- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
Network World - Sometimes the truth hurts, but here it is anyway: You will struggle with spyware at work, home, and on family and friends' computers for the next several years. Spam will be choked down to a manageable stream this year, but spyware will fill the gap, costing you precious hours cleaning the infected (and re-infected) computers of your friends and family.
My home office lab is the spyware front line. I routinely download programs for testing, then run a combination of pop-up blockers, spam protectors, Registry rooters and cookie cleaners. I'll quarantine 635 Registry spyware droppings one day, delete 31 spyware cookies the next and start all over again the next week. I've tested dozens of new utilities and dutifully download the latest version of each.
Discuss and trade anti-spyware tips in our forum.
The bottom line is they're all good; they all help. But they're all incomplete. Running anti-spyware utilities is just part of the solution. There are a slew of other things you can do, and have your users do, to curb the problem. Follow our handy 10-step guide to get started.
1. Know thine enemy.
If you define spyware as any tiny cookie left behind by an innocent Web site, your frustration will never end. Scumware of all kinds will cause you grief, but the four major types are:
Spyware: an application surreptitiously gathering information about your computing habits that may send the data to some unknown site - aka "key loggers" or "keystroke capture parasites." (Not to be confused with "malware," which includes viruses, worms and Trojan horse programs.)
Adware: an application that pops up advertisement windows and banners randomly or based on current browser content - aka "pop-ups."
Hijackers: applications that change your browser home page, default search engine and even redirect you from sites you try to reach - aka "jackers" or "switchers."
Cookies: small files that track data such as Web site preferences and passwords for repeat visits. Spyware gathers and spreads this information without user knowledge - aka "tracking cookies."
Adware is the most annoying, but hijackers and spyware do the most damage. Scumware purveyors claim we all "agree" to their garbage, but of course we don't. Yet, a lot of this stuff is harmless; teach your friends to tolerate a few cookies and save the 911 calls for aggressive pop-ups, browser home page redirects and suddenly sluggish systems.
|SPYWARE HIT LIST|
Utilities from trusted, name-brand portals are worth trying, if you’re careful and back up before trying something new. These “usual suspects” appear in many downloadable sites. Try the freeware first and then commercial products in order of price, like this:
2. Get off Internet Explorer
We can't charge Microsoft with a crime for creating spyware. But the design of Windows, and particularly Internet Explorer, certainly makes it an accessory. Encourage friends and family to switch to alternatives Firefox or Opera, which both block pop-ups by default. Firefox is free and available here; Opera costs a few dollars.
Need proof Internet Explorer is the problem? On my primary test PC running Windows XP Home, I use Internet Explorer and Outlook Express. There were 739 spyware threats found. On my personal PC, running Firefox and Mozilla's Thunderbird e-mail application, there were 11 spyware instances. Each of those 11 was an Internet Explorer exploit or cookie that snuck in the few times I had to use Internet Explorer for certain Web sites.
But Microsoft is now making noise about anti-spyware tools (see "Giant Microsoft improvement?" next page), and XP Service Pack 2 has reduced the ability for most spyware to cripple a system completely.
Unfortunately, some sites demand Internet Explorer, and users who are heavily intertwined with Microsoft's Outlook e-mail client must use it. But there are ways to slow spyware using Internet Explorer. First, disable Microsoft ActiveX support. In Internet Explorer, click on Tools > Internet Options > Security > Custom Level, then click the check boxes that force ActiveX controls to ask permission before running.
Next, install the Google Toolbar, which also blocks pop-ups. It works on Internet Explorer 5.5 and higher, so you might have to upgrade the browser. Also, run pop-up blockers designed to work inside Internet Explorer, such as StopZilla, 123Ghosts Popup Killer, Ad Killer, Ad Muncher and Anti Popup Pro .
3. Deter downloads.
Walk this line carefully: Don't let friends and family - especially the tech neophytes like your grandmother - download anything. Then download and install the Google Toolbar for them. Explain why it's different from the weather station and smiley faces for their e-mails.
People want to download "free" programs from the Web, but teach them the difference between a site they visit for utilities (such as PCWorld.com or Tucows.com ) vs. sites that appear in pop-up ads and spam.
Resolve not to get frustrated; accept that education will only work halfway. Spyware purveyors do a wonderful job convincing innocents to download spyware daily. Explain how what looks like a Google ad on the side of a browser page, or the link their good buddy sent them, is really a social engineering masterpiece of spyware diffusion. Sensitize your users to the most obvious danger signs, such as banner ads popping up offering a free spyware check (a cruel abuse of trust).
4. Teach back-up and restore basics.
Because many users won't heed your warnings, teach them how to recover from download disasters. People have too much on their computers today to resist back-up options. An external hard disk, tape system or CD writer full of back-up data can ease the sting of a spyware-ridden system and put things right with a restore to an earlier, spyware-free back-up point.
Teach users how to create restore points in XP and to set one before every download from a Web site that's not a brand-name portal. Disk space shouldn't be a problem on newer PCs, but even if they fill up their hard disks, eliminating some restore points is much easier than cleaning a spyware infection.
|GIANT MICROSOFT IMPROVMENT?|
Giant AntiSpyware wasn’t a big name until Microsoft purchased it. The Microsoft AntiSpyware Beta is essentially the Giant AntiSpyware utility. Will Microsoft give the final version away free? We don’t know. Will it roll the utility into a new security patch? It hasn’t said. Waiting for Microsoft to fix spyware, however, reminds us of “Waiting for Godot.”
5. Create a spyware removal CD.
Remember your Boy Scout days and be prepared for the next call for help. Make your own spyware tool kit by burning a half-dozen spyware utilities to CD. When you go to clean a spyware machine, finding and waiting for utilities to download wastes time that's better spent with your own family. CD-ROM disks are inexpensive, so make extra copies and give them to your users. On mine, I have three free utilities, with three trial versions of commercial utilities. The programs range from 2M to 10M bytes, so you'll have plenty of room on a standard CD.