oreilly.comSafari Books Online.Conferences.


AddThis Social Bookmark Button

What Is Spyware
Pages: 1, 2, 3

Fortunately though, there are several simple things every computer user can do to lower the risk of spyware infection:

  1. Keep your Windows systems up-to-date by using Microsoft Update, which will update both your Windows and MS Office software. Installing Windows XP SP2 (Service Pack) is also important.

  2. Restrict some of the Internet Explorer settings (refer to Google for tips) or use Firefox, which significantly decreases the chance of spyware infestation. Here are some of the important settings to tweak: block popups using Windows XP SP2 popup blocker or another solution, limit or block ActiveX controls, and limit file downloads via the IE settings panel.

  3. Use antivirus and anti-spyware tools, and frequently update them using each tool's own automated update mechanism. The best free programs to use are Spybot Search and Destroy, Ad-Aware, and Windows AntiSpyware (to be renamed Windows Defender later this year). Most antivirus vendors, such as Symantec, McAfee, and Trendmicro are launching their own anti-spyware solutions. However, stand-alone anti-spyware companies such as Webroot and Sunbelt Software still outperform them. Also, make sure that you not only run the anti-spyware software, but also use it to perform spyware scans on a periodic basis, just like you do with an antivirus software.

  4. Use a personal firewall with outbound protection; it might notify you when the spyware that sneaked in tries to "extrude" the stolen information to its "mothership." It is important to note that at the time of this writing, Windows' built-in firewall didn't offer this protection, so other free (such as ZoneAlarm from Check Point) or paid (such as Norton or McAfee) software solutions should be used.

  5. Use only software obtained from trusted sources. For those needing a more specific suggestion, downloading from a random site from the Internet or receiving it from a "friend" you just met online does not count.

If you think your system is acting suspiciously, you need to determine if spyware is the factor to blame. Since there are so many parts of the system that can be modified by spyware, the best way for users to detect spyware is to run any of the free anti-spyware tools mentioned above. For better results, run multiple tools, since recent tool surveys indicate that no commercial or free tool will detect all spyware specimens. Some of the tools will also attempt to clean spyware traces, which brings us to the next item: response to spyware infections.

As far as responding to a spyware infection, the only guaranteed 100 percent effective measure a user can take is to rebuild a system. Only this will guarantee removal of all traces of malicious software from a system. On a typical Windows system there are numerous places where a piece of malicious code might reside. In a more real-world situation, where it is not possible or desirable to rebuild the entire system, try looking for spyware removal tools, sometime published by anti-spyware and antivirus vendors. All of the above anti-spyware solutions provide this functionality and will clean the spyware traces with varying degrees of efficiency (often depending on the type of malicious program). Same applies to the antivirus tools with anti-spyware defenses. However, note that the latter category is more likely to leave the risk alone and just warn the user about its presense.

Microsoft, which is now an anti-spyware vendor due to a recent acquisition, often publishes stand-alone removal tools for various malware. Microsoft's Malicious Software Removal Tool, which is updated monthly, can be downloaded to your system via Automatic Updates or the above link. It can be run online from the above link (via an ActiveX control).

Removing complicated spyware manually, such as a driver-based keylogger, will often render the system inoperable and should only be undertaken by those intimately familiar with their system internals. On the other hand, instructions for removing simpler specimens, such as adware, are often published online and can be followed by anybody who maintains their own PC.

The Future

To conclude, we will try to peek into our crystal ball, a necessary tool for an enlightened security professional. What's next for spyware? Will spyware bother us for years to come? It sure looks likely; there is no reason why the spyware creators will stop since -- guess what -- it pays the bills and there is no clear way to make such practices "prohibitively expensive" for their creators.

Anton Chuvakin is a recognized security expert and book author. His current role is PCI Solutions Director at Qualys.

Return to the Windows DevCenter.