Spyware cleaners fall short; follow these steps to stamp out spyware for good.
Sometimes the truth hurts, but here it is anyway: You will struggle with spyware at work, home, and on family and friends' computers for the next several years. Spam will be choked down to a manageable stream this year, but spyware will fill the gap, costing you precious hours cleaning the infected (and re-infected) computers of your friends and family.
My home office lab is the spyware front line. I routinely download programs for testing, then run a combination of pop-up blockers, spam protectors, Registry rooters and cookie cleaners. I'll quarantine 635 Registry spyware droppings one day, delete 31 spyware cookies the next and start all over again the next week. I've tested dozens of new utilities and dutifully download the latest version of each.
Discuss and trade anti-spyware tips in our forum.
The bottom line is they're all good; they all help. But they're all incomplete. Running anti-spyware utilities is just part of the solution. There are a slew of other things you can do, and have your users do, to curb the problem. Follow our handy 10-step guide to get started.
1. Know thine enemy.
If you define spyware as any tiny cookie left behind by an innocent Web site, your frustration will never end. Scumware of all kinds will cause you grief, but the four major types are:
Spyware: an application surreptitiously gathering information about your computing habits that may send the data to some unknown site - aka "key loggers" or "keystroke capture parasites." (Not to be confused with "malware," which includes viruses, worms and Trojan horse programs.)
Adware: an application that pops up advertisement windows and banners randomly or based on current browser content - aka "pop-ups."
Hijackers: applications that change your browser home page, default search engine and even redirect you from sites you try to reach - aka "jackers" or "switchers."
Cookies: small files that track data such as Web site preferences and passwords for repeat visits. Spyware gathers and spreads this information without user knowledge - aka "tracking cookies."
Adware is the most annoying, but hijackers and spyware do the most damage. Scumware purveyors claim we all "agree" to their garbage, but of course we don't. Yet, a lot of this stuff is harmless; teach your friends to tolerate a few cookies and save the 911 calls for aggressive pop-ups, browser home page redirects and suddenly sluggish systems.
|SPYWARE HIT LIST|
Utilities from trusted, name-brand portals are worth trying, if you’re careful and back up before trying something new. These “usual suspects” appear in many downloadable sites. Try the freeware first and then commercial products in order of price, like this:
2. Get off Internet Explorer
We can't charge Microsoft with a crime for creating spyware. But the design of Windows, and particularly Internet Explorer, certainly makes it an accessory. Encourage friends and family to switch to alternatives Firefox or Opera, which both block pop-ups by default. Firefox is free and available here; Opera costs a few dollars.
Need proof Internet Explorer is the problem? On my primary test PC running Windows XP Home, I use Internet Explorer and Outlook Express. There were 739 spyware threats found. On my personal PC, running Firefox and Mozilla's Thunderbird e-mail application, there were 11 spyware instances. Each of those 11 was an Internet Explorer exploit or cookie that snuck in the few times I had to use Internet Explorer for certain Web sites.
But Microsoft is now making noise about anti-spyware tools (see "Giant Microsoft improvement?" next page), and XP Service Pack 2 has reduced the ability for most spyware to cripple a system completely.
Unfortunately, some sites demand Internet Explorer, and users who are heavily intertwined with Microsoft's Outlook e-mail client must use it. But there are ways to slow spyware using Internet Explorer. First, disable Microsoft ActiveX support. In Internet Explorer, click on Tools > Internet Options > Security > Custom Level, then click the check boxes that force ActiveX controls to ask permission before running.
Next, install the Google Toolbar, which also blocks pop-ups. It works on Internet Explorer 5.5 and higher, so you might have to upgrade the browser. Also, run pop-up blockers designed to work inside Internet Explorer, such as StopZilla, 123Ghosts Popup Killer, Ad Killer, Ad Muncher and Anti Popup Pro .
3. Deter downloads.
Walk this line carefully: Don't let friends and family - especially the tech neophytes like your grandmother - download anything. Then download and install the Google Toolbar for them. Explain why it's different from the weather station and smiley faces for their e-mails.
People want to download "free" programs from the Web, but teach them the difference between a site they visit for utilities (such as PCWorld.com or Tucows.com ) vs. sites that appear in pop-up ads and spam.
Resolve not to get frustrated; accept that education will only work halfway. Spyware purveyors do a wonderful job convincing innocents to download spyware daily. Explain how what looks like a Google ad on the side of a browser page, or the link their good buddy sent them, is really a social engineering masterpiece of spyware diffusion. Sensitize your users to the most obvious danger signs, such as banner ads popping up offering a free spyware check (a cruel abuse of trust).
4. Teach back-up and restore basics.
Because many users won't heed your warnings, teach them how to recover from download disasters. People have too much on their computers today to resist back-up options. An external hard disk, tape system or CD writer full of back-up data can ease the sting of a spyware-ridden system and put things right with a restore to an earlier, spyware-free back-up point.
Teach users how to create restore points in XP and to set one before every download from a Web site that's not a brand-name portal. Disk space shouldn't be a problem on newer PCs, but even if they fill up their hard disks, eliminating some restore points is much easier than cleaning a spyware infection.
|GIANT MICROSOFT IMPROVMENT?|
Giant AntiSpyware wasn’t a big name until Microsoft purchased it. The Microsoft AntiSpyware Beta is essentially the Giant AntiSpyware utility. Will Microsoft give the final version away free? We don’t know. Will it roll the utility into a new security patch? It hasn’t said. Waiting for Microsoft to fix spyware, however, reminds us of “Waiting for Godot.”
