Defending yourself from Malware, Spyware, Adware, and other unwanted software

A Barlow Enterprises TecDoc.

Introduction

The Internet can be compared to the streets of a large city. There are shops, libraries, cafes, and other types of business. There are billboards, newspapers, and other sources of information. There are also people of every walk of life. The problem with this analogy is that, in a large city, there are police that will protect you from crime. On the Internet, there are no police, so you are responsible for making sure you aren't the victim of a crime.

Thankfully, technology hasn't advanced to the point that violent crimes are possible on the Internet, so we don't have to worry about physical attacks, but other types of crime and unscrupulous activity are so prevalent that if the Internet was a real city, many of us would never leave our homes. The problem is that many people don't realize these crimes are happening to them.

I'm referring to malicious software, or 'MalWare', as it is frequently called. This category of software contains adware, spyware, browser hijackers, trojan horses, and all sorts of other mean and nasty things. Studies indicate that some form of Malware is installed on one out of every three Internet connected machines. It has been my experience that this number is much higher in the small to medium sized business market and especially the residential market. In fact, my experiences show that that there is about a 90% chance a person's home machine is infected in some way, and often absolutely infested.

Contents

  1. Introduction
  2. Audience
  3. Definitions
  4. Firewall
  5. Antivirus
  6. Spyware Scanner
  7. Email client
  8. Startup Menu Monitor
  9. Active X
  10. Browsers

Audience

This document is intended as an introduction to what Malware is, how it gets on your machine, and what you can do to prevent it. I feel that many internet users are becoming more and more technical, so I'm not going to 'dumb-down' this article too much, but I am going to attempt to write it in a way that most people can understand.

Let me also state that I offer a variety of professional services as a business, so I will plug my services in this document. Nevertheless this information is intended to be accurate and not exagerated. I feel the proliferation of Malware on machines is panicked enough without my adding to the hysteria. If you feel your machine is infected and these details seem too complicated, I urge you to contact me. I offer complete, professional clean-up services at reasonable rates, and I do make house calls.

Definitions

Adware
Advertising delivery software which gets installed on a machine by various methods and which delivers advertisements via popup windows or other methods. Adware may come packaged with other software, browser toolbars, or installed by other means.
Spyware
Software that monitors browsing habits and reports back to a site. This software can monitor the sites you visit, software you run, passwords you enter, and steal sensitive information. It is usually installed by similar methods as Adware.
Browser Hijackers
A browser hijacker is a piece of software (usually an ActiveX component) that gets loaded as a tool for Internet Explorer. They can range from changing your home page and search page to forcing all searches to go to a specific site, popping up competing advertisements for web sites, or any number of other tricks.
Trojan Horse
Much like the giant wooden horse of Greek legend, a Trojan Horse is a destructive program disguised as a desirable piece of software. Trojans do not replicate.
Virus
A virus is a program that attaches itself to another piece of software. They are often destructive, and self-replicating.
Worm
A Worm is a type of virus that replicates itself through machine resources such as network shares or Email. Worms are the most prevalent types of virus on the Internet due to their ability to rapidly spread to other machines.

Firewall

In large buildings or apartments, an extra fire barrier (often in the form of a brick wall) is built to section off portions of the building. In the event of a fire, the firewall helps prevent (or slows) the flames from spreading to other secions of the building.

With computers, a firewall is used to separate sections of a network to prevent certain types of resources from being abused. The nice thing about firewalls is that they are stupid (and I mean that in the nicest possible way). A firewall intentionally does not understand certain requests, and what it doesn't understand, it simply discards. So, in the case of a virus that attempts to infect your machine, since the firewall doesn't understand the virus, is safely ignores it. Without the firewall intercepting the traffic, the virus would be speaking directly to your computer, which does understand the virus.

There are two types of firewalls available to you: hardware-based and software-based. Both have their advantages and disadvantages, but can thankfully be used together.

Antivirus

I'm not sure I need to explain much about antivirus products, except to say that having one on your machine is simply required. Updating it frequently is required. Maintaining the subscription service is required. If you are not doing these three things, you should go ahead and give me a call to come get rid of the viruses you already have on your machine.

I reccomend Norton Antivirus to my clients. If you don't have a router, Norton Internet Security is a better option. If you can't (or won't) afford the software, AVG offers a free scanner that is pretty reliable.

Spyware Scanner

Spyware is the newest scourge of the internet. It's a lot like viruses in many ways, but it's designed to force you to go to certain sites, use a certain search engine, or monitor your activity. It is actually worse than viruses in a lot of ways (in my opinion) because it's often financially motivated and doen't just cause damage, but offers personal information back to the writer (or their agent).

There are a number of anti-spyware solutions on the 'net. One of the best is Microsoft's Antispyware, which is free. Microsoft bought (award-winning) Giant Antispyware and is privately branding it. Other good products are Ad-Aware and Spybot Seach and Destroy which will work with operating systems earlier than Windows 2000.

Email client

If you download your email to a client application such as Outlook or Outlook Express, turn off the preview pane as a first line of defense. Every graphic in a spammed message has the potential to verify your address. The messages you open should be worth opening, not previewed, Now configure your security settings that email should be inherantly untrusted, and that no script should ever be run on a message. In Outlook, this is configured under Tools | Security. Your mail should be read under the 'Restricted Sites' security zone.

Startup Menu Monitor

Microsoft's Antispyware has a startup monitor built in, but if you deside not to use it, Mike Lin has an excellent monitor for free. This small program will tell you when an application attempts to add itself to your startup menu, and will give you the option to allow it or not.

Active X

ActiveX (formerly OLE) is Microsoft's proprietary and ridiculously insecure method of interacting with your operating system. It does have valid uses on your local machine, but it has very little business being on the web. It's a rare case that it's used for good purposes. You can elect to turn it off, but I suggest at least making it prompt you prior to running. Some sites use it to add content.

Browsers