What is Spyware?

According to Microsoft

Spyware is a general term used to describe software that performs certain behaviors such as advertising, collecting personal information, or changing the configuration of your computer, generally without appropriately obtaining your consent first.

Spyware is often associated with software that displays advertisements (called adware) or software that tracks personal or sensitive information.

Let's Talk About Spyware

Why would someone write spyware? 

    lets say you have a web site and you want to drive more people to that website.  You go surfing on the net trying to find out how to get more people to visit your site and you come across one of the thousands of ads that reads something like.  "1 million visitors guaranteed to visit your site for only $29.99"   You think "this is what I've been looking for! and for that price if only 1 person buys out of the 1 million people I'll make my money back easy!"

So you click the link and you fill out the information they ask for and you pay your $29.99! 

when the seller gets your order he needs to figure out just how he is going to get 1 million people to come visit you!  How does he do this?  He writes spyware!    

We have all seen spyware sites in action! Some of us simply don't know we are seeing them! 

Have you ever got a pop up that opens a web site on your computer that you didn't want to go too?  (You just helped someone fulfill his 1 million visitor order.)

Keep in mind that the people who buy this kind of advertising and promote spyware are not the average business looking for more hits.  Why?

Have you ever got a pop up?   What's the first thing you do?  You close the popup!  Most of you don't even look around, you get annoyed that you're being set someplace that you don't want to go and you close the site.  So, the 1 million hits that were bought and paid for have done little more then upset the visitors!   This simply is not the way you go about selling things on the net.      UNLESS you offer something that will catch the eye of a visitor quick.  Maybe:

1. You are selling porn

2. You are a Gambling site

3. You are selling MORE spyware cures

4. You are selling a pop up blocker

5. Illegal software sales

"There are many other types of sites that use spyware to drive traffic. The above are just the ones I would put at the top of my list."

The Spyware Infection Trick

Another way people make lots of money writing spyware is to infect your system and then tell you that your infected and that they have the cure.  (for a price)

First they get you infected (we will talk about how in a bit). Once you're infected you will notice a few things pretty fast!

•  Your Computer will slow down

•  Internet connection  will start acting up.  Oh they won't stop you from using the internet 100% simply because they need you to stay connected so they can sell you "the cure." 

• Within a few days you will start getting some neat new message that tells you that you are infected and that there is a cure. 

• In some cases your computer will become locked and the only thing that works is the link to "the cure"

If they manage to get you to buy "the cure" it will (in most cases) fix your computer!  Well the truth is what it does is flag you as a "sucker."   Within a few weeks (maybe days) a new infection will hit you computer and a new cure will be offered to you! (for a price)  and this will go on and on and on... 

The other thing that spyware does is it invites friends to join it.   if you get infected with one piece of spyware there is a great chance that it will open the ports on your system that it needs to invite in more spyware.  

We have seen computers that have had over 20,000 infected files on them!  It's kind of funny in a strange way because the spyware will start fight itself for running time on your computer.   What not funny is that systems this far infected seldom get their speed back and they tend to land on a technicians desk and bring a high cost to repair home with them.

Note: There are MANY other types of spyware but they are all pretty much made to drive traffic or sell you a cure of some type.  

How Do they Infect You?

  Lets go with the top 5 (there are many, many others)
 

1. Email with links or attachments that lead to infected sites

2. Visiting infected sites

3. Downloading infected files (more on this below)

4. Security settings not set up right on your system

5. Not keeping your Microsoft OS updated
    

Sites that are well known for infecting computers with spyware:

1. Porn sites!   By far #1 on the list. 

If your an adult that wants to look at adult things I get it!  However if you are so inclined do yourself a favor and keep your local computer repair company on speed dial!   There are safe sites no question however there are 100 infected sites for every good (none infected ones);  you're playing a guessing game and it's going to bite you sooner or later.

2.      Gambling Sites

It's not playing the games that gets you most of the time.  It's the advertisements that they offer that lead to the infected sites. 

3.      Free Music Sites

A piece of spyware and or a virus are in simple terms "a program that is made to install something on your computer that does damage or send you to an infected site".  Can you think of a better place to hide such a program then adding it to the most popular music on the net? 

4.      Cheat code sites

Why is it that a kid with spend $50.00 on a game and then go get a cheat code that allows them to beat the game in 10 minutes anyway?  Most people that run cheat sites make there money from the ads they put on there sites, many of these ads lead to infected sites.  Others allow you do download saved games and "add on" programs to modify your game.   Many of them are infected. 

 

5.     Direct Connect sites

Sites that allow direct connection from your computer to another computer for the purpose of sharing files. (music, games, and web cams are the first to come to mind) 

Remember when you connect with a computer on the net you have no idea who is on the other end of that connection. It could be a 10 year old kid or a 100 year old adult.  You also have no idea what they are running on there computer or what is infecting there computer.  When you make that connection if they are infected chances are a well written piece of spyware will find you and infect you.  You also have no clue how many other computers they have connected with. 

So how do I Protect Myself from Spyware?

• Go to Start > Windows Update or navigate to http://windowsupdate.microsoft.com, and install ALL Critical security updates listed (you will need to use Internet Explorer to do this). If you're running Windows XP, that of course includes Service Pack 2 (SP2)!

• It's important always to keep current with the latest security fixes from Microsoft. This can patch many of the security holes through which attackers can infect your computer.
  Please either enable Automatic Updates under Start > Control Panel > Automatic Updates, or get into the habit of checking for Windows updates regularly.

• Many "freeware" programs come with an enormous amount of bundled spyware that will slow down your system, spawn pop-up advertisements, or just plain crash your browser or even Windows itself.

• Peer-to-peer (P2P) programs like Kazaa, BearShare, Grokster, Imesh, and others are amongst the most notorious. If you insist on using P2P software, please read this article written by Mike Healan of SpywareInfo. It is an updated and comprehensive article about which P2P programs are "safe" to use. Another good reference is here.

• Note also that even if the P2P software you are using is "clean", a large percentage of the files served on the P2P network are likely to be infected. Do not open any files without being certain of what they are!

• Many disreputable sites will attempt to install malware on your system through "drive-by" exploits just by visiting the site in your browser. Lyrics sites, free software sites (especially ones that target young children), cracked software sites, and pornography sites are some of the worst offenders.

• Most of these drive-by attempts will be thwarted if you keep your Windows updated and your internet browser secured (see below). Nevertheless, it is very important only to visit web sites that are trustworthy and reputable.

• In addition, never give out personal information of any sort online. And never click "OK" to a pop-up unless it is signed by a reputable company and you know what it is!

• Get a Router!  D-link routers have a great little firewall built into them that will deny many attacks before they get to your computer.  If you have a high Speed internet connection and don't have a hardware firewall installed your taking a chance that you don't want to take. (Microsoft firewall is NOT a hardware router)

• For more general information see the first section, "Educate yourself and be smart about where you visit and what you click on", in this tutorial by Grinler of BleepingComputer.

•  I will tell you that I am NOT a fan of most of the free anti virus programs that are out there.  I recommend using  PC-Cillin Internet security by TREND MICRO over any other product on the market.  It has served me and my clients very well over the last 3 years.  It is the # 3 best selling anti virus on the market. Thus many of the spyware people that are writing programs that attack the top 2 sellers over look it. 

• It's a good idea to set your antivirus to receive automatic updates so you are always as fully protected as possible from the newest threats.

• Many malware infections install themselves by exploiting security holes in Microsoft Internet Explorer. It is strongly suggested that you consider using an alternate browser.

• Both Mozilla Firefox and Opera are next-generation browsers that are more secure and faster than Internet Explorer, immune to most known browser hijackers, and outfitted with built-in pop-up blockers and other useful accessories.

• It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built into Windows. It doesn't block everything that may try to get in, it doesn't block anything at all outbound, and the entire firewall is written to the registry. Since most malware accesses the registry and can disable the Windows firewall, it's preferable to install one of these excellent third party solutions. I know that this is repeating myself but D-LINK routers have a great Firewall built in and I seldom use anything else

• This excellent program blocks installation of many known malicious ActiveX objects. Run the program, download the latest updates, "Enable All Protection" and you're done. Although it won't protect you from every form of spyware known to man, it is a very potent extra layer of protection.
• Don't forget to check for updates every week or so. Also see this tutorial by Grinler.

• Another good program is MVPS HOSTS. This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
• For information on how to download and install, please read this tutorial by WinHelp2002.

• IE-SPYAD puts over 5000 malicious sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. See this tutorial by Grinler.

• If you do not already have it, Lavasoft's Ad-Aware is a must-have free scanner. See this topic for instructions on how to configure and run Ad-Aware.

• Spybot Search & Destroy is another must-have free scanner. See this topic for instructions on how to run a scan with Spybot.
• Spybot has an "Immunize" feature which works roughly the same way as SpywareBlaster above.
• Another feature within Spybot is the TeaTimer option. TeaTimer detects when known malicious processes try to start and terminates them. It also detects when something wants to change critical registry keys and prompts you to allow this or not. See this tutorial by Grinler for more information.

• An outstanding all-purpose anti-malware scanner and cleaner is AVG Anti-Spyware. Although this is commercial software, the 30-day trial version will continue to work after the trial period expires in "free mode", with automatic updates and real-time protection disabled. See this topic for instructions on how to run a scan with AVG Anti-Spyware.

• Microsoft now offers their own free malicious software blocking and removal tool, "Windows Defender" (Not compatible with Windows 98 and ME.) It also features real-time protection.

• Even if you plan to use an alternate browser, you will have to use Internet Explorer for tasks like updating Windows or visiting any other site that requires ActiveX. Also, since Internet Explorer is integrated into the Windows core, keeping it locked down is very important.

• 
  Open IE and go to Internet Options > Security > Internet, then press "Default Level", then OK.
  • Now press "Custom Level."
  In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
   
• Now you will be asked whether you want ActiveX objects to be executed and whether you want software to be installed. Sites that you know for sure are above suspicion can be moved to the Trusted Zone in Internet Option > Security.
   
• So why is ActiveX so dangerous that you have to increase the security for it? When your browser runs an ActiveX control, it is running an executable program, no different from double-clicking an exe file on your hard drive. Would you run just any file downloaded off a web site without knowing what it is and what it does?

Home | Networking | LV Computer Service | Website Design | Our Rates | QuickBooks Proadvisor | Shop Hours | Hints And Tips | PC News | Catty Businesses

Questions or problems regarding this web site should be directed to Webmaster
Copyright © 2009 Lehigh Valley Computers LLC. All rights reserved.