5. Create a spyware removal CD.
Remember your Boy Scout days and be prepared for the next call for help. Make your own spyware tool kit by burning a half-dozen spyware utilities to CD. When you go to clean a spyware machine, finding and waiting for utilities to download wastes time that's better spent with your own family. CD-ROM disks are inexpensive, so make extra copies and give them to your users. On mine, I have three free utilities, with three trial versions of commercial utilities. The programs range from 2M to 10M bytes, so you'll have plenty of room on a standard CD.
6. Run at least two spyware cleaners.
You know from experience that no spyware cleaner even comes close to wiping every piece of malicious code. All utilities have blind spots that spyware programmers exploit. Every vendor says its product catches everything, but whenever I clean a hundred threats with one utility, a second always finds another dozen or so.
Every spyware cleaner checks the Registry, but because spyware follows Microsoft rules for Registry entries, nothing can clean it completely. Just when you think you have spyware beaten, the Task Manager process list will start to grow as spyware hiding in the Registry revive, especially after a reboot.
Run several utilities, run them regularly, vary them and make sure they're all up to date. Paid cleaners provide more constant signature file updates, but even freeware adds new capabilities regularly. Run, update, run, update, repeat. I clean a system, reboot into Safe Mode and clean it with a second tool, then reboot again.
7. Close desktop communication holes.
Every spyware upload means more future problems as spyware updates itself and adds new "features." Blocking the outgoing messages improves your users' quality of life.
Some, but not all, resident anti-spyware utilities block spyware uploads. Commercial products are a bit better. But installing a personal firewall also will block uploads. ZoneAlarm and Sygate Personal Firewall are both excellent.
Nearly all name-brand routers sold today also include firewall protections. Look for products that do stateful packet inspection of incoming and outgoing packets. A combination of personal firewall and router controls isn't overkill, especially for users who can't resist the lure of spyware-laden sites.
8. Deal with DRM.
One reason spyware will be around for the next several years is that companies are increasing their use of digital rights management (DRM) on entertainment files and software authorization license files that let certain applications execute. The holes we leave open for these apps will be exploited by spyware for years. Tracking cookies, such as frequent buyer perks for online stores, make Web sites easier to use. The trouble is, they look just like spyware, making it hard to kill the bad files without killing the good files, too.
The same is true for emerging entertainment player applications. The music files you download today and try to write to an MP3 player tomorrow will need to verify you have the right to play the files on that mobile device. Your new spyware protection software might block the DRM query to the authorization database. Isn't one definition of spyware an app that sends system information to a third party without permission? That definition applies to business application license files and DRM application licenses alike, at least on an application-interface level.
One answer is to avoid DRM applications such as music players, especially those from Microsoft. If you prefer your music, get a resident commercial spyware utility that updates its spyware database regularly because it will coordinate protection with the music services.
9. Leverage AOL membership.
Spyware protection from AOL, free for download for AOL members, is another useful addition from AOL as it continues to regain relevance. I found scanning speed to be slower than many other spyware cleaners, but the program found seven additional spyware instances after CounterSpy and SpyBot were through.
AOL offers some valuable protections for families, such as parental controls, but its browser is based on Internet Explorer and therefore suspect. At least AOL helps its members with toll-free tech support for times you're unavailable.
10. Recommend a Macintosh or Linux system.
Spyware attacks Microsoft operating systems primarily, entering through Internet Explorer holes and hiding inside Windows weak points. Some spyware, especially malicious cookies, functions within any browser, but that's a tiny fraction of the spyware universe.
|NO SPYWARE JUSTICE|
While the CAN SPAM Act has started making some headway, spyware is another story. The Securely Protect Yourself Against Cyber Trespass Act, or SPY ACT, introduced by Rep. Mary Bono (R-Calif.) in 2004, passed the House by a resounding 399-1 vote margin, but died in the Senate.What happened?Against SPY ACT: the Business Software Alliance
Software company lawyers realized how close the definition of DRM is to the terms of the SPY ACT, and fought the bill. Without the ability to communicate details of a user's system and usage of system software to the vendor, licenses and rights management applications won't work. When user's rights of privacy on their computer have collided with corporate lawyers the last few years, the users have lost every time.
Microsoft applications such as Internet Explorer, Word, Outlook and Media Player execute applications automatically when downloaded, allowing spyware easy access. Linux and Mac operating systems don't allow this automatic execution, making them more spyware resistant. Worse, Windows lets any user (or spyware) load dynamic link libraries into the kernel, while administrator privileges for Linux are required for that level of system access.
Is the hassle of changing a friend's operating system or entire computer worth avoiding the hassle of spyware? Not to most people, but Apple and Linux will welcome you if spyware becomes too painful.
Because you're carrying a CD full of anti-spyware utilities already, throw in a CD of the Knoppix bootable Linux OS. Use it to verify badly infected systems still function booting and examining the system, and let your family and friends see how Windows-like modern Linux has become.
Learn more about this topicMicrosoft releases anti-spyware, promises more tools
IDG News Service, 01/06/05AOL upgrade packs security tools
IDG News Service, 11/18/04Debating what is spyware
Network World, 11/08/04On the lookout for spyware
Network World, 08/16/04