Spyware Countermeasures

By

This article was published by ComputorEdge, issue #2246, 2004-11-12, as a feature article, in both their print edition (on pages 18 and 20) and their website.

In the world of espionage, spies are agents who worm their way into the enemy's camp, gather critical information that can be used against the enemy, and even carry out sabotage if so directed by their handlers. The computer equivalent is called "spyware", which is any kind of software that secretly infiltrates one's computer, records sensitive information (such as credit card numbers), and sends that information back to the ill-intentioned spyware creators.

How extensive is the proliferation of these loathsome programs on the Internet and on the average personal computer? Worse than most people realize. A study conducted by Earthlink and Webroot reported that their SpyAudit scans discovered an average of over 26 spyware and adware traces per scan. Viewed from another angle, 9 out of 10 Internet-connected computers are infected with spyware.

Flesh-and-blood spies can attempt to remain out of sight, with no need to disguise their purpose, or they can be visible to the enemy, but pass themselves off as loyal (i.e., "moles"). Likewise, spyware can be designed so that the typical victim has no idea that their computer has just been infiltrated, or the spyware can be disguised as a useful program, thus increasing the odds that people will willingly download it (past their firewalls) and be less suspicious when much later they learn that their personal information has been stolen.

The alert reader may already be seeing the implications: If spyware is often disguised as worthwhile software, how about disguising it as free anti-spyware software? The miscreants already thought of that. In fact, most of the programs that claim to disinfect one's computer of all spyware, will instead remove as much of the competing spyware as possible (or enough to make it seem valuable), but will infect the computer with its own evil capabilities.

As a result, you cannot rely upon an Internet search to find an honest anti-spyware application. Such a search will only list websites for applications making similar claims, most of which are fake. These "spies in disguise" can use the most simple of scams. For instance, a recent Google search turned up NoAdware, a.k.a. Adware Hitman, SpywareAssasin, and Adware Hunter. It sounds impressive, until further research reveals that it uses deceptive advertising and false positives to induce victims to purchase the product.

The Good Guys

Fortunately, there are legitimate anti-spyware programs available, and the best are free. We will consider the four top-ranked products, starting with the one I use and recommend, Spybot Search & Destroy, available at no cost from http://www.safer-networking.org/. Spybot is easy to install and run, and is considered by many computer security experts to be the most thorough product available. Those computer users employing multiple partitions on their PCs, will likely appreciate how Spybot can be run from a non-boot partition.

Ad-Aware is another well-regarded anti-spyware utility, and appears to receive even more mention in the press. It is authored by Lavasoft, and, like the other products discussed here, runs on Microsoft Windows XP, 2000, NT, Me, and 98. For non-commercial use, it is free ("Personal Edition"). For use in a commercial, education, or government environment, it must be purchased, as either the Plus Edition ($26.95) or Professional Edition ($39.95). The former adds real-time protection, as well as more scanning capabilities, log files, and command line parameters than the Personal edition. The Professional Edition adds detection of trojans, dialers, browser hijackers, etc., and process analysis.

Webroot Spy Sweeper features regular updates (since "spywarez", like viruses, are often morphed to avoid detection) and live customer support. The cost is $29.95, and they offer a free trial. The Enterprise version adds enterprise-wide spyware protection, centralized management via an admin console, manual or automated deployment, and reporting. The Enterprise version is probably not cheap, as one must apparently request the price from the vendor.

PestPatrol, like the above products, has several versions for various uses. The Home Users edition ($39.95) detects and eliminates spyware, adware, trojans, and other hacker tools. They offer an evaluation copy, so you can try it out and see how it stacks up against any other product you are considering. Their Small Business edition ($127 to $254, depending upon the size of the site license) additionally searches for and destroys key loggers, denial-of-service attack agents, spyware in memory and in Windows registry and start-up areas, and cookies. It can automatically download and install updates. Their Corporate Edition ($319 to $699) is designed for networks of multiple workstations.

So which product should you choose? That depends upon your needs (e.g., standalone vs. corporate-wide) and budget (none vs. substantial). But even if your financial constraints limit you to the free versions, that does not mean that you should limit yourself to only one product. No single anti-spyware application can detect all the spyware on the Internet. A recommended strategy is to regularly scan your PC utilizing two or more trustworthy applications, such as Spybot and Ad-Aware. Consider alternating the order in which you run them, to see what spyware the first one missed and the second one caught, and thus learn how effective each one is.

Squashing Pop-ups

The anti-spyware products discussed above can go a long way to reducing your chances of becoming a victim of any unwanted agents of "e-espionage". But that's not all you should do to protect your computer. In addition to frequently running up-to-date antivirus software, and using a firewall, you should secure your Web browser, to minimize the chances of it being used as a means of spyware installing itself on your computer.

The most commonly used Web browser is still Internet Explorer ("IE"). This is unfortunate, for many reasons; but from a security standpoint, it is quite dangerous, as IE is by far the most easily exploited browser by spyware pushers. The ActiveX components of IE make it a favorite target of all forms of malware that attack Web browsers, including spyware. In response, you could try disabling Active scripting and ActiveX controls in the Internet Zone and Local Machine Zone, but this significantly reduces IE's functionality (such as it is).

A much better solution is to simply replace IE with a more secure (and capable) browser. You could join the millions of Internet users who have already switched over to Mozilla or Firefox (both available for free at http://www.mozilla.org/). Not only are these Web browsers safer than IE, and have features that should have been added to IE ages ago (such as tabbed multiple Web pages), they have the tremendous advantage of being able to suppress all pop-ups automatically. This solution is easier and more reliable than installing a pop-up blocker for IE, as they don't always defeat all pop-ups, nor do they prevent spyware infection; plus, they further slow down your system.

In the battle of spyware vs. counter-spyware, you need to take a proactive approach, making use of legitimate anti-spyware programs, firewalls, antivirus software, and a more secure Web browser for your PC.

Copyright © 2004 Michael J. Ross. All rights reserved.

Content topics: