Spyware Protection Beyond Applications
By Michael Ross
This article was published by ComputorEdge, issue #2430, 2006-07-28, as a feature article, in both their print edition (on pages 14 and 16) and their website.
Even though the computing public is increasingly more aware of the threats posed by spyware, and also more vigilant in using anti-spyware applications, spyware continues to be the primary security threat to online computer users. The computer software industry has responded to this problem by offering a plethora of anti-spyware products, ranging from the outstanding to the mediocre, and all the way down to spyware-in-disguise.
But there is more to keeping one's computer spyware-free than simply selecting the most promising application, regardless of its claims. For PC users, there are some straightforward and yet remarkably effective measures that can be taken to provide extra layers of protection against hackers and their insidious contributions to the world of computer code.
Blocking the Bad Guys
Every standalone PC or network that is in any way connected to the Internet, should have a strong firewall in place. People unfamiliar with this basic element of network security may, when first hearing this term, think of its original meaning, which is a fireproof wall that helps to prevent a fire from spreading in any structure, such as a building or a ship.
But in the world of computers, a firewall is any form of technology that prevents unauthorized users from accessing a computer network. It does this by monitoring each packet of information — the individual components of Internet traffic — flowing into and out of the network, and blocking unwanted traffic.
Generally this means only allowing packets that originate from requested IP addresses, to come into the network. But firewalls can also be used for monitoring outgoing traffic, and this is how they prevent spyware from sending your private information back to the hackers on the Internet.
Speaking in simple terms, firewalls come in two types: hardware and software. Hardware firewalls are most frequently seen built into routers, which are devices that allow multiple computers to all access the Internet over a single broadband (cable or DSL) connection. The computers can also access one another, depending upon which volumes and devices are "shared" with other computers on the network.
Even many DSL modems have built-in firewall capabilities. But for computer users interested in creating a home network, a router is needed. Well-regarded products in this category include those made by 3Com, Belkin, D-Link, IOGEAR, Linksys, and NETGEAR.
Software firewalls naturally take the form of computer programs that can be downloaded from the vendors' websites. Some of the options in this arena are: Kerio Personal Firewall, Lavasoft Personal Firewall, Norton Personal Firewall 2006, and Tiny Personal Firewall.
Hardware and software firewalls can even be used in conjunction with one another, with the hardware firewall serving as the first line of defense encountered by any unwanted traffic, and the software firewall providing backup protection from intruders, in case for whatever reason the hardware firewall misses it, or has been inadvertently disabled. The software firewall can also block the outbound traffic of any spyware that manage to get onto the network.
Some people may argue that the combination of hardware and software firewalls is overkill. But when considering the potential dangers of miscreants accessing your computer, or their spyware sending off your confidential information, it is much better to err on the side of being overly cautious than insufficiently so.
Playing the Host
Despite your best efforts, there is always the chance that a piece of spyware will manage to get installed on your PC, evade detection by your anti-spyware application (especially if it is not configured for automatic scanning), and somehow get past your firewall to communicate with the outside. Fortunately, there are still methods for preventing such spyware from being able to reach the hacker's Web server, provided that the server has already been identified as being up to no good.
When a PC program, such as a Web browser, attempts to communicate with any other computer connected to the Internet, it checks your PC's "hosts file", which can contain pairs of domain names (in the second column in the file) and the corresponding IP address for that domain name (in the first column). For instance, www.yahoo.com, if it were included, would have the IP address of 184.108.40.206. As a second example, the host name "localhost" corresponds to 127.0.0.1, which is the address of your PC.
What if you knew that hackers were using, let's say, www.evil-slimeballs.com as the domain name for the Web server to which they want their spyware to send any confidential information gleaned from your PC? You could use the hosts file to reroute any traffic intended for www.evil-slimeballs.com, by reassigning that domain name to an innocuous IP address, such as 127.0.0.1.
That's exactly what some security good guys have done: They have created hosts files which contain extensive lists of known spyware domain names, all reassigned to 127.0.0.1, and thereby helping to thwart any spyware attempts to "phone home". Two reliable sources of such files are: hpHOSTS and WinHelp2002.
The location of your PC's hosts file depends upon what operating system you are running, and which version. In almost all cases, the folder/directory is: C:\Windows\system32\drivers\etc (for Windows XP), C:\WINNT\system32\drivers\etc (Windows 2000), C:\Windows (Windows 95/98/Me), and /etc (Linux, Unix, Solaris, and BSD).
A common way for people to inadvertently infect their PCs with spyware, is by visiting an infected website, which then causes their Web browser to run malicious code that begins downloading spyware onto their computer, or pops up some sort of enticing message, form, or dialog box, requesting their permission to install software that the site's owner dishonestly claims to be both safe and useful. (The more ironic version of this is a site suggesting that you allow them to scan your PC or download anti-spyware software, which is actually spyware in sheep's clothing.)
If you insist upon using Internet Explorer, be sure to make it more secure by downloading and installing IE-SPYAD, which puts thousands of known malicious domains in Internet Explorer's Restricted Zone.
So when you are considering how to protect your PC from spyware and other forms of malware, do not limit yourself to the anti-spyware applications or broad security suites that claim to do everything possible. There's always more that can and should be done, and it is well worth the effort.
Copyright © 2006 Michael J. Ross. All rights reserved.