Spyware Detection and Removal

By

This article was published by ComputorEdge, issue #2424, 2006-06-16, as a feature article, in both their print edition (on pages 20 and 22) and their website.

Most Internet users should be familiar with the concept of "spyware" — perhaps intimately familiar, having been victimized themselves at some point. Given that security software firms have had years to develop robust countermeasures against spyware, and Internet users have read articles explaining how to keep their computers free of these virtual vermin, conceivably the spyware problem should at this time be nearly solved, if not fully so.

Unfortunately, such is not the case. Spyware proliferation is just as bad as it was years ago, if not worse, as more people connect their unprotected PCs and Macs to the Internet, and begin downloading software — more than they bargained for. For instance, in November 2004, a survey indicated that 80% of computers in use contains some form of spyware, with the number of spyware components per computer at an astounding 93. (It is ironic that one of the cosponsors of the research was AOL, whose Instant Messenger product used to contain spyware.)

More recent studies suggest that the extent of spyware proliferation is just as disturbing now as it was in late 2004. In June 2005, Merrill Lynch reported that approximately 25% of Dell's support calls were a result of PC performance degradation caused by spyware. Reduced computer performance is actually the least damaging effect of spyware, which can waste time and money required for cleanup or even reinstallation of a computer's operating system and applications. Perhaps worst of all, especially for corporations, is the theft of sensitive information.

Given that there are even more computers connected to the Internet, the perseverance of the spyware problem would imply that the total number of spyware infections — and the components that comprise them — has increased in proportion. Also, the spyware must still be working for its creators, otherwise they would have given up their evil ways ages ago.

One would think that computer users would certainly be more aware of the dangers of spyware and other forms of malware, seeing how most people have repeatedly been warned of the dangers — warned by ISPs, employers, coworkers, and publications. Why have we not made better headway against spyware?

The tremendous growth in Internet usage is likely a significant contributor to the problem, since the more experienced and security-aware users have been online for years, while the computers now being hooked up to the Internet are administered by security newbies, some of whom have never even heard of spyware.

Security Basics

More importantly, what can be done about spyware? In a nutshell, every Internet user must protect their computer with a reliable baseline of security measures, consisting of a firewall, an antivirus product, and an anti-spyware product. A properly configured firewall — whether hardware or software — helps to battle spyware by alerting the user as to whenever spyware tries to "phone home", i.e., contact the spyware creators and typically pass along information that will be used against the victim. The firewall can then be instructed to block the spyware's attempts to communicate out.

Before getting into the details of anti-spyware tools, I can at least mention the firewall and antivirus software that I have found to be effective, for any reader who still does not have those essential security countermeasures in place, and would like to know of some tested options: When I had a PC and notebook networked together and accessing the Internet, I chose a Netgear Web Safe Router, which has a built-in firewall. When no home networking is needed, then a software firewall suffices, such as Tiny Personal Firewall 2.1. Some people prefer ZoneAlarm, but I have found that it increasingly suffers from bloat.

For keeping viruses and Trojan horses out of your computer security walls, two proven and free applications are AntiVir and AVG Free. Another free option is ClamWin, which is recommended by the makers of Winpooch, discussed shortly.

Spy Versus Spy

Like so many other categories of software, anti-spyware products come in many varieties, including free and otherwise. The non-free options have not shown themselves to be any more potent than their gratis counterparts, and thus you may as well save your money and choose a free product. Some of the most highly regarded ones include: Spybot Search & Destroy, Ad-Aware Personal Edition, Windows Defender Beta 2, and Winpooch.

All of these anti-spyware applications, like most of their competitors, are capable of scanning all of the drives on your computer, and checking to see if any of your files contain spyware components. Any detected components are reported at the end of the scan, and you are typically given several options, such as having the application remove the infections from the files, delete the files wholly, move the files into a quarantined area, or do nothing (an option possibly provided for those few users who consider identity thieves to be misjudged).

Some anti-spyware products will scan files dynamically as you work with those files — even just requesting to list the files in a directory. Another common feature is to automatically scan files during or after they are downloaded from the Internet.

Any one of the aforesaid product should be sufficient. Yet even better is to utilize more than product, as several studies have confirmed what would seem intuitive: Multiple anti-spyware safeguards, when combined, are more effective than any single one, because there will invariably be one or more spyware components that can be missed by any individual product. Countless users team up Spybot and Ad-Aware.

To better learn which anti-spyware programs are proving most effective, you can alternate the order in which you run them, and record each time how many components are detected by one program that were missed by previous programs.

Bitten by the Browser

While detecting and eradicating any form of malware is a critical part of safe computing, it is even more prudent to prevent the malicious code from getting onto your computer in the first place. So the question arises, how do PCs and Macs typically get infected with spyware? In the past, the most common entry point for spyware was from programs downloaded, installed, and run on the user's computer. But an increasing portion of spyware cases result from infected Web pages.

In March 2005, a Web crawler designed to detect spyware-laden websites, identified 4,294 such sites, comprising a total of 89,806 infected Web pages. All those nasty pages are just waiting for some unsuspecting Internet user to stumble onto them — especially someone who has yet to switch from Internet Explorer to Firefox or Opera, which are much safer from malicious sites.

To beat the virtual vermin at their malware game, get yourself a better browser, and use it to download a software firewall and quality anti-spyware and antivirus programs.

Copyright © 2006 Michael J. Ross. All rights reserved.

Content topics: