Spyware and Adware

Spyware Detection

Viruses were the bane of computer users for many years, but the major headaches now are spyware and related programs, which can be as damaging as viruses.

What seems to be pushing the development of spyware and adware so quickly is that unlike viruses, spyware and adware provide their authors with a potential profit motive.

The problem for computers users is that the tools available to fight spyware and adware are less effective than antivirus programs.

Spyware and adware are software which most often is downloaded and installed as part of another program. This only happens after a computer user has deliberately downloaded an installer, usually after not reading the agreement which says that spyware and/or adware (although not using those terms, of course) will be installed along with the software you want.

Some people find this hard to believe. To illustrate the point, below is one paragraph from the terms for a Web Search toolbar (www.websearch.com if you want to see for yourself).

As you can see, installing the toolbar gives IBIS LLC the right to block some advertising coming to your computer, store information on websites you visit, redirect URLs you are trying to reach to another URL and update its software without your permission.

From personal experience I also can tell you that removing the IBIS software from a computer can be difficult.

Spyware and adware is designed to be a financial benefit to its originators, either by legal or illegal means. The programs do one or all of the following:

• Track your activity on the Internet and occasionally send reports containing that information to its server. The information is sold to firms interested in knowing what web sites computer users visit.
• Programs known as "key loggers" record all of your key strokes and send them to the program's originator. That information could be used to acquire user names and passwords, and even personal financial information that's being kept in the computer.
• Adware results in additional pop-up ads on your computer, sometimes targeted based on the web sites you visit.
• Programs known as browser hijackers will change the home page on your browser and attempt to direct you to certain web sites regardless of the ones you are trying to visit.
• They often have features which are designed to make them difficult to remove from a computer. They offer a removal process, but when the computer is booted they reinstall themselves.

While the idea of having your Internet activity traced is disconcerting, spyware often is poorly written, causing computers to slow down and even crash more often. It uses up some of your computer's processing power; if you have many pieces of spyware running they can slow the computer to a crawl.

If you have downloaded screen savers, games, browser enhancements such as web search toolbars and other such programs from the Internet and installed them, you can expect to have spyware on your computer. It's not unusual for computers to have 200 or 300 pieces of spyware on them.

Known for introducing spyware are programs such as WeatherBug and the Kazaa file-sharing service. Web Search toolbars are most often carriers for spyware. Some programs will install a dozen different spyware programs on your computer.

Software firewalls that monitor outgoing traffic, such as Zone Alarm, give you the ability to prevent spyware from sending information to the Internet. Zone Alarm notifies you if a new program attempts to send information to the Internet and gives you the opportunity to block the transmission. Firewalls will not prevent spyware from being installed, however, and many firewalls do not monitor outgoing traffic.

The most commonly used programs to detect and remove spyware from computers are Ad-Aware and SpyBot Search and Destroy. Both are free. The programs take a different approach to the effort to find spyware and the best defense may be to run both programs before deciding your system is clean.

Both Ad-Aware and SpyBot use definitions, much like an antivirus program, to identify spyware. After you install the software, update the definitions before you run the program. The programs will search your computer for spyware and give you the option of removing it.

At times removing the spyware will disable the program it installed with, so you have to decide whether you want to get rid of both or neither.

It's not unusual for computers to run better after they've had the spyware removed.

Below is the result of one Ad-Aware search of a computer that I was trying to clean up for its user. It's my record so far - 8,432 pieces of spyware at once. In that condition, the computer was barely operating.

The free version of Ad-Aware must be run manually each time you want to check your computer. The company also sells versions of the program which will monitor your system at all times and alert you when spyware is being installed.

Some additional notes on spyware:

• The newest spyware seems to be hooking itself into basic Windows functions and removing it can cause problems for the operation of your computer as well.
• For those using Windows XP, there's an additional warning about spyware. Some spyware prevents the correct installation of Windows XP Service Pack 2 and can significantly harm a computer's operation if installation is attempted with spyware in place. It's important to make sure your computer has been cleared of spyware before attempting to install XP Service Pack 2.
• Be aware that some anti-spyware software being sold appears to cause more problems than it fixes, and may even be spyware masquerading as an anti-spyware program. This is almost certainly the case if you've received an e-mail message trying to sell you a program.
• I would advise against accepting any offer to "scan your computer online" for spyware. The chances are the web site will install, not remove, spyware from your computer.

It's important to know who you are getting the software from. The links listed above are all to reputable companies.

Comparing Programs

There is more variety in the capabilities of anti-spyware programs than many other products. Some will be more effective at some types of spyware than others, and over time the situation will change.

PC World magazine regularly tests the major players in the market, both commercial and the free programs. You can look at the magazine's most recent review. for more information.

Advanced Information

If you are comfortable dealing with issues on your computer and need to dig deeper to solve a spyware problem, I have some additional information for you.

First of all, these tips should not be used by someone who isn't sure what they are doing. It's wise to backup your files, etc., before taking any dramatic steps or making changes to your computer's registry. No warranty of safety is provided with this information.

You can learn more about processes running on your computer to help determine which might be malware that you need to remove.

If your computer has Windows XP, there is a procedure to see which software on the computer is communicating with the Internet. To see the list, open a Command Prompt (you'll find it listed on the Accessories menu). Type "netstat" (without the quotes) and hit enter. You'll see a list of all the connections your computer is maintaining. Don't worry about the ones with "localhost" in the name; they are just connections internal to the computer. Look for any others listed; you may see your mail server or the address of a web page you have open in your browser. Others may be an indication of a virus, spyware or tracking cookie.

Pressing Control-Alt-Delete will bring up the task manager in every version of Windows. You can look through the applications which are listed there to see if any of them are spyware or perhaps other programs that you know you don't need.

It can be difficult to determine which of the file names you see on the Task Manager are a problem. To see what each of those files is, go to the Process Library, where you can type in the file names listed and look up its function. The Process Library will tell you if the file is part of Windows, spyware, or perhaps a video, modem or printer driver.

Some spyware applications "hijack" your web browser by changing your home page and redirecting searches to specific sites, or change the computer's desktop into an advertisement. There is a free anti-spyware program, HiJack This, which is designed to deal with such issues. Be sure to read the documentation that comes with the program, as it will list many functions from your computer and deleting the good with the bad might hurt your computer's ability to operate.

With the constant proliferation of spyware, new ones are being issued all the time. One effective way to find additional information on a specific program is to go to Google and do a search on the name. You will probably see some worthless information, but often what you are looking for will be there as well.