use routines to re-install the spyware application after it has been detected.
One of the places you’re most likely to find spyware is on your own office PC. In a work environment it is always best to assume that you are being monitored. Most employers have the right to do this, so get used to it. There are several ways employers can monitor employees. Some use activity logging software to see what programs are being accessed and for how long, while others will actually monitor internet traffic as it moves across an intranet. Many software programs that are designed for spying require physical access to the target machine, so be on the lookout for people trying to gain access to your machine.
Now that we know what adware and spyware software is, we can move on to identifying and removing it from your system. Next week we’ll talk about what signs to look out for that might indicate your system has become infected by these applications. We’ll also look at some utilities you can use to remove them from your computer. Till then, good luck.
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|